About the position
Aktana is seeking a Senior Security Engineer to join their security team. This role will involve using various tools and technologies to identify and protect IT assets, with a focus on security implementation and operations for application and cloud-based infrastructure. The Senior Security Engineer will collaborate with different teams to understand product and business needs, define and implement security measures, and ensure 24/7 protection against malicious activity. Key responsibilities include cloud security architecture review, vulnerability management, incident response, and evaluating and recommending new security technologies. The successful candidate will have a strong background in security engineering, application security, and knowledge of cloud-based environments and AWS systems.
Responsibilities
- Cloud Security Architecture review
- Analyze security issues related to web services and provide recommendations for mitigations
- Integrate new data sources to SIEM product (ELK), AlertLogic
- Manage AWS Cloud security including logging, IAM, Firewalls, VPN, etc
- Manage Application security program including vulnerability management, provide mitigations, validate proper resolution and help integrate in CI pipeline
- Code Review
- Collaborate with product teams to develop new features with an eye on security
- Assist in vulnerability analysis and incident response
- Coordinate and conduct periodic security reviews of critical workday infrastructure, services, and applications
- Focus on maturing Aktana’s security models, patterns and template
- Evaluate and recommend new security tooling and technologies
- Develop technologies for automated vulnerability detection
- Develop Information Security Plans and Policies
- Participate in security operations support
- Develop and interpret security policies and procedures
- Develop and deliver general security awareness training
- Develop role-based access for all of the employees and contractors
Requirements
- BS degree in Computer Science or related fields and/or equivalent work experience
- 7+ years of experience in Security engineering
- 5+ Application security experience
- Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based environments.
- Significant knowledge of AWS systems, including EC2, IAM, KMS, CloudWatch, CloudTrail, Config, Security Hub, Lambda, Terraform CLI, Security Groups, VPCs, WAF, Guard Duty, Inspector, Control Tower, etc.
- Experience with working on various cybersecurity and privacy frameworks, including NIST, SOC, ISO 27000, HITRUST, MITRE ATT&CK, etc.
- Experience with cloud-based security management/IDS/IPS/service management tools, such as JIRA, AlertLogic, PagerDuty, ELK, FIM, Accunetix, Qualys, etc.
- Professional experience in Information Security Analysis, extracting pertinent security data from SIEM solutions and AWS audit, logs, and reports
- Hands-on experience in documenting and implementing security controls, mitigations, and remediations.
- Knowledge of securing Windows and Linux
- Life-long learner - always looking to stay up to date with the latest attack vectors, vulnerabilities, remediation, and protection paradigms, etc.
- Self-motivated, proactive, driven individual
Benefits
- Professional experience in Information Security Analysis
- Hands-on experience in documenting and implementing security controls, mitigations, and remediations
- Knowledge of securing Windows and Linux
- Familiarity with ELK, Datadog, Splunk is a plus
- Experience working closely with Security Compliance to uphold security guidelines and control
- Experience in Threat modeling
- Experience in performing security vulnerability assessments
- Programming or scripting experience with a popular modern language utilized by above tools (Java, Python, Ruby, etc.)
- One or more recognized security and cloud-specific certifications (CCSP, SSCP, CISSP, CEH)
- Commitment to help fill in the gaps through training, mentoring, and working on great projects in small and large teams
- Global company with diverse customers and employees
- Equal employment opportunities irrespective of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status
- Values hard work, transparency, and collaboration
- Culture of feedback and helping each other and customers make better decisions
- Opportunity to make patients' lives better through technology
- Background investigations and/or reference checks conducted on all new hires