Sr. Infrastructure Security Engineer

EXPERIENCE REQUIRED:

A minimum of 5-7+ years of experience

Responsible for continually improving product security by partnering with infrastructure in all phases of the development and deployment process. Work with various Infrastructure teams to identify and mitigate security issues, vulnerabilities, and misconfigurations by applying their in-depth knowledge of operating systems, infrastructure, and cloud providers. Work very closely with the Security Operations Team and share their findings in a proactive manner. Work with teams to ensure security standards are maintained on the design and implementation of platforms and systems in cloud and on-premises environments. 

RESPONSIBILITIES:  

• Establish security best processes and practices for our mobile, on-premises and cloud-based platforms.
• Support infrastructure teams from the perspective of security engineering by injecting appropriate security controls
• Establish and maintain Infrastructure as code scanning engine
• Establish and maintain infrastructure vulnerability management engine
• Build tooling to ensure Security Engineering can deliver often and with confidence
• Defining security controls for all aspects of our on-premise and cloud infrastructure
• Managing cryptography and encryption controls
• Coordinate security implementation work with Infrastructure teams and other members of Security Department
• Managing Web Application Firewall (building new rules, maintaining existing, monitoring and adjusting according to the signals)
• Working with analysts, engineers, and data scientists across the organization to continually improve cyber resilience.
• Managing KMS, Secrets, certificate management platforms
• Support the regulatory compliance initiatives, processes and documentation for ISO 27001, PCI, SOC2, etc.
• Assist with incident response practices including incident management, coordination, analysis and investigation of potential security events
• Design and implement safeguards by working with others to progress cloud security posture in the form of software, hardware, or operating procedures
• Monitor environments with performing setup of tools, logging and monitoring, and threat detection to determine if any attacks on cloud systems working with the SOC
• Constantly innovate at the pace of the adversary using latest techniques. 

EDUCATIONAL REQUIREMENTS:  

• Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience  
• Certifications in the field of Information Security (at least one of the following: AWS Solutions Architect, AWS Security Specialty, CISSP, CEH, GIAC)