Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Sr. Information Security Engineer

T

Tutela Talent

Sr. Information Security Engineer

San Francisco, CA
Full Time
Paid
Similar Jobs
  • Responsibilities

    About the Job:

    Our client is a family office business managing affairs for a very wealthy family that has multiple entities in areas such as including maritime research, island management, finance and investments, philanthropy, real estate, aviation, and cutting-edge technology applications. They are seeking an experienced Information Security Engineer (SE) to help build their organization security program. The SE will help protect their cloud infrastructure, office networks and hardware/endpoints. The SE will help build the required controls and configurations needed to protect the organization's data security and confidentiality. In this role, the Information Security Engineer should be knowledgeable about security frameworks, internal audits, and possess both deep and wide expertise in the security space. If you’re a problem-solver and quick decision-maker, we’d like to meet you. Your goal will be to ensure that their data and organizational business operations are well protected and implement appropriate security measures when needed. This role will be based out of the SF Bay Area(or Menlo Park) and will report to the Information Security Director.

     

    Why work for our client?

    • Opportunity to significantly influence global and environmental progress
    • Join our Information Security department journey in building a world-class Security program based on the CISA ZTA framework.
    • Collaborate with world-renowned experts pioneering groundbreaking research and innovative ideas
    • Contribute to life-changing philanthropic endeavors

     

    Responsibilities

    • Deploy and optimize detection and response technologies (e.g., SIEM, IDS/IPS,EDR) Automate and codify detection and response processes and playbooks
    • Configure and maintain security systems and tools such as intrusion detection and prevention systems, endpoint protection solutions, and vulnerability scanning tools
    • Develop and maintain incident response plans and procedures
    • Prepare and document standard operating procedures and protocols
    • Develop technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks
    • Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles
    • Tools used: JAMF, BetterCloud, Google Drive, Sophos, Upguard
    • Proactive / threat hunting / risk register / build mitigation plans to present to leadership team to eliminate these risks
    • Understanding of malware functionality and persistence mechanisms
    • Ability to analyze alerts and use deep analysis to reduce the false positives
    • User education, ex: diff between a spam and phishing email
    • Ability to analyze endpoint, network, and application logs for anomalous events
    • Analyze IT specifications to assess security risks and create “configurations best practices” for IT admins to follow when building new systems or hardware.
    • Manage and maintain security awareness training program on information security standards, tools, policies, and best practices for employees
    • Track milestones and update project plans pertaining to security-related projects and priorities
    • Assist in third party risk assessments due diligence workflows to provide an understanding of their practices and the organization risk exposure.
    • Collaborate with internal teams to identify and remediate security vulnerabilities
    • Participate in the yearly internal risk assessment, compliance, and other security program activities
    • Provide technical guidance and support to other teams on security-related issues
    • Draft comprehensive reports including assessment-based findings, outcomes, and propositions for documentation and further system security enhancement
    • Stay up to date with the latest cybersecurity threats and technologies such as ChatGPT Data sharing security risks.

     

    Skills & Abilities Required

     

    Technical Skills/Experience:

    • Strong experience implementing security controls in cloud hosted environments using tools and technologies (IAM, MFA, SSO, DLP systems, Firewall/IDS/IPS systems, Secure Configurations, Network/application vulnerability scanners like Tenable, Nessus, Qualys etc.)
    • Strong working knowledge of AWS, Google Workspace, Salesforce or similar IaaS/SaaS
    • Understanding of Security Industry Standards and Compliance Frameworks, Controls and Requirements (PCI-DSS, SOC2, FedRAMP, CIS configuration, Benchmarks, NIST, CISA, etc.)
    • Understanding of OWASP vulnerabilities, Zero Trust Architecture principles and common network/application/API Attacks
    • Proficiency with common IaaS services/components and architectures
    • Experience with log forensics best practices to identify the time and source of a security incident

    Non-Technical Skills:

    • Self-directed and self-motivated
    • Excellent verbal and written communication
    • Continuously builds on security knowledge and applies it to the job
    • Strong interpersonal skills to be able to work with multiple departments
    • Works well both in a team environment and independently
    • Ability to work with infrastructure team to apply security architecture best practices for new and current systems
    • Strong attention to detail, analytical and problem-solving skills
    • Experience with change management and cross-functional collaboration
    • Stay current with relevant security trends, news, and threats
    • Some travel required
    • Project management skills a plus

    Behavioral Competencies

    Job Knowledge \- Continuously enhances overall knowledge and seeks out new

    learning opportunities. Understands the elements of People, Process, Technology as

    part of solutions.

    Attitude \- Demonstrates optimism, persistence, positive attitude and displays loyalty to

    the organization.

    Accountability \- Accepts responsibility for own actions and decisions. Readily

    coachable and able to be developed. Fully engages in work and helps at all levels.

    Communication \- Effectively conveys information and expresses thoughts and facts.

    Demonstrate effective use of listening skills and displays openness to other people's

    ideas.

    Teamwork / Collaboration \- Works cooperatively and develops effective working

    relationships across the organization. Champions team success over personal success.

    Openly shares information, opinions, and ideas with others.

    Integrity & Trust \- Presents the truth in an appropriate and helpful manner, upholds

    utmost confidentiality, admits mistakes, and doesn't misrepresent for personal gain.

    Always suggests and defends the concepts of right and wrong behavior.

    Customer Focus \- Meet and exceed the needs of customers, both internal and

    external. Continually seek to provide the highest quality service.

    Action Oriented \- Driven to achieve and be successful in any task. Work at high level

    of efficiency and able to prioritize work and focus on most important items first.

    Problem Solving & Creativity \- Makes sound, logical decisions based on facts. Utilizes

    resources to apply practical and creative solutions. Openness to new approaches and

    ideas.