The role of Information Security Engineer will help ensure products as well as internally developed applications remain secure and compliant with all relevant regulatory standards. This role will also be responsible for staying abreast of and communicating information security best practices to all areas of the company, being a consulting resource on all major changes to code or infrastructure, and developing and/or implementing software to ensure compliance with defined information security policies.
This role requires a strong technical understanding of information security best practices, Salesforce platform, AWS platform and Kubernetes orchestrated containerized ecosystem. Additionally, this role requires a high level of understanding of web application vulnerabilities, their remediation strategies, and the ability to perform both manual and automated audits of web applications. The Information Security Engineer must also have the ability to effectively communicate security issues or concerns to a wide variety of roles both internal and external.
- Test new and existing products for security vulnerabilities and work with Software Development teams to drive their remediation.
- Work with the DevOps and Software Development teams to implement tooling and automation in our software development processes.
- Support security incident response and risk management activities.
- Design and develop custom software and infrastructure as needed to maintain and improve the security and compliance of products and infrastructure.
- Develop and provide information security training to new hires across departments and secure coding best practices information security training for engineers.
- Provide support for all internal departments on all information security related issues and questions.
- Support efforts to implement and comply with legal requirements and compliance frameworks such as: SOC 2, FedRAMP, CCPA, and GDPR.
- BS in Computer Science, related technical fields, or equivalent practical experience.
- Strong knowledge of security best practices for cloud hosted SaaS applications.
- Strong Knowledge of Kubernetes security concerns and best practices.
- Experience with penetration testing tools.
- Ability to understand and solve complex problems.
- Strong interpersonal, presentation, written and verbal communication skills, including the ability to adapt your message to the context of technical and non-technical audiences.
- Strong project management skills and attention to detail.
- Ability to self-start and execute high level goals with little management oversight.
A Human Approach to Staffing
Our Company is committed to the principles of equal employment. We are committed to complying with all federal, state, and local laws providing equal employment opportunities, and all other employment laws and regulations. It is our intent to maintain a work environment which is free of harassment, discrimination, or retaliation because of sex, gender, race, religion, color, national origin, physical or mental disability, genetic information, marital status, age, sexual orientation, gender identity, military service, veteran status, or any other status protected by federal, state, or local laws. The Company is dedicated to the fulfillment of this policy in regard to all aspects of employment, including but not limited to recruiting, hiring, placement, transfer, training, promotion, rates of pay, and other compensation, termination, and all other terms, conditions, and privileges of employment.