About the role
This lead technical resource will drive the consistent improvement of the information security strategy, technology and standards for our Mortech brand. Your contributions will ensure our security program meets requirements of financial institutions we partner with.
This position gives you the opportunity to
- Implement security best practices and tools
- Secure a AWS microservice production environment
- Protect business and customer data
- Master the 5 Service Organization Controls Trust Principals
- Key member of operations team providing site availability and stability
- Increase operational agility and security
- Access to career growth and new competencies
About the team
The Cloud Operations team is chartered to ensure production systems are available, stable and secured. You will own the security aspect of the Cloud Operations team. We assist the business with meeting regulatory and customer requirements to remain a trusted partner.
Who you are
- Your background is technical, your passion is security
- Your proving ground was a publicly traded company who answers to GLBA, SOX, SOC2, PCI and you find it oddly therapeutic.
- Experience working in a software development or DevOps capacity within enterprise AWS cloud environments
- Experience working in a DevSecOps Capacity automating and performing vulnerability assessments, threat remediation, tool development, policy governance and deployment, etc.
- Professional certifications such as CompTIA Network+, Security+, CISSP, CISM or GIAC is required
- In-depth understanding of security related technologies related to AWS, encryption, key management, DNS, IAM, IDS/IPS
- Experience with Security Information and Event Management (SIEM) tools; Splunk, Kibana
- Experience working in a security operations team performing incident handling
- Experience with vulnerability management platforms
- Thorough understanding of the latest security principles, techniques, and protocols
- Strong leadership and communication skills.
- Industry publications or teaching experiencepreferred.
- Interest and involvement in meetups and groups locally and nationally
- Must be highly motivated, self-starting and self-directed with the ability to multi-task, work independently and as a part of multiple teams
- Responsible for tasks that require immediate attention, such as alert handling and incident response and determine relevancy and urgency.
- Provides operational redundancy for system health and monitoring
- Coordinates and manages vulnerability scans and reviews vulnerability assessment reports
- Ensure monitoring of alerts and logs from enterprise security tools such as firewalls, IDS, Anti-virus, Data Loss Protection (DLP) and vulnerability scanners
- Recommends how to optimize security monitoring tools based on threat hunting discoveries.
- Lead security program for production systems and data from potential threats or compromise
- Proficiently conduct technical assessments and security requirement analysis of information systems
- Actively participates in leading, creating and implementing improvements in securitythreat monitoring, attack methods, incident response and policy improvement
- Provides support for all Mortech specific SOC Audit control activities including on site interviews and follow up requests for information, daily, weekly, monthly and quarterly reporting to Compliance.
- Provides support for all Mortech specific SOXinternal and external Audit control activities including collaboration with onsite interviews and follow up requests for information from Zillow Group, Inc. as well as external Third-Party Auditors.
- Owns management of penetration tests on production systems to validate resiliency and identify areas of weakness to fix. Manages and reports all remediation.
- Demonstrates technical understanding of emerging technologies and their implementation within the Mortech Production environments
- This role requires some off hours response to alerts and incidents