Senior Information Security Engineer
This is a full-time position with the Compliance and Security Team, working to meet organizational objectives pertaining to information security. This position is responsible for day-to-day operation of information security management tools, responding to internal and customer incident reports, and assisting in the development and implementation of policies and procedures. This position requires the ability to work independently on multiple concurrent complex projects to deliver technical solutions and perform in depth technical investigations. Success in this position is largely dependent on the ability to maintain effective security controls and have a thorough understanding of the organization’s security posture.
Key responsibilities:
- Oversees the implementation of network and computer security and ensures compliance with corporate cybersecurity frameworks, compliance standards, and Higher Logic policies and procedures (i.e. ISO 27001:2013, SOC2)
- Works with security leadership to identify and implement software solutions that will enhance security posture in production, development, and corporate environments
- Develops tooling to automate and improve manual security processes
- Engineers technical solutions to problems pertaining to information security
- Administers and maintains the effectiveness of various information security tooling including Firewalls, Intrusion Detection Systems, Vulnerability Scanners, and Malware Scanners
- Consults on development and infrastructure projects to advocate for security best practices
- Participates in risk assessments and coordinates formulation and execution of remediation plans
- Investigates security breaches and provides a comprehensive report that can be used to disseminate information about the incident to both technical and non-technical employees as needed
- Provides support to incident response team and provides analyses of network traffic and data anomalies to determine the source of the incident and work to get the system back to an operational state
- Performs security assessments of applications and systems using penetration and vulnerability testing and prioritizes remediations of findings
- Monitors performance and health of cloud infrastructure to support security initiatives
- Provides tier two on call technical support
- Communicates status on all activities and initiatives as required
Knowledge, skills and experience requirements:
- Deep understanding of security solutions including Firewalls, WAF, IDS/IPS, IAM solutions, MDR, and defense in depth strategies
- Solid understanding of the OWASP Top 10 such as SQLi, XSS, CSRF, and business logic flaws across large code bases
- Understanding of AWS technologies including VPC, EC2, ECS, IAM, S3, and Guard Duty
- Knowledge of AWS Security Best Practices and implementation strategies
- Expertise in an programming and scripting languages such as C#, Ruby, Python, Bash, or PowerShell
- Azure AD and Microsoft O365 experience a plus
- Expertise in building SQL queries to make sense of large amounts of data
- Experienced with administering Windows Server, , Linux, and OpenStack technologies
- Knowledge of TCP/IP fundamentals, routing and security concepts
- Ability to excel in a dynamic environment with multiple priorities
- Excellent oral and written communication skills required
- Exemplary organizational skills a must
- Strategic skills to develop a long-term vision for Higher Logic's Security vision in conjunction with Information Security leadership
- Ability to appropriately balance security needs with business impact & benefit.
- Ability to team well with others to facilitate and enhance the understanding of compliance and security policies.
- Work independently with minimal oversight
Qualifications, certifications and education requirements:
Education:
- An advanced degree in security related discipline, or equivalent work experience.
Experience:
- Minimum 5-7 years of progressive experience in information security engineering
- Familiarity with one or more compliance frameworks (ISO 27001, SOC 2, FISMA)
- Understanding of regulatory and data privacy concerns domestically and globally. (e.g. CCPA, GDPR, PIPL)
Certification Requirements:
- One or more information security certifications (CISSP, CISM, GIAC GSEC, OSCP, CompTIA Security+, CCSP, AWS Certified Security – Specialty)