Senior Security Engineer (Application Security, Threat Modeling)

About Gartner IT: 

Join a world-class team of skilled engineers who build creative digital solutions to support our colleagues and clients.  We make a broad organizational impact by delivering cutting-edge technology solutions that power Gartner.  Gartner IT values its culture of nonstop innovation, an outcome-driven approach to success, and the notion that great ideas can come from anyone on the team. 

About the Role:

The Sr. Security Engineer will be responsible for supporting Gartner’s AppSec function. This individual will play an integral role in, executing daily vulnerability Assessments functions; (ii) working closely with Information Security partners, and technology stakeholders to identify risks/vulnerabilities and collaborate with key stakeholders on remediation, developing and tracking risk/vulnerability remediation and prioritize effort across our various business units, partnering to implement security tools, technologies and controls with an appropriate balance of security, business, and user experience, while providing education and training; and engineer automation solutions and/or security tool integrations to assist with day-to-day AppSec responsibilities.

.

What you’ll do: 

• Supports day-to-day life cycle management of identification and remediation of security vulnerabilities and threats to Gartner Systems and Data, partnering with key resources on remediation.
• Ability to create reasonable and actionable recommendations based on the analysis of vulnerability data and impact to Gartner’s security posture.
• Coordinate the orchestration, automation, and management of security technologies and platforms.
• Own day-to-day life cycle management, including identification, threat assessment, threat modeling and risk avoidance.
• Apply technical expertise and skills to develop and implement solutions to meet complex business and technical requirements, working collaboratively across functional areas to turn innovative ideas into reality.
• Define and implement meaningful metrics to measure the effectiveness of security controls through KRIs and security scorecards.
• Serve as a subject-matter-expert for Application Security; act as a first point of contact for critical issues, security risk assessments and triaging CI/CD issues with Partners and stakeholders.
• Evaluate business and technical requirements to identify and implement tools, processes, and technologies to improve our security posture in our environments.
• Ensure the continuous improvement of existing compliance processes.

What you’ll need:

• strong independent critical thinking, problem-solving skills, and the ability to consistently evaluate and pivot based on the current organizational priorities.
• Proven Experience Developing and maturing KPI’s and Metrics to assess the effectiveness of a Application security program

Must Have:

• 4+ year’s of Technical and Professional Expertise
• Proven communication, collaboration, and critical thinking skills.
• Ability to define and communicate risk in a business-relevant language and to non-technical audiences.
• Deep technical expertise in at least one additional area of Information Security.
• Ability to think like a bad actor and use that context to develop threat models.
• Passion for finding flaws in processes and ability to efficiently communicate recommendations to fix them.
• Proven ability to communicate and educate Engineering and Architecture teams as to why Information Security is an important function to the business.

Nice to Have:

• Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53.
• Ability to automate tasks and code solutions to repetitive problems.
• Scripting or programming experience (Java, .NET, HTML, Ruby, PHP, Perl, C#, Python, JavaScript, PowerShell, Bash) 
• Experience with penetration testing and web application assessment.

Who you are:

• Proven communication, collaboration, and critical thinking skills.
• Ability to build trusting, meaningful relationships with peers, stakeholders, partners and suppliers.
• Ability to define and communicate risk in a business-relevant language to both non-technical and technical audiences.
• Ability to apply expert knowledge to solve complex business/technical issues strategically.
• Desire for life-long learning and continuous personal/professional development
   

Don’t meet every single requirement? We encourage you to apply anyway. You might just be the right candidate for this, or other roles.

#LI-NS4

Who are we? 

At Gartner, Inc. (NYSE:IT), we guide the leaders who shape the world.

Our mission relies on expert analysis and bold ideas to deliver actionable, objective insight, helping enterprise leaders and their teams succeed with their mission-critical priorities.

Since our founding in 1979, we’ve grown to more than 20,000 associates globally who support ~15,000 client enterprises in ~90 countries and territories. We do important, interesting and substantive work that matters. That’s why we hire associates with the intellectual curiosity, energy and drive to want to make a difference. The bar is unapologetically high. So is the impact you can have here.

What makes Gartner a great place to work? 

Our sustained success creates limitless opportunities for you to grow professionally and flourish personally. We have a vast, virtually untapped market potential ahead of us, providing you with an exciting trajectory long into the future. How far you go is driven by your passion and performance.

We hire remarkable people who collaborate and win as a team. Together, our singular, unifying goal is to deliver results for our clients.

Our teams are inclusive and composed of individuals from different geographies, cultures, religions, ethnicities, races, genders, sexual orientations, abilities and generations.

We invest in great leaders who bring out the best in you and the company, enabling us to multiply our impact and results. This is why, year after year, we are recognized worldwide as a great place to work.

What do we offer? 

Gartner offers world-class benefits, highly competitive compensation and disproportionate rewards for top performers. 

In our hybrid work environment, we provide the flexibility and support for you to thrive — working virtually when it's productive to do so and getting together with colleagues in a vibrant community that is purposeful, engaging and inspiring.

Ready to grow your career with Gartner? Join us.

The policy of Gartner is to provide equal employment opportunities to all applicants and employees without regard to race, color, creed, religion, sex, sexual orientation, gender identity, marital status, citizenship status, age, national origin, ancestry, disability, veteran status, or any other legally protected status and to seek to advance the principles of equal employment opportunity.

Gartner is committed to being an Equal Opportunity Employer and offers opportunities to all job seekers, including job seekers with disabilities. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access the Company’s career webpage as a result of your disability. You may request reasonable accommodations by calling Human Resources at +1 (203) 964-0096 or by sending an email to ApplicantAccommodations@gartner.com.

By submitting your information and application, you confirm that you have read and agree to the country or regional recruitment notice linked below applicable to your place of residence.

Gartner Applicant Privacy Link: https://jobs.gartner.com/applicant-privacy-policy

For efficient navigation through the application, please only use the back button within the application, not the back arrow within your browser.