Information Security Engineer
Company: ConsumerAffairs
Location: Austin
Posted on: May 27, 2023
Job Description:
ConsumerAffairs helps consumers make smart buying decisions in
moments of need. Every month millions of consumers turn to our site
and tools for help with their considered (often emotional)
purchases. We educate them about their options, learn about their
specific needs, and connect hundreds of thousands of them directly
to brands. These brands use our SaaS tools to manage their reviews
and communicate directly with consumers to serve them better. Our
business thrives when the consumers who trust us get matched with
the right brands for them.We're fast-paced and our core values are
the bedrock of who we are and who we want to be. Our employees
believe in raising the bar through data-driven innovation,
intellectual curiosity, and grit. We have a team-first mentality,
and manifest wins by putting the team first. Collaboration and
teamwork are in our hearts; we believe winning together is the most
fun. But, above all else, we care. We have servant hearts for our
consumers, customers, and colleagues. If you want to be part of a
globally diverse team focussing on helping people, in an
environment where we raise the bar, win as a team, and care above
all else-then ConsumerAffairs may be just the place for you!ABOUT
THE JOB:We are looking for an experienced Information Security
Engineer to monitor and manage security on our hardware, software,
and networks. This position will be responsible for preventing
unauthorized access to our data by searching for vulnerabilities
and risks. In this role, the Information Security Engineer should
be knowledgeable about security frameworks and possess both deep
and wide expertise in the security space. If you're a
problem-solver and quick decision-maker, we'd like to meet you.
Your goal will be to ensure that our technology infrastructure is
well protected and implement appropriate security measures when
needed. Qualified candidates will have a background in Security or
Systems Engineering.RESPONSIBILITIES & EXPECATIONS:These
responsibilities are not to be construed as a complete statement of
all duties performed. Employees will be required to perform other
job-related duties as requiredResponsibilities:
- Monitor and respond to security incidents and threats
- Monitor network activity to identify issues early and
communicate them to IT teams
- Conduct regular security assessments, scans, and audits to
identify vulnerabilities and threats
- Manage and maintain security systems and tools such as
intrusion detection and prevention systems, endpoint protection
solutions, and vulnerability scanning tools
- Develop and maintain incident response plans and
procedures
- Prepare and document standard operating procedures and
protocols
- Engineer, implement, and monitor security measures for the
protection of systems, networks, and information
- Configure and troubleshoot security infrastructure devices
- Develop technical solutions and security tools to help mitigate
security vulnerabilities and automate repeatable tasks
- Analyze IT specifications to assess security risks
- Manage and maintain security awareness training program on
information security standards, policies, and best practices for
employees
- Collaborate with internal teams to identify and remediate
security vulnerabilities
- Provide technical guidance and support to other teams on
security-related issues
- Write comprehensive reports including assessment-based
findings, outcomes, and propositions for further system security
enhancement
- Develop and carry out information security plans and
policies
- Stay up to date with the latest cybersecurity threats and
technologies Minimum Qualifications & Credentials
- BSc/BA in Computer Science, Information Technology, or a
related field
- Professional certification (e.g. CompTIA Security+, CISSP) is a
plus
- At least 4-5 years of experience in Information Security or a
related field Experience
- Experience with vulnerability scanning solutions
- Experience with an enterprise SIEM platform
- Experience in building and maintaining security systems
- Experience with network security and networking
technologies
- Experience with system, security, and network monitoring
tools
- Proven work experience as a System Security Engineer or
Information Security Engineer
- Experience with AWS and cloud platform as a service (PaaS)
security
- Experience with change management processes Hard/Technical
Skills
- Well-versed with various security tools such as Burp Suite,
Nmap, Nessus, Qualys, etc.
- Understanding of OWASP testing methodology
- Familiarity with public key infrastructure (PKI) and
cryptographic protocols (e.g. SSL/TLS)
- Familiarity with security frameworks (e.g. NIST Cybersecurity
framework or ISO 27001) and risk management methodologies
- Detailed technical knowledge of database and operating system
security
- Familiarity with web related technologies (web applications,
web services, service oriented architectures) and of
network/web-related protocols
- An analytical mind with excellent problem-solving ability
- Outstanding communication, collaboration, and organizational
skills
- Decision-making skills and ability to work under pressure Soft
Skills
- Obsessed with ensuring an exceptional customer experience- for
both internal and external customers.
- Stands up for decisions, takes responsibility for results, and
shares both good and bad outcomes transparently.
- Demonstrates a relentless focus on results with a commitment to
deliver.
- Takes decisive action, and confidently changes course if
unsuccessful.
- Displays a growth mindset to continually improve; encourages
everyone around them to be tenacious and never settle.
- Constantly seeks feedback to improve; Focuses on solving issues
through teamwork, and collaboration
- Acts with urgency; delivers top results in hours and days
instead of weeks and months.
- Relentless in their pursuit of success and possessing the
willpower to embrace challenges as opportunities. Specific Measures
of Success - Expected OutcomesStart Date to Start Date +1
YearConduct Security Assessments and Code Audits (within 6 months)
- Work with external pentesters to identify and remediate
weaknesses in current systems and resolve findings with relevant
stakeholders
- Run vulnerability scans on website and systems - analyze and
remediate findings with the Engineering team Conduct User Training
(within 6 months)
- Conduct user awareness training on information security best
practices to increase employee awareness and minimize the risk of
security incidents
- Conduct security incident response tabletop exercises with
departments Security Assessment (within 1 year)
- Conduct and complete a comprehensive security assessment of the
organization's infrastructure, networks, and applications. Develop
a risk register from this security assessment with plans for
improving process and access to data. We want to take a proactive
security stance and address identified risks.CORE VALUES: Raise The
Bar
- We raise the bar through innovation, intellectual curiosity,
and grit. We are not satisfied with yesterday and our hearts thirst
to be better tomorrow. Win As A Team
- We manifest wins by putting the team first. We have
collaboration and teamwork in our hearts and believe winning
together is the most fun.Care Above All Else
- We care above all else. We have servant hearts for our
consumers, customers, and colleagues. Physical Requirements &
Environmental Conditions
- Location: Remote/ Tulsa
- Frequency of travel: Occasional travel may be required for
meetings, training and/or conferences.
- Light physical activities and efforts required in working
within an office environment. (Reasonable accommodations will be
made in accordance with existing ADA requirements for otherwise
qualified individuals with disabilities.)ConsumerAffairs provides
equal employment opportunities to all employees and applicants for
employment and prohibits discrimination and harassment of any type
without regard to race, color, religion, age, sex, national origin,
disability status, genetics, protected veteran status, sexual
orientation, gender identity or expression, or any other
characteristic protected by federal, state or local laws.
- This policy applies to all terms and conditions of employment,
including recruiting, hiring, placement, promotion, termination,
layoff, recall, transfer, leaves of absence, compensation, and
training.
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (401k, IRA)
- Life Insurance (Basic, Voluntary & AD&D)
- Paid Time Off (Vacation, Sick & Public Holidays)
- Family Leave (Maternity, Paternity)
- Short Term & Long Term Disability
- Training & Development
- Work From Home
- Free Food & Snacks
- Stock Option Plan
Keywords: ConsumerAffairs, Austin , Information Security Engineer, Engineering , Austin, Texas
Didn't find what you're looking for? Search again!
Loading more jobs...