Position Overview Statement
Works closely with Research and Development to ensure that products are secure and meet security standards.
Principal Duties and Responsibilities
- Support the System development lifecycles in execution of daily tasks including, but not limited to user/system security requirements analysis and testing;
- Participate in Cyber Risk Assessment related activities to include Risk Management Framework, Vulnerability Scanning, script/app development, and similar activities;
- Be responsible for identifying and assessing all threat vectors impacting our product;
- Engineer, implement, and monitor security measures for the protection of our products. The development and implementation of processes is also a central aspect of the role, as well as ensuring all compliance requirements are met;
- Manage communication between our company and our clients regarding cybersecurity.
Requirements
- Proven work experience as a system security engineer;
- Strong working knowledge of security fundamentals including authentication, authorization and applied cryptography;
- Thorough understanding of the latest security principles, techniques, and protocols;
- Familiarity with data privacy and sovereignty regulations;
- Experience with compliance & certification programs such as NIST, FedRAMP, PCI, and SOC;
- Experience using common penetration testing tools, BurpSuite, Metasploit, etc;
- Familiarity with secure development lifecycle practices and working with Engineering for the proactive integration of security into the development process;
- Advanced knowledge of security operations, including the ability to build tools that assist in the automation of security tasks;
- Understanding of threat landscape including code and OS vulnerabilities;
- Experience with Linux OS and Linux security assessment tools;
- Programming knowledge, ideally Python;
- Experience in building and maintaining security systems;
- Bug bounty program experience would be a nice-to-have;
- Detailed technical knowledge of database and operating system security;
- Experience with network security and networking technologies and network monitoring tools;
- Experience with network architecture, routing, network protocols and at least one area of strong technical experience in: network engineering, system administration, application development, or database administration;
- Experience managing multiple projects at a time and prioritize;
- Excellent presentation and communications skills combined with the ability to work in a team environment;
- Ability to write technical reports and communicate technical content to non-technical audiences.