Information Security Engineer
San Francisco, CA
Posted 1 month ago
The name ThousandEyes was born from two big ideas: the power to see things not ordinarily possible and the ability to collect insights from a multitude of vantage points. As organizations rely more on cloud services and the Internet, the network has become a black box outside of their control. ThousandEyes gives organizations visibility and insight into the now borderless network. It arms them with an accurate understanding of how the network impacts their applications, users and customers. ThousandEyes is used by some of the world's largest and fastest growing brands, including 4 of the top 5 SaaS companies, 4 of the top 4 US banks and 3 of the Fortune 5. ThousandEyes is backed by Sequoia Capital, Google Ventures, Tenaya Capital and Sutter Hill Ventures, with headquarters in San Francisco, CA.
About the Role:
Information Security Engineer (Applications Security) is responsible for risk assessment based on application, data, and technology architectures; for solution design and information security policy development and maintenance; for awareness activities and monitoring compliance with company security policy and applicable law; for coordinating investigation and reporting of security incidents. The Information Security Engineer will also monitor, assess, and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets. This position combines project-based work and operational assignments. This will require practical use and understanding of security protocols and standards, and solid knowledge of information security principles and practices.
- Assess information security risks of new projects and non-standard IT requests using risk assessment methodologies based on provided architecture. This will require practical use and understanding of advanced security protocols and standards, and knowledge of information security principles and practices
- Assist with enterprise-wide risk assessment processes and specifically with applications security assessments
- Create test plans and detailed test cases for web tests to be performed
- Coordinate cross-functional team meetings to remediate previously identified security risks and close out pending action plans
- Proactively assesses potential items of risk and opportunities of vulnerability in the network
- Interact with internal and external customers on security-related projects and operational tasks
- Participate in 24x7 Information Security Response team
- 3 to 5 years of experience in the Information Security or related domain[s]
- BS or MS degree in Computer Science (or equivalent)
- Experience in security analysis on software development lifecycle
- Experience in Web applications security and OWASP
- Practical use and implementation of information security principles and practices
Example of specific technology and compliance knowledge:
- Burp Suite, Java, C++, Linux, LAN and WAN, Firewalls, Access controls, Authentication, Authorization, Encryption, IPS, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, Proxy services.
- ISO 27001/27002/27005, PCI DSS (and other industry specific), related NIST standards.