Information Security Engineer

Job Description

looking for a SecOps Engineer. We are building a layered Security approach which means the SecOps Engineer will need to work hand in hand with teams such as Infrastructure, AppSec, Detection and Response, Development Teams and Internal Audit. In this role you will be responsible for driving Identity and Access Management best practices to include SSO, MFA, RBAC, Password Management and application configuration. The SecOps Engineer will also be responsible for identifying, evaluating, and participating in decision making around new and emerging Identity and Access management technologies and should be able to support other areas of Information Security as needed. The individual in this role will be working to enhance and strengthen other security controls within our environment as a whole, such as: anti-phishing gateways, EDR, AV, firewalls, IDS/IPS systems and AWS Security Hub. Not only will this role focus on growing  capabilities but will also focus on developing/training other teammates.

Responsibilities:

• Deep understanding of Identity and Access management and the tool’s therein
• Able to work with vendors and manage PoC’s
• Perform business use case analysis to implement identity and access management solutions
• Identify required attributes, customizing login pages and implement security policies
• Follow SDLC, change management and document the procedures on Trusted Identity solutions to meet compliance requirements
• Anticipate, identify, track and resolve technical issues
• Establish repeatable processes for Access Management
• Lead the Trusted Identity team in implementing scalable access management and identity lifecycle processes
• Work closely with business, application, and solution owners to ensure user and role definitions and associated access rights are appropriately
• Assist in the support of the role-based access control (RBAC) model and maintain role-based access control documentation for operational processes
• Create and implement automated processes that reduce manual efforts and increase overall efficiency and scalability
• Manage Security Alerts and provide Incident Response support services, it’s not expected someone knows everything but this person should be able to identify and perform triage to resolve a Security Incident
• Contribute to the development, improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutions
• Manage, Engineer and maintain other security SaaS applications such as anti-phishing, EDR, or logging tools as require
• Able to assist in employee trainings , such as creating webinars, create “how-to” tech articles, etc
• Helping to create and understand an escalation support framework. With the ability track and manage support requests from our partners internally and externally,

Required Skills:

• Practical hands-on experience engineering and implementing data security controls in cloud environments including databases, datastores and SaaS platforms
• Extensive and demonstrated experience in end-to-end deployment of identity and access management tools
• Overall understanding of Security Domains, Compliance Requirements, and Risk Management Practices
• Experience with Okta planning, implementation and operations
• Experience with Cloud technologies (Google Cloud Platform, Azure or AWS)
• Understanding of their Identity concepts such as Privileged Account Management and Life Cycle Management
• General understanding DevOps practices
• Understanding of building and making tools for our partners, how do we make something into a service? how do we navigate with them
• Comfortable reading python code and writing basic scripts, or using Low Code / No Code SOAR tools
• Knowledge of AWS including but not limited to S3, Lambda, RDS, EC2 and AWS Security Center
• Building and implementing security tools such as anti-phishing, EDR, or EMM/MDM tools
• Understanding of TCP/IP Networking including knowledge of Protocols and Services
• Overall understanding of the Security domain, compliance, business, risk, ops etc ALONG with its application to the business
• Excellent communication, interpersonal and leadership skills, with the ability to interact with staff at all levels.
• Proven ability to be agile and work effectively in a dynamic environment.
• Demonstrated ability to perform under pressure and respond rapidly to emerging incidents and situations.
• Excellent coordination, project management, and organization skills and comfortable with multi-tasking in a high-energy environment.
• Should be a creative and analytical problem solver with a passion to provide excellent customer service