IT Security Engineer III

About The Position

Requirements

• 6 - 8 years as a Security Engineer, DevOps, or IT security professional
• Experience using at least one high-level programming language, preferably Python
• Ability to lead cross-functional initiatives and communicate proposals and ideas concisely
• Experience balancing commercial objectives with security and compliance obligations
• Advanced understanding of network and application fundamentals and best practices e.g. HTTP/S, DNS, VPN, Load Balancing, SAML, OAuth, and other modern protocols common to cloud computing and SaaS environments
• Experience with cloud environments AWS, GCP, or Azure
• Experience with cloud environments (preferably AWS / Azure)
• Strong sense of ownership, urgency, and drive
• Experience with zero-trust security concepts
• Experience securing multi-tenant enterprise SaaS products
• Experience with hardening tools and frameworks such as CIS benchmarks, NIST
• Knowledge of common compliance frameworks e.g. SOC, SOX, PCI, and ISO standards

Nice To Haves

• 3 - 5 years experience working within an IT team in a hyper-growth environment or startup environment, experience in B2B SaaS is strongly preferred
• Experience supporting onsite and remote workforce
• Experience or participation in automation initiatives of employee onboarding and off boarding process a plus
• Bachelor’s degree in the field of Information Technology, Computer Science, and/or relevant industry certification a plus

Responsibilities

• Lead third-party vendor and contractor security reviews
• Work in partnership with other FloQast IT Teams to design, instrument, and maintain corporate IT security systems in order to ensure systems meet compliance requirements
• Audit and harden 3rd party SaaS systems for security best practices and lead remediation efforts
• Ownership of the analysis of SIEM events, including investigating and escalating issues and participating in an on-call rotation for event escalations
• Ownership of the integration of SaaS systems into our SIEM using Python, as well as writing detection rules and incident response run books
• Maintaining existing compliance attestations and participate in risk assessment exercises
• Assist with vulnerability management efforts, ensuring issues are triaged, prioritized, and remediated according to defined SLAs
• Ownership of InfoSec awareness and training programs
• Stay abreast of new and emerging security technologies and paradigms
• Any other projects as assigned to help FloQast meet its goals

Benefits

• Medical
• Dental
• Vision
• Family Forming benefits
• Life & Disability Insurance
• Unlimited Vacation