Information Security Engineer

San Francisco, CA

Applications have closed
ThousandEyes, Inc. logo
ThousandEyes, Inc.

Posted 1 month ago

About ThousandEyes

The name ThousandEyes was born from two big ideas: the power to see things not ordinarily possible and the ability to collect insights from a multitude of vantage points. As organizations rely more on cloud services and the Internet, the network has become a black box outside of their control. ThousandEyes gives organizations visibility and insight into the now borderless network. It arms them with an accurate understanding of how the network impacts their applications, users and customers. ThousandEyes is used by some of the world's largest and fastest growing brands, including 4 of the top 5 SaaS companies, 4 of the top 4 US banks and 3 of the Fortune 5. ThousandEyes is backed by Sequoia Capital, Google Ventures, Tenaya Capital and Sutter Hill Ventures, with headquarters in San Francisco, CA.

About the Role: 

Information Security Engineer (Applications Security) is responsible for risk assessment based on application, data, and technology architectures; for solution design and information security policy development and maintenance; for awareness activities and monitoring compliance with company security policy and applicable law; for coordinating investigation and reporting of security incidents. The Information Security Engineer will also monitor, assess, and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets. This position combines project-based work and operational assignments. This will require practical use and understanding of security protocols and standards, and solid knowledge of information security principles and practices.

Responsibilities:

  • Assess information security risks of new projects and non-standard IT requests using risk assessment methodologies based on provided architecture. This will require practical use and understanding of advanced security protocols and standards, and knowledge of information security principles and practices
  • Assist with enterprise-wide risk assessment processes and specifically with applications security assessments
  • Create test plans and detailed test cases for web tests to be performed
  • Coordinate cross-functional team meetings to remediate previously identified security risks and close out pending action plans
  • Proactively assesses potential items of risk and opportunities of vulnerability in the network
  • Interact with internal and external customers on security-related projects and operational tasks
  • Participate in 24x7 Information Security Response team

Requirements:

  • 3 to 5 years of experience in the Information Security or related domain[s]
  • BS or MS degree in Computer Science (or equivalent)
  • Experience in security analysis on software development lifecycle
  • Experience in Web applications security and OWASP
  • Practical use and implementation of information security principles and practices

Example of specific technology and compliance knowledge:

  • Burp Suite, Java, C++, Linux, LAN and WAN, Firewalls, Access controls, Authentication, Authorization, Encryption, IPS, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, Proxy services.
  • ISO 27001/27002/27005, PCI DSS (and other industry specific), related NIST standards. 

 

Job tags: Architecture Burp Suite C DNS Encryption Google IPS ISO 27001 Java Linux NIST PCI Risk assessment SaaS Security assessments TCP/IP