Senior Engineer, Information Security

About The Position

Requirements

• At least 5 years of experience in the Information Security field
• 2+ years of experience leading Information Security incident investigation and response
• 3+ years of experience with security preventative and detective controls such as endpoint protection, firewall policies, vulnerability management, SIEM, Microsoft Defender suite
• Excellent collaboration, interpersonal, communication and facilitation skills with ability to present and influence audiences of varying skill levels
• Experience in Security and regulatory compliance standards and frameworks such as: HIPAA, NIST CSF, ISO27001, and GDPR
• Experience with controls configuration within common cloud environments (Azure, AWS)
• Experience with scripting and automation tools knowledge: Azure Sentinel and KQL, PowerShell, Python, Terraform, Ansible or related
• Experience with application containerization and orchestration: Docker and Kubernetes or related
• Experience with source code management (Git, GitHub, GitLab) and CI/CD (GitLab CI, Jenkins, Drone, Azure DevOps)
• Experience with Microsoft Windows (server/desktop) and Linux (CentOS/Ubuntu/RedHat)
• Experience with identity and access management industry standard methodologies and related solutions (i.e., Active Directory, Azure AD, LDAP, SSO, MFA and related technologies)
• Experience with networking protocol and tools, which may include TCP/IP, DNS, DHCP, SSL/TLS, VPN, VLAN, SSH, BGP, OSPF
• Experience with server virtualization technologies: VMware, Hyper-V, Nutanix, KVM or other
• Strong understanding of authentication and authorization technologies and protocols including SAML, OAuth, Kerberos
• B.S. in Engineering, Math, Computer Science, or related field or equivalent working experience
• Must be able to legally work in the country where this position is located without visa sponsorship.

Nice To Haves

• High performance compute cloud architecture experience a plus

Responsibilities

• Participate in the Information Security design process focusing on technical controls, including:
• In partnership with technology delivery teams, further refine, prototype, and continuously improve technical security controls as implemented across our technology environment
• Partner engagement to account for key business objectives and user personas
• Risk management and tracking through the implementation and operation of the design outputs
• Further refine, prototype, and test the design and continuous improvement of the Information Security portfolio including technology, services, and processes to achieve our core risk management objectives
• Perform Information Security incident investigation and response
• Communicate our design philosophies, reference architectures, and use cases to ensure our technology partners and service providers have the knowledge they need to innovate and operate technical solutions safely
• Partner with IT teams during solution design and operation to develop implementation steps for security configuration

Benefits

• comprehensive medical, dental, and vision coverage with no premiums
• generous paid time off
• paid family leave
• foundation-paid retirement contribution
• regional holidays
• opportunities to engage in several employee communities