Information Security Engineer

Datto   •  

Rochester, NY

Not Specified years

Posted 288 days ago

This job is no longer available.

Datto protects business data and provides secure connectivity for tens of thousands of the world’s fastest growing companies. Datto’s Total Data Protection solutions deliver uninterrupted access to business data on site, in transit and in the cloud. Thousands of IT service providers globally rely on Datto’s combination of pioneering technology and dedicated services to ensure businesses are always on, no matter what. Datto is headquartered in Norwalk, Connecticut and has offices in Monroe, Rochester, Boston, Portland, Toronto, London, Singapore, Sydney, Frankfurt, and Amsterdam.

As a member of the CISOs staff you will go out into the organization identify opportunities for security improvement and facilitate change. You will be responsible for overseeing efforts that drive the enhancement of organizational and engineering security controls and processes. You will assure the achievement of important outcomes through these efforts. You may conduct risk assessments, manage social engineering exercises, facilitate security training of employees, analyze results of vulnerability assessments, manage remediation activities, implement process and control improvements, define specifications and requirements to close visibility gaps with new controls and processes, field internal and external security questions and escalations or participate in the response of security incidents, amongst other assigned tasks. 

Primary Responsibilities:

  • Independently lead information security program enhancement projects of varying size, scope and technical complexity
  • Act as a subject matter expert to other teams and assist as necessary on the design, implementation, deployment and maintenance of security controls and processes
  • Work with other teams to identify, resolve, and mitigate vulnerabilities and risks
  • Generally, works to solve security challenges at scale while balancing usability, stability, scalability and performance
  • Participate in the implementation of the information security framework to support the achievement of program and compliance objectives
  • Provide responses to external vendor security due diligence questionnaires (DDQs) and internal and external auditors regarding information security topics
  • Facilitate vendor risk management and due diligence exercises on behalf of Datto
  • Stay up-to-date with news and trends in information security including new vulnerabilities, methodologies, and products
  • Performs other relevant duties as assigned


  • Bachelordegree in Computer Science, Engineering or equivalent IT work experience
  • Experience designing, implementing and managing security controls and processes
  • Experience implementing controls in alignment with the NIST Cyber Security Framework
  • Experience with open source technologies and environments
  • Experience analyzing securityevents and responding to security incidents
  • Experience with tools such as Nessus, OSSEC, WAF, IPS/IDS, firewalls and SIEMs
  • Foundational understanding of Linux operating systems and networking is required
  • Basic understanding of, or ability to quickly learn, one or more common compliance regulations or standards (e.g. SOC2, PCI, HIPAA, GDPR, etc.)