Information Security Engineer
Company: Shorelight
Location: Boston
Posted on: October 29, 2024
Job Description:
Information Security EngineerBoston, MassachusettsAbout
UsShorelight is reinventing the international education experience
for students worldwide. Based in Boston, the company works directly
with top-ranked, nonprofit American universities to build
innovative programs and high-touch, technology-driven services that
help talented students thrive and become global citizens.Job
OverviewThe Information Security Engineer will validate that
Shorelight's services, applications, and websites are secured
against the latest threats. This role conducts security reviews,
develops threat models, evolves the security assurance process, and
creates metrics to demonstrate the team's performance. The
Information Security Engineer manages the development and
implementation of security standards and controls to ensure the
organization's products are secure.The Information Security
Engineer is a problem solver with outstanding oral and written
communication skills and a proven ability to outline security risks
at all levels of the organization to both technical and
non-technical individuals. He/She/They is an energetic team player
who thrives in a fast-paced, high-tech environment and has
high-level customer service skills. The ability to adjust quickly
to shifting priorities, make decisions with limited information,
and use good judgment to escalate risks and concerns to the
leadership level is essential. The Information Security Engineer
will influence and motivate participants in cross-team projects to
engage on Security initiatives, so the proven ability to build
partnerships and collaborate with key stakeholders is
critical.Essential FunctionsInformation Security
- Develop and maintain cloud security controls and best
practices
- Deploy security automation and develop tools to secure the
cloud
- Maintain an internal security library that outlines security
controls and identifies common security flaws
- Conduct vulnerability assessments and mitigate and patch based
on findings
- Develop automated security testing to ensure secure coding best
practices are being used
- Prepare critical and regular security releases
- Setup tools and sensors to detect various attacks and
exploitation techniques targeted towards cloud platforms and
applications running within them
- Create and conduct risk evaluations for new processes,
products, and services
- Develop, facilitate, and distribute security training modules
corresponding security materialsEngineering
- Maintain Docker container and Kubernetes security, including
pod-security and network security policies
- Support the DevOps and Engineering teams in developing
infrastructure-as-code using Terraform, CloudFormation, CI/CD,
GitHub, etc.
- Manage security across various Amazon Web Services (AWS)
tools/products such as VPCs, Flowlog, CloudTrail, S3, Route53, Elb,
CloudFront, and WAF
- Partner closely with Engineering and Product teams to suggest
improvements that increase application securitySecurity
- Comply with Shorelight Written Information Security Policy, and
all other Shorelight Information Security Policies and
Procedures.
- Take responsibility for any Shorelight assets assigned to
you.
- Promptly report any security events, incidents, or weaknesses
to Shorelight Security.Minimum Qualifications
- 7+ years of formalized information security experience
- Bachelor's degree or equivalent years' experience
- CISSP Information Security certification
- Experience managing security vendors and managed-services
providers
- Strong understanding of network and web related protocols (such
as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Working familiarity with Cyber Security, Cloud Platform
Security, Risk Assessment, Network Security, IAM, Data Security,
and Data Governance
- Ability to occasionally provide weekend and after-hours
supportPreferred Qualifications
- Bachelor's degree in Information Security, Computer Science or
related field
- Strong background in technical engineering and architecture,
such as infrastructure/cloud engineering or software
development
- Information Security certifications in SANS GIAC, CISA,
etc.
- Experience with OWASP, static/dynamic analysis, and common
exploit tools and methods
- Development experience
- Prior experience managing and growing a teamApplication
ProcessTo apply for this position, please visit the Shorelight
Careers page to submit an application with a resume and cover
letter.Background Check Required--Education, Criminal,
IdentityShorelight is an Equal Opportunity Employer.
#J-18808-Ljbffr
Keywords: Shorelight, Taunton , Information Security Engineer, Engineering , Boston, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...