Senior Security Engineer I
OppFi
·
Posted:
July 18, 2023
·
Remote
About the position
We are seeking a motivated and service-oriented Senior Security Engineer I with expertise in AWS, cloud architecture, and security best practices to join our Information Security team. In this role, you will collaborate with internal teams to ensure overall environment security, visibility, and compliance. You will assess existing technical capabilities, identify areas for improvement, and maintain standard operating procedures to meet operational requirements. Additionally, you will be responsible for conducting vulnerability assessments, responding to potential incidents, and staying up-to-date with the latest security threats and technologies. A Bachelor's Degree in a related field and industry certifications are required.
Responsibilities
- Balance the needs of delivering technical security assurance while still allowing development and operations teams to move quickly
- Conduct cloud and on-prem vulnerability assessments, analyzing vulnerabilities, determining severity, and recommending paths for eliminating or mitigating security gaps
- Triage, investigate and respond to potential incidents. Provide on-call support when needed.
- Work with Engineering and IT teams to ensure that programmatically-deployed infrastructure is built following OppFi’s security principles
- Ensure the proper security controls are deployed within our cloud environments to address confidentiality, integrity, and availability of these services
- Build automation for in-house network, service, and endpoint security testing
- Help with the identification and evaluation of security gaps, and translate them into functional specifications to implement
- Cybersecurity related duties as assigned/required to support specialized activities.
- Maintain a current understanding of the security threat landscape. Research and review new technologies and trends
- Bachelor’s Degree in Computer Science, Information Assurance, Cyber Security, or related field of study
- CISSP, Security+, or other Cybersecurity Industry recognized certification
- 7+ years of experience in security operations
- Strong attention to detail with an analytical mind and outstanding problem-solving skills
- Solid Understanding of Incident response process and procedures including in the cloud
- Experience using a vulnerability management tool (Qualys, Tenable, etc) to scan, manage and prioritize vulnerabilities
- Professional demeanor, good interpersonal skills, and ability to excel in a high-paced multi-tasked environment
- Knowledge of AWS, Azure, cloud infrastructure and IT infrastructures
- Able to automate/script daily tasks using Python, Bash or equivalent
- Some experience with security operations systems: MDM, DLP, Firewalls, CASB, Log collectors, SIEM/SOC, EDR, VPN
- Knowledge of security and risk management practices and security frameworks (FFIEC, NIST, ISO, CIS Benchmarks, SOC2)
- Experience with Terraform and CloudFormation is a huge plus
Requirements
- Bachelor's Degree in Computer Science, Information Assurance, Cyber Security, or related field of study
- CISSP, Security+, or other Cybersecurity Industry recognized certification
- 7+ years of experience in security operations
- Strong attention to detail with an analytical mind and outstanding problem-solving skills
- Solid Understanding of Incident response process and procedures including in the cloud
- Experience using a vulnerability management tool (Qualys, Tenable, etc) to scan, manage and prioritize vulnerabilities
- Professional demeanor, good interpersonal skills, and ability to excel in a high-paced multi-tasked environment
- Knowledge of AWS, Azure, cloud infrastructure and IT infrastructures
- Able to automate/script daily tasks using Python, Bash or equivalent
- Some experience with security operations systems: MDM, DLP, Firewalls, CASB, Log collectors, SIEM/SOC, EDR, VPN
- Knowledge of security and risk management practices and security frameworks (FFIEC, NIST, ISO, CIS Benchmarks, SOC2)
- Experience with Terraform and CloudFormation is a huge plus
Benefits
- Flexible remote environment
- 401(k) matching program
- Flexible paid vacation
- Medical benefits
- Dental and vision coverage
- Tuition reimbursement
- Monthly meditation and yoga classes
- Access to all LinkedIn Learning courses
- Fringe lifestyle benefits platform
- Casual dress code