Lead InfoSec Engineer

Job Description: As Lead InfoSec Engineer you will be responsible for providing technical security leadership to global clientele for Scout Enterprise product adoption via Cloud on Azure and AWS.

In this role you will be a security subject matter expert and technical leader to product teams, suppliers, partners and business leaders and work on aligning product security with continually evolving business and market needs and expectations. Prior experience in researching, designing, developing, and implementing software, and expertise in product security best practices, standards, requirements, architectures, tools etc. is mandatory. A background in assessing products and related processes and architectures for compliance with security best practices, standards, and requirements, developing corrective action plans where necessary, and working with stakeholders to successfully implement those plans is desired.

Responsibilities may include, but are not limited to:

• Review, evaluate and respond to incoming technical support requests from Soroco employees around the world.
• Respond to support requests ranging from simple problem resolution to complete deployments of cloud environments.
• Respond to all incoming requests in a timely and professional manner.
• Efficiently resolve technical issues and requests - whether providing complete resolution alone or by coordinating a multi-discipline team response.
• Manage service requests from initiation through fulfilment, balancing the requesters' requirements with corporate policies and procedures.
• Manage small-scale projects to ensure timelines are met for design, approval and deployment of high quality and secure cloud environments - including configuration, security reviews and user acceptance testing.
• Monitor performance, availability and security of cloud environments deployed by the team.
• Develop and maintain technical documentation and service request records, FAQs, etc.
• Continuously grow technical and interpersonal skills to better serve the organization and support your own career growth.
• Proactively engage with internal service requests to ensure services provided by CIS team continue to meet organizational needs.
• Research and develop standard documented ways to respond to vulnerabilities reported issues.
• Monitor security information for key cloud areas and notify the appropriate team if action is needed.
• Proactively audit all department cloud deployments on a rolling schedule to watch for security actions that need to be taken - which includes Nessus/Qualys vulnerability scans of VMs.
• Perform other departmental technology related duties as requested.
• Excellent oral, written, presentation collaboration and interpersonal communication skills.
• Ability to travel to the client location, as required.

Education Qualification: Engineering graduate with work experience of 10+years with deep technical experience in application, infrastructure, network, and system security engineering

Qualifications and Expertise:

• Adept at navigating and comprehending complex enterprise network, technology, and information & data security architecture.
• Should have deep understanding of cloud infrastructure, cloud security practices, Cloud security maturity model awareness, Cloud authentication and authorization workflows, implementation of security projects, and security engineering best practices as well as industry standards such as ISO and NIST.
• Develop and advocate security design patterns, reference architectures and security strategies.
• Understanding of Security foundations such as hardening, least privilege, attack surface reduction, protection rings, cryptography use, static analysis, dynamic analysis, fuzzing, CVSS, CWE, OWASP/SANS/CIS Top X, etc. and Penetration testing, Vulnerability assessment and management.
• Conduct Product Security Risk Assessments, participate in technical design reviews, analyze product/solution architectures for security deficiencies and formulate corrective actions.
• Experience in Rest API, Kubernetes and Docker container security practices and assessments.
• Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers.
• Experience with Key vault, Encryption algorithms, Auth2, Single sign on.
• Data security for cloud databases.
• Provide Technical Demonstrations to clients highlighting the Data Security principles of Soroco products.
• SOC and HIPAA / HITRUST certification and compliance requirement awareness.
• Security certifications: One or more of CISSP, CSSLP, CSSP, or Azure/AWS Security is a plus.
• Experienced in highly regulated environments subject to HIPAA, GDPR etc. is a plus.