Infrastructure Security Engineer

This job is for an Infrastructure Security Engineer at Ivalua, a leading provider of cloud-based procurement solutions. The role involves working with InfoSec, IT, and R&D teams to keep the company's SaaS service secure from a variety of threats. The Infrastructure Security Engineer will engineer, implement, review, and monitor technical security controls to protect and enhance the security of the server infrastructure, networks, and applications. The role also includes collaborating with other teams to manage, monitor, track, and remediate security incidents and provide a thorough post-event analysis. The ideal candidate should have experience in infrastructure and network security engineering/architecture, protocols, and tools, as well as experience with security compliance and certification programs.

• Identify and recommend technical security measures to address the security threats and lead the security projects related to the infrastructure security (such as the review of encryption systems and key management, hardening of servers, hardening of Active Directory etc.)
• Review/Develop security design and architecture of Cloud Infrastructure and Applications, and implement, administer and troubleshoot endpoint, server, network and cloud security technologies like, Firewall/VPN, IPS/IDS, Zero Trust, Email Security, SIEM, MDM, DLP, DDoS, NAC, CASB etc.
• Define/Update and lead the vulnerability management program including performing infrastructure vulnerability scanning, internal and third-party penetration testing, and reviewing and validating any reported security vulnerabilities
• Collaborate with the SOC team to improve our security investigation as well as threat intelligence processes and capabilities
• Collaborate with IT operations, engineering and development teams to manage, monitor, track and remediate security incidents and provide a thorough post-event analysis
• Support technical security controls related to compliance initiatives such as FedRAMP, PCI, NIST, SANS CIS 20 and other commercial compliance efforts as necessary
• Assist customer and prospect facing teams with technical security questions related to the Ivalua hosting infrastructure and platform security
• Act as the SME on infrastructure security, expand and develop sharing of technical knowledge and collaborate with multiple internal teams to review and improve the technical architecture and efficiency of IT and security operational processes.

• 4+ years of experience on infrastructure and network security engineering/architecture, protocols and tools
• 3+ years hands-on experience in deploying security technologies like DLP, Database Activity Monitoring, MDM, NAC, IDS/IPS, CASB etc.
• 3+ years of experience in assessing Infrastructure and Web Application vulnerabilities
• Experience with scripting (such as Python, PowerShell etc.)
• Knowledge of Active Directory (key concepts, main attacks, hardening etc.)
• Knowledge of Cryptography concepts, encryption algorithms, protocols, keys and certificates management
• Proficiency across Windows and Linux Operating Systems and MS SQL Database
• Proficiency with cloud technology and deployments: Microsoft Azure (required), Amazon Web Services and Google Cloud (good to have)
• Experience with security aspects of operating SaaS environments
• Experience with security incident response and investigation
• Ability to show initiative to drive progress and improvement
• Ability to foster collaborative, open and working relationships with technology and other stakeholders
• Experience with security compliance & certification programs such as OWASP, NIST, FedRAMP, PCI, SANS CIS 20
• An Information Security qualification or evidence of starting to work towards e.g CISSP, OSCP, Azure GPEN or similar certification
• Ability to handle multiple tasks, prioritize and meet deadlines
• Prior experience in financial services, government or any other highly regulated sector is a plus
• Excellent writing and communication skills
• Excellent English and French
• Committed, involved, autonomous, analytical and commercially aware personality.