Senior Security Engineer

As a Senior Security Engineer, you will play a vital role in ensuring that Veryfi's infrastructure and applications meet high security standards and helping with meeting various compliance requirements.

Your primary goals will be ensuring that systems are patched and vulnerabilities remediated within assigned timeframes, setting up tools and defining processes to ensure high security standards and compliance requirements are met, developing automated processes to monitor and report on security posture of Veryfi's systems.

Key Responsibilities:

• Vulnerability Management:
  • Configure and champion the use of automated security scanning tools (SAST, DAST, etc)
  • Conduct regular vulnerability scans, penetration tests, internal audits and appropriateness reviews
  • Remediate vulnerabilities independently and in collaboration with engineering and operations teams
  • Develop and implement mitigation strategies for vulnerabilities that cannot be immediately remediated (e.g., compensating controls, workarounds)
  • Maintain a detailed record of all inventory along with risks and vulnerabilities and their remediations, as well as a POA&M covering all open items
• Security Architecture & Engineering:
  • Design, implement, and maintain security controls and measures across the organization's cloud-based (AWS) IT infrastructure, including firewalls, IDS, IPS, DLP, endpoint security, access control
  • Participate in the design and implementation of security architectures for new systems and applications
  • Conduct threat modelling and risk assessments to identify and mitigate potential security vulnerabilities
• Incident Response:
  • Participate in incident response activities, including investigation, containment, eradication, and recovery
  • Develop and maintain incident response plans and procedures
• Security Information and Event Management (SIEM):
  • Monitor and review security logs and alerts for potential threats and prioritize and apply remediation actions
• Security Awareness Training:
  • Conduct security awareness training for employees
• Compliance:
  • Ensure compliance with relevant security standards and regulations (e.g., SOC 2, FedRAMP)

Skill Requirements:

• Strong understanding of cybersecurity principles and best practices
• High level of proficiency identifying and remediating vulnerabilities and configuring tools like AWS Inspector, SonarQube, OWASP ZAP
• Strong understanding and experience with cloud security (AWS)
• Proficiency in Linux administration, shell/bash scripting
• Working knowledge and experience with CI/CD tools like Jenkins, GitHub/GitLab pipelines and containerization tools like Docker
• Working knowledge and hands-on experience with compliance frameworks like SOC2, ISO27001, NIST, FedRAMP, FISMA
• Excellent communication and collaboration skills
• Strong analytical and problem-solving skills

Prior Experience:

• 5+ years of experience in cybersecurity engineering roles
• 5+ years administering AWS cloud services such as IAM, AWS Inspector, CloudTrail, GuardDuty, AWS Config, EC2, WAF, VPC, network configuration, etc
• 5+ years administering Linux servers, including shell/bash scripting
• 3+ years maintaining implementation of security controls outlined by compliance frameworks like SOC2, ISO27001, NIST, FedRAMP, FISMA
• 3+ years administering SAST + DAST tools like SonarQube, OWASP ZAP or similar
• 3+ years identifying and remediating vulnerabilities using tools like AWS Inspector, Clair, or similar

Bonus Experience:

• Relevant security certifications (e.g., CISSP, CISA, CEH)
• Certification in AWS Well-Architected Framework
• 3+ years experience with Python