We're working with a financial technology firm that is modernizing the equity capital markets (ECM). They connect investors and underwriters via a neutral platform that delivers integrated data and analytics, transparency, and workflow efficiencies. Providing a digital system of record for firm-wide deal activity, they help clients make more timely, better-informed decisions.
We're scaling up our Security team and looking for a senior security operations engineer. This team is responsible for ensuring our people, processes, and technology are secure. Reporting to the VP of Information Security, the Senior Security Operations Analyst is responsible for detecting, responding, and recovering from any threats to our systems. This role will work closely with the Engineering, DevOps, and Incident Response teams to ensure our enterprise-level cloud infrastructure, our customer facing applications, and our user-endpoints are secure and resilient. The person who joins our team will be encouraged to influence new solutions that will secure our technology stack.
Our Tech Stack:
- Microsoft Azure Cloud
- Microsoft Azure AD
- GitHub, Containers, Kubernetes
- Managed Postgres and Elasticsearch
- Other cloud / security tools
Design, Analyze, and Implement Security Tools
- Monitor and secure our cloud environment (e.g., WAF, access controls, security monitoring, data security, etc).
- Secure user endpoints and access to production resources.
- Analyze, configure and test security tools
- Protect sensitive information through its lifecycle (DLP)
Discover, Prioritize, and Resolve Vulnerabilities
- Maintain an inventory of services and applications
- Organize vulnerability scans across the stack (code, network, endpoints)
- Track vulnerabilities, evaluate the criticality, and mitigations
- Resolve vulnerabilities using a risk-based approach
- Document security incident response procedures across different types of events to both respond to and recover
- Develop playbooks on how to respond to an event
- Help prevent and deal with security breaches by performing risk and remediation activities
- Collaborate with incident response team
- Identify required resources to drive initiatives forward
- Dependable and highly skilled resource for peers on security topic
- Inventory security solutions and controls through documentation, diagrams, and readable code.
- Having a broad awareness of related projects and industry trends; encourages innovative practices amongst peers
- Bachelor’s degree in computer science, cybersecurity, or a related field
- Minimum of five (5) years of information security experience service a complex, global business. Banking / FinTech experience preferred. Start-up experience a plus.
- Deep understanding and application of information security management frameworks based on International Organization for Standards (ISO) 2700X and/or National Institute of Standards and Technology (NIST) Cybersecurity Framework.
- Hands on understanding of the current cyber threat landscape, attack methodologies, and risk mitigation and remediation methods.
- Proficient knowledge of various cloud environment (Azure preferred), container security.
- Experience with security alerting, metrics, and data driven improvements
- Experience maintaining enterprise level security practices
- Attention to detail; excellent communication skills (Written, Verbal)
- Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is preferred