• Participate in conducting gap analyses, security and risk assessments with both internal and external stakeholders.
• Coordinate with multiple departments to identify, triage, and remediate gaps in the current security posture.
• Work with a variety of security efforts that span areas such as cloud infrastructure, application, system, and network-level initiatives.
• Implement and integrate various LOB and solutions with MFA and 2FA.
• Integrate and manage SAML/SSO configurations across various applications and platforms.
• Manage and maintain the IdP and SSPR/MFA platform.
• Implement and integrate the SIEM solution across various organizational platforms.
• Implement and integrate ATP/EDR/MDR/XDR solution across the organization's premises and cloud-based environments.

Skills: Gap Analysis, Risk Assessment, Security Coordination, MFA Integration, SAML/SSO Management, Identity Platform, SIEM Integration, XDR Deployment

• Implement, manage and maintain phishing campaigns across the organization.
• Implement and integrate IAM/PAM, access policies across various organizational platforms.
• Design, manage and maintain a monitoring and alerting platform to proactively secure potential risks across the organizational landscape.
• Support the design and implementation of the GRC matrix.
• Build automation to manage and maintain security updates across various applications, operating systems.
• Manage and maintain certificates through automated and manual processes.
• Design, plan and lead security and systems improvement projects.
• Document processes and implementations across the plethora of environments and systems managed by the IT team.

Skills: Phishing Campaigns, IAM/PAM Integration, Risk Monitoring, GRC Support, Security Automation, Certificate Management, Security Projects, Process Documentation

• Analyze technical security controls to identify gaps and recommend/implement appropriate means to mitigate security risks.
• Develop and report on performance metrics on key operational security risk indicators.
• Execute penetration testing services and attack simulation activities.
• Optimize security baseline configurations and system integrations.
• Monitor security events and review system audit logs and coordinate with the managed security operations facility to identify, investigate, and respond to anomalies and alerts.
• Ensure evidence integrity, computer forensic capabilities, and incident containment in the event of possible attacks and security breaches.
• Establish cryptographic controls and manage encryption technologies for the organization.
• Ensure that privileged accounts are properly secured and monitored with privileged identity management technologies.
• Work with technology operations teams to secure the network and endpoints using a wide range of security and system administration tools.
• Partner with security vendors and third-party service providers to coordinate activities and hold them accountable for meeting SLAs.

Skills: Security Gap Analysis, Risk Metrics, Penetration Testing, Security Monitoring, Incident Response, Encryption Management, Privileged Access, Endpoint Security

• Remain current on emerging security risks, trends, and technologies and share with the team.
• Identify recurring security issues and opportunities for improvement, recommending proactive measures and best practices to address gaps.
• Assess and implement technical security safeguards and methods to protect information and systems.
• Respond to problem management security tickets to satisfactory issue resolution.
• Provide technical support to internal and external users of systems and/or software.
• Troubleshoot user problems and determine the appropriate path for a solution.
• Prepare security documentation, technical papers, and reports.
• Maintain essential job knowledge to stay current on security issues, emerging technologies, best practices, and vendor solutions.
• Diagnose problems and provide root cause analysis, including detailed assistance to other functional areas.

Skills: Security Risk Awareness, Issue Identification, Security Safeguards, Ticket Resolution, Technical Support, Problem Troubleshooting, Security Documentation, Root Cause Analysis

• Identify security loopholes in the system/cloud infrastructure and provide remediation solutions for the same.
• Ensure system security by implementing and maintaining tools associated with vulnerability assessments, container security, WAF, etc.
• Build and maintain security solutions for monitoring and automating operations of the overall infrastructure.
• Involved in the design and subsequent implementation of software and service infrastructure.
• Engage with different stakeholders from the Infrastructure team to SOC for reporting and implementing best practices.
• Introduce best practices to secure infrastructure.
• Manage and maintain the SIEM solution, introduce new use cases, and log aggregations from different applications and systems.
• Responsible for managing Cloud Security Posture.

Skills: Security Loophole Analysis, Vulnerability Management, Security Automation, Infrastructure Design, Stakeholder Engagement, Infrastructure Hardening, SIEM Management, Cloud Security Posture

• Ability to use GitLab.
• Demonstrated experience in cloud security, systems security, or site-reliability engineering.
• GCP or AWS experience, preferably in a security domain.
• Demonstrated experience with incident response.
• Knowledge of the Linux operating system.
• Demonstrated experience with running systems at scale.
• Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details.
• Share values, and work in accordance with those values.
• Experience working in site-reliability engineering, cloud security, or system engineering.
• Experience working with incident response.
• Excellent written and verbal communication skills.
• Able to build working relationships with key stakeholders.
• Knowledge of the Linux operating system and common OS hardening practices.
• Experience with infrastructure vulnerability scanning, vulnerability management and patching practices.
• Experience with logging systems and log analysis.

Qualifications: BS in Computer Engineering with 8 years of Experience

• Relevant industry-recognized technical and/or security certifications.
• Strong hands-on experience in working with engineering teams on the design and implementation of security best practices in architecture and code.
• Experience working with product security teams to drive engineering remediation to externally identified threats and vulnerabilities.
• Experience in security practices, or others, OR an equivalent combination of education, training, and experience.
• Experience in enterprise-level deployment and management of endpoint products (Windows, Linux).
• Practical experience in information security and industry or government certifications and compliance.
• Experience with creating threat models of system designs and implementing their scale, how they should fit together, and working with teams to identify and remediate potential security gaps.
• Strong understanding of regulatory requirements.
• Strong, demonstrable experience with real-time operating systems.
• Strong understanding of Vulnerability detection and management.

Qualifications: BS in Computer Science with 9 years of Experience

• Experience in the integration of security enabled in DevOps (DevSecOps).
• Experience with any combination of at least 3 technical disciplines, including vulnerability management, cloud security, network security, application security, identity and access management, and systems engineering.
• Hands-on experience with AWS, Google and Microsoft IaaS, PaaS products.
• Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences.
• Strong technical skills as they apply to cloud products and platforms.
• Strong foundation in and an in-depth technical knowledge of infrastructure and platform security, particularly virtualization products.
• Strong Virtualization Experience - design, implement, manage, and troubleshoot.
• Ability to analyze and solve complex problems.
• Strong attention to detail, organizational skills.

Qualifications: BS in Information Security with 8 years of Experience

• Experience in partnering with product and program management teams.
• Experience in the use of Agile software development.
• Strong understanding of Vulnerability remediation tools and practices.
• Able to develop/scripting/automation experience in at least one of Java, Python, Go, C++, and PowerShell.
• Well-versed in security controls integration to defend, detect, and respond to threats against compute infrastructure/platforms.
• Deep understanding of how to connect new and changing threats to the cloud computing portfolio to create mitigating or compensating activities.
• Demonstrable experience in engineering security products relevant to the following security disciplines, including Identity and Access Management, Endpoint Security (AV/EDR), Data Protection, and Infrastructure (Hardware and Software) Security.
• Understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
• Excellent written and oral communication skills.

Qualifications:  BS in Cybersecurity with 9 years of Experience

• Experience ensuring security and privacy on the internet.
• Experience with an interpreted programming language (PHP, Python, Perl, Ruby, etc.).
• Experience reviewing distributed systems design and conducting threat modeling of highly connected systems.
• Knowledge and experience in building distributed systems.
• Must have communication experience.
• Experience contributing to the security community (public research, blogging, presentations, bug bounty, etc.).
• Knowledge of federal and compliance regulations, e.g., SOX, PCI and CPNI.
• Familiarity with load balancers (ex A10, F5), firewalls (ex CheckPoint), Venafi, MDM (ex, Mobile Iron), Cloud (ex, AWS, Azure), Malware Protection (ex, FireEye), Advanced Persistent Threats (ex, Damballa), Privileged Accounts (ex, CyberArk), SIEM (ex, ArcSight), Log and Event (ex, Splunk), Intrusion IDS/IPS (ex, Symantec), Cloud Platform (ex, PCF, Docker), Scanning (ex, Qualys), AppSec (ex, Veracode).
• Familiarity with the implementation of various threat modeling approaches pertaining to one or more of the following STRIDE, PASTA, TRIKE, ATTACK TREE, DREAD, KILL CHAIN, CAPEC, Mobile Application threat model, Cyber Threat Tree, and data flow diagram.

Qualifications: BS in Software Engineering with 10 years of Experience