Information Security Engineer

As a Staff Information Security Engineer at Client, you will be joining a diverse team of mixed background technologists. Your mandate as Staff Information Security Engineer is to provide secure and stable platform solutions that empower our organization to create the highest quality services for our customers. On a day to day basis, you'll assist with triaging information security alerts, events, and investigations for potential security incidents by performing detailed analysis activities. You will take corrective actions if necessary and escalate as appropriate. Where necessary, you will provide technical insight into the development and support of all security operational processes, procedures and tools used for ensuring the integrity of Client's security program. You will lead and participate in periodic access reviews, vulnerability assessments, Secure-SDLC, 3rd party engagements for security assessment, Security Steering Committee, PenTests, and routine external audit activities. You will be operating with a high level of autonomy, engaging with stakeholders, clients, and vendors at all levels across the organization and external, contributing to the continuous improvement of Client's cyber security posture - as a result you must be a self starter and be able to manage the initiatives independently. Specifically, this role requires an advanced level of knowledge around secure cloud architecture design and compliance enforcement. You will be leading the security initiatives for all of Client's systems across all domains. This role also requires strong communication skills, and a proactive mindset, such that the needs of the organization as a whole are met. Occasionally, there will be a need to provide security operations support outside business hours

Qualifications

● Bachelor's degree in computer science, systems analysis or a related study, or equivalent experience.

● CISSP (certified with Endorsement phase fully completed).

● 5+ years of demonstrable experience spanning at least four different CISSP domains.

● Experience working with Compliance programs like PCI-DSS or SOC2.

● Strong understanding of defense-in-depth strategies and implementation of technical controls across the entire organization, with ability to assess gaps and risks around computing systems and operations.

● Experience developing and adopting information security and governance standards, policies and procedures.

● Experience in conducting successful vulnerability assessments across various infrastructure tiers, including penetration testing, scanning and remediation activities.

● Experience in cloud native technologies, especially around Kubernetes, and cloud environments is a must. ● Strong understanding of networking concepts, protocols and architectures.

● Strong understanding of security concepts around PKI, TLS and encryption.

● Experience using network and security assessment tools – both at host and at network tier.

● Experience with IAM, SSO, RBAC, and other AuthN/AuthZ management technologies.

● Familiarity with CVE databases, vulnerability scoring systems (e.g., CVSS), and security industry standards such as ISO 27001 and NIST.

● Strong proficiency in Linux/Unix based operating systems, Python programming language and Shell scripting.

● Other industry standard certifications like CISA, CISM, CGRC and CRISC are a plus.

● Experience as a team lead is a plus