Principal Security Engineer

Title: Principal Security Engineer

Location: Remote in these states: AZ, CA, CO, FL, GA, KS, KY, ID, IL, IN, MA, MI, MN, MO, NC, NH, NJ, NV, NY, OH, OR, PA, RI, SC, SD, TN, TX, VA, VT, WA, WI

Role Description:

As a Principal Security Engineer, you will help manage and implement enterprise information security priorities including management of the company's efforts to maintain ISO 27001 certification and SOC2 compliance; including but not limited to overall security posture, production data & system security and corporate network security. As part of the Information Technology Security team, this person will build relationships throughout the enterprise to bring internal business stakeholders and their projects and initiatives into the company’s comprehensive security posture.

What you’ll do:

• Work with Sr. Director of Information Technology and Manager of Security and Compliance to design and implement application security processes and controls.
• Assist with implementation, management, review, and maintenance in accordance with ISO 27001 and SOC2 compliance requirements.
• Serve as the main point of contact for application security and privacy related matters.
• Actively manage projects in the areas of risk management, risk assessment, governance and security program development.
• Assist with IT and information security risk assessments.
• Create and manage security and privacy strategies.
• Oversee application security audits (either internal or with services provided by third-party vendor).
• Partner with Operations, Engineering and Corporate IT to analyze existing application security defenses and make recommendations for changes / improvements.
• Assess current application architecture for vulnerabilities, weaknesses and for possible upgrades or improvement.
• Organize, conduct and/or orchestrate periodic tests and “ethical hacks”.
• Communicate and visualize security system status and keep users informed.
• Assist with RFPs and other security-oriented questionnaires.
• Keep technical knowledge current through continuing education.
• Implement and oversee technological upgrades, improvements and major changes to the application environment.
• Communicate data and application security and privacy goals effectively; collaborate with other departments to push success.
• Additional duties and responsibilities as necessary.

What you’ll bring to the table:

• Advanced knowledge of application security standards, principles and practices.
• Advanced knowledge of securing various cloud-based application types.
• Demonstrated relevant security expertise in implementing secure solutions and services for a mix of the following areas: Secure Web Gateways, Data Loss Prevention, Application Security, Database Security (MS-SQL), Compliance - SOX, PCI, ISO 27001, Cloud, Colocation, Cloud Technologies, Forensics, Cyber Intelligence National and International Privacy laws and regulations.
• Knowledge in the following areas are highly desirable: Databases, Encryption, PKI, Identity Management, Certificate Management, Integrity Monitoring.
• Proficient at the techniques that go into the implementation of solution architectures, including requirements discovery and analysis, application of abstraction, formulation of solution context, solution alternatives identification and assessment, technology selection, and implementation.
• Experience with CI/CD pipelines using toolsets like Azure DevOps, Jenkins, CircleCI, Artifactory, etc.
• Experience with delivering and managing solutions on Azure required.
• Experience with WhiteSource Bolt, Qualys Vulnerability Management, or SonarQube is a plus.
• Experience with containers, container runtimes (i.e. Kubernetes), and/or serverless technologies.
• Proficient in at least one scripting language (Go, Python, Bash, PowerShell).
• Able to successfully elicit requirements from appropriate business partners and stakeholders (e.g. functional, performance, technical, compliance), and identify solutions to non-standard requests.
• Self-directed and comfortable with working in a fast-paced, results-oriented environment.
• Able to assess risk and translate it to business relevant considerations and facts.
• Demonstrate pride in work, showing focus, high attention to detail and build quality, and a sense of urgency to reach goals on time.
• Critical thinking and proactive problem solving, appropriately challenges the status quo.
• Able to take a new perspective using or improving on existing solutions.
• Excellent verbal and written communication skills to effectively collaborate and build consensus with both business and technical teams.
• Actively participates by sharing information, offering suggestions and taking initiative to get things done.
• Able to learn and apply new concepts quickly.
• Able to independently and effectively handle multiple competing priorities and make good use of resources (e.g. time, people, money).
• Must be trustworthy in keeping sensitive data confidential.

Classification: Exempt

Reports to: Senior Director, Information Technology

Perks & Benefits:

• Medical, Dental, Vision & Basic Life Insurance
• Paid Maternity/Parental Leave Program
• Flexible Time Off Program
• Quarterly Wellness Day
• 401K Match 
• Competitive Salary, Performance Bonus & Equity
• Variety of voluntary benefits, such as, short term disability
• Referral Bonus Program
• Fun Culture >>> Check us out on Instagram (@lifeatshipbob)