Information Security Engineer
Tulsa, OK, United States
ConsumerAffairs helps consumers make smart buying decisions in moments of need. Every month millions of consumers turn to our site and tools for help with their considered (often emotional) purchases.
We educate them about their options, learn about their specific needs, and connect hundreds of thousands of them directly to brands. These brands use our SaaS tools to manage their reviews and communicate directly with consumers to serve them better. Our business thrives when the consumers who trust us get matched with the right brands for them.
Were fast-paced and our core values are the bedrock of who we are and who we want to be.
Our employees believe in raising the bar through data-driven innovation, intellectual curiosity, and grit. We have a team-first mentality, and manifest wins by putting the team first. Collaboration and teamwork are in our hearts; we believe winning together is the most fun. But, above all else, we care. We have servant hearts for our consumers, customers, and colleagues. If you want to be part of a globally diverse team focussing on helping people, in an environment where we raise the bar, win as a team, and care above all elsethen ConsumerAffairs may be just the place for you!
About The Job
We are looking for an experienced Information Security Engineer to monitor and manage security on our hardware, software, and networks. This position will be responsible for preventing unauthorized access to our data by searching for vulnerabilities and risks. In this role, the Information Security Engineer should be knowledgeable about security frameworks and possess both deep and wide expertise in the security space. If youre a problem-solver and quick decision-maker, wed like to meet you. Your goal will be to ensure that our technology infrastructure is well protected and implement appropriate security measures when needed. Qualified candidates will have a background in Security or Systems Engineering.
Responsibilities & Expectations
These responsibilities are not to be construed as a complete statement of all duties performed. Employees will be required to perform other job-related duties as required
Monitor and respond to security incidents and threats
Monitor network activity to identify issues early and communicate them to IT teams
Conduct regular security assessments, scans, and audits to identify vulnerabilities and threats
Manage and maintain security systems and tools such as intrusion detection and prevention systems, endpoint protection solutions, and vulnerability scanning tools
Develop and maintain incident response plans and procedures
Prepare and document standard operating procedures and protocols
Engineer, implement, and monitor security measures for the protection of systems, networks, and information
Configure and troubleshoot security infrastructure devices
Develop technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks
Analyze IT specifications to assess security risks
Manage and maintain security awareness training program on information security standards, policies, and best practices for employees
Collaborate with internal teams to identify and remediate security vulnerabilities
Provide technical guidance and support to other teams on security-related issues
Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement
Develop and carry out information security plans and policies
Stay up to date with the latest cybersecurity threats and technologies
Minimum Qualifications & Credentials
BSc/BA in Computer Science, Information Technology, or a related field
Professional certification (e.g. CompTIA Security+, CISSP) is a plus
At least 4-5 years of experience in Information Security or a related field
Experience
Experience with vulnerability scanning solutions
Experience with an enterprise SIEM platform
Experience in building and maintaining security systems
Experience with network security and networking technologies
Experience with system, security, and network monitoring tools
Proven work experience as a System Security Engineer or Information Security Engineer
Experience with AWS and cloud platform as a service (PaaS) security
Experience with change management processes
Hard/Technical Skills
Well-versed with various security tools such as Burp Suite, Nmap, Nessus, Qualys, etc.
Understanding of OWASP testing methodology
Familiarity with public key infrastructure (PKI) and cryptographic protocols (e.g. SSL/TLS)
Familiarity with security frameworks (e.g. NIST Cybersecurity framework or ISO 27001) and risk management methodologies
Detailed technical knowledge of database and operating system security
Familiarity with web related technologies (web applications, web services, service oriented architectures) and of network/web-related protocols
An analytical mind with excellent problem-solving ability
Outstanding communication, collaboration, and organizational skills
Decision-making skills and ability to work under pressure
Soft Skills
Obsessed with ensuring an exceptional customer experience- for both internal and external customers.
Stands up for decisions, takes responsibility for results, and shares both good and bad outcomes transparently.
Demonstrates a relentless focus on results with a commitment to deliver.
Takes decisive action, and confidently changes course if unsuccessful.
Displays a growth mindset to continually improve; encourages everyone around them to be tenacious and never settle.
Constantly seeks feedback to improve; Focuses on solving issues through teamwork, and collaboration
Acts with urgency; delivers top results in hours and days instead of weeks and months.
Relentless in their pursuit of success and possessing the willpower to embrace challenges as opportunities.
Specific Measures of Success Expected Outcomes
Start Date to Start Date +1 Year
Conduct Security Assessments and Code Audits (within 3 months)
Work with external pentesters to identify and remediate weaknesses in current systems and resolve findings with relevant stakeholders
Run vulnerability scans on website and systems - analyze and remediate findings with the Engineering team
Conduct User Training (within 6 months)
Conduct user awareness training on information security best practices to increase employee awareness and minimize the risk of security incidents
Conduct security incident response tabletop exercises with departments
Security Assessment (within 1 year)
Conduct and complete a comprehensive security assessment of the organizations infrastructure, networks, and applications. Develop a risk register from this security assessment with plans for improving process and access to data. We want to take a proactive security stance and address identified risks.
Core Values
Raise The Bar
We raise the bar through innovation, intellectual curiosity, and grit. We are not satisfied with yesterday and our hearts thirst to be better tomorrow.
Win As A Team
We manifest wins by putting the team first. We have collaboration and teamwork in our hearts and believe winning together is the most fun.
Care Above All Else
We care above all else. We have servant hearts for our consumers, customers, and colleagues.
Physical Requirements & Environmental Conditions
Location: Remote/ Tulsa
Frequency of travel: Occasional travel may be required for meetings, training and/or conferences.
Light physical activities and efforts required in working within an office environment.
(Reasonable accommodations will be made in accordance with existing ADA requirements for otherwise qualified individuals with disabilities.)
ConsumerAffairs provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
Health Care Plan (Medical, Dental & Vision)
Retirement Plan (401k)
Life Insurance (Basic, Voluntary & AD&D)
Paid Time Off (Vacation, Sick & Public Holidays)
Family Leave (Maternity, Paternity)
Short Term & Long Term Disability
Training & Development
Work From Home
Free Food & Snacks
Stock Option Plan
#J-18808-Ljbffr