Who You Are:
You are an intelligent, curious, and exceptionally skilled technologist with a passion for all things tech. Because of your desire to learn new things, you've developed a broad set of skills across a variety of technology disciplines including Linux, Windows, Networking, Application Development, DevOps, and of course, Information Security. You possess a senior-level understanding of Information Security principles and practices as well as an understanding of the challenges impacting the protection of data across an e-commerce enterprise. You're good at finding potential weaknesses and developing and implementing creative solutions to eliminate those weaknesses. Because of your exceptional communication and collaboration skills, you're often the go-to person for both your peers and business partners when they need help or consulting on an initiative.
- Provide security guidance and support for a global e-commerce company with resources in public and private cloud infrastructures.
- Develop secure deployment patterns for systems and services.
- Automate routine tasks and develop tooling to monitor and enforce security requirements.
- Work with application development, product and legal teams to assess the security posture of new applications and services. Document identified risks.
- Conduct vulnerability and penetration tests and perform security reviews for applications and services. Summarize findings and recommendations in written form.
- Conduct forensic, fraud and other technical investigations.
- Build, deploy and support custom and third-party security solutions and services.
- Develop, implement and maintain company-wide information security policies and standards.
- Analyze, assess and respond to security incidents including participation in on-call rotation.
- Develop documentation for security-related processes and procedures.
- S. or M.S. Computer Science or equivalent work experience.
- 5+ years of overall IT experience with 2+ years focused on information security.
- Skilled with Linux, Windows, Network, and Cloud architecture and security practices.
- Solid understanding of cloud security principles and best practices. AWS experience a big plus.
- Strong automation/programming skills (Python, Perl, PHP, PowerShell, etc.).
- Familiar with payment card industry (PCI) standards, EU data privacy directive, GDPR, and other information security-related legal and regulatory frameworks.
- Knowledgeable of network attack methods and understanding of network/service discovery tactics, system auditing, and malware.
- In-depth, hands-on experience with monitoring, detecting, and reporting security weaknesses and enforcing information security and policies in an e-Commerce environment.
- Skilled with log and event management solutions such as Splunk.
- Strong communication skills.