Senior Security Engineer
About the Position:
As our Senior Security Engineer you will be front and center with solving our most complex security challenges. As a Software-as-a-Service platform, Everbridge utilizes a hybrid-cloud ecosystem to achieve worldwide scalability goals. We have data centers worldwide, and offices in 3 countries.
About the Team
As a member of the security engineering team, you will strive to take a pragmatic approach when proposing security solutions, implement security best practices, guide our architecture toward a security-first posture.
- Assess, design, implement, automate, and document security processes and solutions leveraging Amazon Web Service (AWS) and other third-party cloud solutions
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements
- Proactively stay current with developments in relevant technologies
- Create and share unique ways to solve challenges with others
- Deploy security solutions in cloud environments
- In-depth knowledge of VPCs, Security Groups, and ACLs
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity
- Must have experience extracting pertinent security data from SIEM solutions and AWS audit, logs, and reports
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures
- Develop procedures to automate security tasks during code builds and deployments
- Develop program quality metrics as both program performance indicators and enterprise risk indicators
- Respond to and, when appropriate, resolve or escalate security incidents
- Report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes.
- Assist and train team members in the use of cloud security tools and the resolution of security issues
- Develop and maintain documentation for security systems and procedures
- Collaborate with the Ops team to build infrastructure and servers on AWS
- Minimum 8 years of information security experience with 2 years Cloud Security focus
- Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, Config, CloudTrail, CloudFormation, Lambda, and others
- Knowledge of network based, system level, and application layer attacks and mitigation methods
- Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 27017, FedRAMP
- Experience in DevOps environments and maintaining security in CI/CD processes
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud based environment
- Experience with a broad range of security technologies including, SAST, DLP, IDS/IPS, IAM, Certificate Management, etc
- Experience working with container technologies
- Knowledge of AWS automation strategies and tools
- Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
- Ability to clearly and effectively communicate concerns, issues to other teams
- Experience in developing, documenting, and maintaining security procedures
- Proficient in AWS CLI, Bash, and Python
- Certified Information Systems Security Professional (CISSP) preferred
- Certified Information Systems Auditor (CISA), SANS GIAC, CompTIA Security+, CompTIA CASP, Certified Ethical Hacker (CEH), Certified Information Systems Auditor (CISA) certifications strongly desirable.
- Working knowledge of Nmap, Nessus, Kali Linux, Wireshark, Metasploit Framework, and other security related tools.
- Demonstrated experience in conducting security audits and assessments.
- Demonstrated experience in investigating security issues related to Internet, server, desktop, laptop, tablet and other mobile device security issues; OS patching, hardening and anti-virus.
- Understanding of data network configuration and infrastructure concepts, including TCP/IP, routers, internet/intranet/extranet, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes.
- The ability to communicate effectively, both verbally and in writing, with individuals and groups.
- Experience in full project life cycle and application development desired.
- Strong written and verbal communication skills.
- US Citizen