When you join Accurate Background, you’re an integral part of making every hire the start of a success story. Your contributions will help us fulfill our mission of advancing the background screening experience through visibility and insights, empowering our clients to make smarter, unbiased decisions.
The Senior Security Engineer will have a passion for managing corporate security for both on-prem and cloud along with a desire to relentlessly champion best practices. This role is responsible for performing all functions required to support day-to-day data security operations, supporting, and maintaining a broad suite of information security infrastructure, accountable for security and networking infrastructure component availability and integrity, monitoring compliance with IT security policy, and coordinating investigation and reporting of security incidents. Participate in the planning, design, installation, and maintenance of security systems in support of security policies. Work with Information Technology staff and business units to assess risk and address security issues.
- At least five (5) years of information security operations, information security architecture and security policy management and experience with:
- Lead role for security compliance efforts and company audits (e.g., ISO, PCIDSS, SSAE-18).
- Experience with cloud deployments (AWS, and general IaaS, SaaS, PaaS deployments) with a focus on security
- Product release vulnerability and gap assessments per product release to support the company SDLC practices in addition to company security policies.
- Corporate wide vulnerability and gap assessments in order to create appropriate recommendations which result and ensure adequate levels of service and security.
- Implementing, configuring and administering SIEM products to ensure proper visibility into the environment and compliance requirements.
- Responsible for incident response escalation and process management.
- Developing and delivering information security training materials and performing annual security awareness including software development specific security trainings.
- Evaluate and recommend new and emerging security products and technologies by identifying and coordinating implementation of other security program elements such as patch policy, disaster recovery, fraud prevention and security incident response.
- Strong understanding of web-based applications and ability to troubleshoot load balanced, multi-tier application and container environment.
- Knowledgeable in Powershell, Python or other scripting languages for system automation.
- Contribute to evolving Accurate’s security strategy
- Requires Bachelor's degree, Master’s degree preferred
- 5-7 years of technical hands-on experience developing security controls in AWS
- Experience with security products and technologies around visibility, SIEM, incident response and threat intelligence
- Proficient knowledge of network security and cloud infrastructure concepts and threat models
- Functional knowledge of at least one scripting language such as Python
- Knowledge of Terraform
- Experience in defining Information Security strategy and integrating security technologies into corporate frameworks.
- Hands-on experience with firewalls, IPS/IDS, web filtering, anti-malware and web application firewall (perimeter and web application).
- Experience and knowledge of TCP/OSI Model/IP protocols, network/packet analysis and intrusion detection/prevention.
- Knowledge of Data Loss Prevention (DLP) solutions.
- Knowledge in Security Scanning and Vulnerability Management Tools (Tenable.io preferred)
- Knowledge of endpoint security and compliance solutions.
- Security Certification preferred (e.g. Security +, CISSP, CISM, CISA, SANS, and etc.)
- Knowledge of security standards and best practice such as ISO 27001, PCI-DSS, and NIST
- Knowledge of user authentication and access controls.
- Must have strong communication skills, both written and verbal
- Ability to work in an extremely fast-paced environment with high expectations
- Strong customer service, leadership, organizational, communication and interface skills
- Knowledge of system and application development process SDLC - security requirements
- Experience supporting cloud security implementation
- Able to identify process improvement opportunities, separate key issues, consider alternatives or multiple solutions, and effectively make recommendations.