Information Security Engineer

Tulsa, OK, United States

ConsumerAffairs helps consumers make smart buying decisions in moments of need. Every month millions of consumers turn to our site and tools for help with their considered (often emotional) purchases.

We educate them about their options, learn about their specific needs, and connect hundreds of thousands of them directly to brands. These brands use our SaaS tools to manage their reviews and communicate directly with consumers to serve them better. Our business thrives when the consumers who trust us get matched with the right brands for them.

Were fast-paced and our core values are the bedrock of who we are and who we want to be.

Our employees believe in raising the bar through data-driven innovation, intellectual curiosity, and grit. We have a team-first mentality, and manifest wins by putting the team first. Collaboration and teamwork are in our hearts; we believe winning together is the most fun. But, above all else, we care. We have servant hearts for our consumers, customers, and colleagues. If you want to be part of a globally diverse team focussing on helping people, in an environment where we raise the bar, win as a team, and care above all elsethen ConsumerAffairs may be just the place for you!

About The Job

We are looking for an experienced Information Security Engineer to monitor and manage security on our hardware, software, and networks. This position will be responsible for preventing unauthorized access to our data by searching for vulnerabilities and risks. In this role, the Information Security Engineer should be knowledgeable about security frameworks and possess both deep and wide expertise in the security space. If youre a problem-solver and quick decision-maker, wed like to meet you. Your goal will be to ensure that our technology infrastructure is well protected and implement appropriate security measures when needed. Qualified candidates will have a background in Security or Systems Engineering.

Responsibilities & Expectations

These responsibilities are not to be construed as a complete statement of all duties performed. Employees will be required to perform other job-related duties as required

Monitor and respond to security incidents and threats

Monitor network activity to identify issues early and communicate them to IT teams

Conduct regular security assessments, scans, and audits to identify vulnerabilities and threats

Manage and maintain security systems and tools such as intrusion detection and prevention systems, endpoint protection solutions, and vulnerability scanning tools

Develop and maintain incident response plans and procedures

Prepare and document standard operating procedures and protocols

Engineer, implement, and monitor security measures for the protection of systems, networks, and information

Configure and troubleshoot security infrastructure devices

Develop technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks

Analyze IT specifications to assess security risks

Manage and maintain security awareness training program on information security standards, policies, and best practices for employees

Collaborate with internal teams to identify and remediate security vulnerabilities

Provide technical guidance and support to other teams on security-related issues

Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement

Develop and carry out information security plans and policies

Stay up to date with the latest cybersecurity threats and technologies

Minimum Qualifications & Credentials

BSc/BA in Computer Science, Information Technology, or a related field

Professional certification (e.g. CompTIA Security+, CISSP) is a plus

At least 4-5 years of experience in Information Security or a related field

Experience

Experience with vulnerability scanning solutions

Experience with an enterprise SIEM platform

Experience in building and maintaining security systems

Experience with network security and networking technologies

Experience with system, security, and network monitoring tools

Proven work experience as a System Security Engineer or Information Security Engineer

Experience with AWS and cloud platform as a service (PaaS) security

Experience with change management processes

Hard/Technical Skills

Well-versed with various security tools such as Burp Suite, Nmap, Nessus, Qualys, etc.

Understanding of OWASP testing methodology

Familiarity with public key infrastructure (PKI) and cryptographic protocols (e.g. SSL/TLS)

Familiarity with security frameworks (e.g. NIST Cybersecurity framework or ISO 27001) and risk management methodologies

Detailed technical knowledge of database and operating system security

Familiarity with web related technologies (web applications, web services, service oriented architectures) and of network/web-related protocols

An analytical mind with excellent problem-solving ability

Outstanding communication, collaboration, and organizational skills

Decision-making skills and ability to work under pressure

Soft Skills

Obsessed with ensuring an exceptional customer experience- for both internal and external customers.

Stands up for decisions, takes responsibility for results, and shares both good and bad outcomes transparently.

Demonstrates a relentless focus on results with a commitment to deliver.

Takes decisive action, and confidently changes course if unsuccessful.

Displays a growth mindset to continually improve; encourages everyone around them to be tenacious and never settle.

Constantly seeks feedback to improve; Focuses on solving issues through teamwork, and collaboration

Acts with urgency; delivers top results in hours and days instead of weeks and months.

Relentless in their pursuit of success and possessing the willpower to embrace challenges as opportunities.

Specific Measures of Success Expected Outcomes

Start Date to Start Date +1 Year

Conduct Security Assessments and Code Audits (within 3 months)

Work with external pentesters to identify and remediate weaknesses in current systems and resolve findings with relevant stakeholders

Run vulnerability scans on website and systems - analyze and remediate findings with the Engineering team

Conduct User Training (within 6 months)

Conduct user awareness training on information security best practices to increase employee awareness and minimize the risk of security incidents

Conduct security incident response tabletop exercises with departments

Security Assessment (within 1 year)

Conduct and complete a comprehensive security assessment of the organizations infrastructure, networks, and applications. Develop a risk register from this security assessment with plans for improving process and access to data. We want to take a proactive security stance and address identified risks.

Core Values

Raise The Bar

We raise the bar through innovation, intellectual curiosity, and grit. We are not satisfied with yesterday and our hearts thirst to be better tomorrow.

Win As A Team

We manifest wins by putting the team first. We have collaboration and teamwork in our hearts and believe winning together is the most fun.

Care Above All Else

We care above all else. We have servant hearts for our consumers, customers, and colleagues.

Physical Requirements & Environmental Conditions

Location: Remote/ Tulsa

Frequency of travel: Occasional travel may be required for meetings, training and/or conferences.

Light physical activities and efforts required in working within an office environment.

(Reasonable accommodations will be made in accordance with existing ADA requirements for otherwise qualified individuals with disabilities.)

ConsumerAffairs provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Health Care Plan (Medical, Dental & Vision)

Retirement Plan (401k)

Life Insurance (Basic, Voluntary & AD&D)

Paid Time Off (Vacation, Sick & Public Holidays)

Family Leave (Maternity, Paternity)

Short Term & Long Term Disability

Training & Development

Work From Home

Free Food & Snacks

Stock Option Plan

#J-18808-Ljbffr