IT Security Engineer III

About The Position

Requirements

• 6 - 8 years as a Security Engineer, DevOps, or IT security professional
• In-depth knowledge of common compliance frameworks e.g. SOC, SOX, PCI, and ISO standards
• Experience using at least one high-level programming/scripting language
• Ability to lead cross-functional initiatives and communicate proposals and ideas to stakeholders concisely
• Experience balancing commercial objectives with security and compliance obligations
• Advanced understanding of network and application fundamentals and best practices e.g. HTTP/S, DNS, VPN, Load Balancing, SAML, OAuth, and other modern protocols
• Experience with cloud environments AWS, GCP, or Azure
• Experience with cloud environments (preferably AWS / Azure)
• Strong sense of ownership, urgency, and drive
• Experience with zero-trust security concepts
• Experience securing multi-tenant enterprise SaaS products
• Experience with hardening tools and frameworks such as CIS benchmarks, NIST

Nice To Haves

• 5 - 7 years experience working within an IT team in a hyper-growth environment or startup, experience in B2B SaaS is strongly preferred
• Experience supporting onsite and remote workforce
• Experience with deployment of DLP and/or SASE solution(s)
• Experience administering a policy-based Enterprise Web Browser
• Experience or participation in automation initiatives of employee onboarding and off boarding process a plus
• Experience with iPaaS/orchestration platforms, especially Workato
• Bachelor’s degree in the field of Information Technology, Computer Science, and/or relevant industry certification a plus

Responsibilities

• Work in partnership with other FloQast IT teams to design, implement, and maintain corporate IT security systems, ensuring compliance
• Lead third-party vendor and contractor security reviews
• Audit and harden 3rd party SaaS systems for security best practices, leading remediation efforts
• Ensuring security configurations across our corporate environment are documented and maintained
• Regularly triage security events and ensure ongoing health of our Managed Detection & Response (MDR) partner
• Own the analysis and documentation of security events & incidents, including investigating & escalating issues and participating in security event escalations
• Maintaining existing compliance attestations and participating in risk assessment exercises
• Lead vulnerability management efforts, ensuring issues are triaged, prioritized, and remediated according to defined SLA’s
• Maintain and secure internal corporate endpoints (macOS and Windows)
• Administer endpoint management platform for enterprise-wide monitoring and dash boarding
• Participate in Agile scrum ceremonies for project and initiative tracking
• Lead security awareness and training programs
• Stay abreast of new and emerging security technologies and paradigms

Benefits

• Medical
• Dental
• Vision
• Family Forming benefits
• Life & Disability Insurance
• Unlimited Vacation