Information Security Engineer 

ANY EMPLOYMENT OFFERS ARE CONTINGENT UPON SUCCESSFUL COMPLETION OF THE FOLLOWING:

• Verification of Work Authorization and Employment Eligibility 
• Substance Abuse Screening (if applicable)
• Physical Exam (if applicable)
• Background Checks for Badging/Security Clearances (if applicable)

OVERVIEW

The Information Security Engineer will help implement, measure, and monitor security standards across our services. They will validate the security of services, discover, and address security issues, and build automation to ensure our services remain secure. The Information Security Engineer will teach and mentor Security Team members, sharing their experience and knowledge.

RESPONSIBILITIES

• The Information Security Engineer will be the subject matter expert for internal security tooling, partner with engineering teams to continue to demonstrate the effectiveness of our control mechanisms and inform requirements for measuring and monitoring security.
• Be responsible for the design and implementation of continuous assessments automation that helps teams maintain insight to the integrity of their development, deployment, monitoring, and response processes.
• Assist the security incident handling efforts in response to detected events, and coordinate with other stakeholders as needed.
• Manage/Build the rules, dashboards, alerting infrastructure used to respond to security and/or configuration issues
• Assist with external audits (SOC2 and ISO) in gathering supporting technical evidence to show compliance through automated tooling.
• Support the expansion and growth of Security Operations Program: integrating new tooling and documenting processes to enhance the effectiveness of the Operations team.
• Maintain / document / improve; playbooks, processes, and guidelines to be used within the Security Operations Team.

QUALIFICATIONS

• Domain expertise in at least 4 of: security architecture and engineering, communication and network security, identity, and access management (IAM), security assessment and testing, cryptography, and software development security.
• 2+ years of experience in performing and/or participating in technical assessments in direct support of a major compliance effort (e.g. FedRAMP, SOC1, SOC 2, HITRUST, or ISO)
• 5+ years of experience with security tooling - endpoint protection, firewalls, IDS/IPS systems, SIEMs, and vulnerability scanners.
• 5+ years of experience with cloud computing environments.
• Advance knowledge of scripting languages (PowerShell, Python, Bash, etc).
• Working knowledge of container computing concepts.
• A work environment that is conducive to high quality virtual interactions. This includes but is not limited to being able to work from a quiet space with minimal interruptions or distractions, and a strong internet connection.
• The ability to travel periodically for work.
• A high level of judgment, analytical ability, and creativity in investigating problems that require original and innovative solutions.
• Experience working a fast-paced, high-growth, rapidly changing work environments.

WHAT SUCCESS LOOKS LIKE…

You will be responsible for designing and implementing workflows that integrate with multiple services, automation that removes humans from the loop, and correlation and analysis platforms that function at scale. Internal security control mechanisms are documented and measured to demonstrate compliance with regulatory and customer requirements.

In 3 months…

• Prepare and present detailed, written technical information describing security controls for internal and external audiences.
• Configure and maintain daily log correlation tools and alerts.
• Contribute to the user access and identity access management initiatives.
• Oversee entitlement reviews for compliance initiatives.
• Contribute to CI/CD development and managing distributed systems.

In 6 months…

• Integrate multiple 3rd party tools and native cloud services to meet cyber security requirements.
• Deliver security training and outreach to internal development teams.
• Develop security metrics that track compliance and security program maturity improvements.

In 12 months…

• Represent Security Team in application security reviews.
• Work closely with engineering teams to create comprehensive security tooling and functional improvements at scale.
• Implement serverless architectures for security validation, remediation, and response.

PHYSICAL DEMANDS - Sedentary

BENEFITS

Appriss Retail offers competitive benefits including medical, dental, and vision coverage. We offer an immediate vesting 401(k) plan with employer matching, unlimited paid time off for salaried employees, and well-being support including gym reimbursements, a subscription to Calm – Meditation and Sleep app, and paid leave for new parents and family care. As a hybrid global community, we also offer a remote work-first environment empowering our people to work wherever suits their lifestyle.  

EQUAL OPPORTUNITY EMPLOYER - M/F/V/H 

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.