Sr. Information Security Engineer - TechOps
Remote (US Based)
Leaf Group
We work in a fun, collaborative environment that is diverse, adventurous, and open-minded. We look for proactive, accountable people focused on continuous learning and growth to push themselves and our businesses forward. Check us out here.
As the Sr. Information Security Engineer, you will help us improve our information security, privacy, compliance, and risk management practices.
A big vision calls for a big job. As we grow, our need for a Sr. Information Security Engineer grows with us.
You’ll Report To: SVP, Technical Operations
A typical day as a Sr. Information Security Engineer might include:
- Architecting, installing, managing, and troubleshooting technical security controls such as Firewalls, Intrusion Detection Systems, Security Information Event Monitoring systems, vulnerability scanners, Malware solutions, Anti-Virus, Authentication systems, Virtual Private Networks, File Integrity Monitors, and/or other network security devices.
- Researching, evaluating, testing, recommending, communicating and implementing new security software or devices. Present written findings and recommendations as necessary.
- Maintaining on call duties / scheduling as required for Investigation and Incident Response and as directed by the Director of Information Security.
- Performing continual vulnerability, threat and risk assessments on all application environments using both automated analysis tools and manual procedures.
- Continuously researching new threat vectors, vulnerabilities, exploits, etc., determine how they apply to Leaf Group, design and document proposed risk treatment controls.
- Making all reasonable efforts to safeguard the network against unauthorized infiltration, modification, destruction, or disclosure.
- Analyzing risk of existing network and system architectures and their security policies, document risks and propose risk treatment plans.
- Evaluate operating practices and component level diagrams to determine if controls and security measures are adequate.
- Participate in enhancing the Information Security Program by developing new and / or proposing updates to technical control standards supporting the various Demand Media platforms and environments.
- Assisting software engineers with implementing best secure code development practices, vulnerability testing in development and testing as well as in production.
- Providing technical security support to the Network Engineering, Systems Engineering, Network Operations Center and Corporate IT teams.
- Independently leading projects, coordinating efforts with all team members, ensuring proper communication to management as well as the overall success of the project through to completion.
- Fostering and maintaining amicable relationships with security vendors and partnerships.
What You Have:
- Minimum of 3 years of related work experience implementing network infrastructure and at least 6 years focused on operational security
- Expert-level knowledge and experience managing network and security devices such as; firewalls, IDS / IPS, SIEM's, AV, Malware devices, VPN's, vulnerability scanning tools, etc.
- Extensive investigation and incident response experience analyzing networking technology including TCP/IP, Routers, Switching, VLANs, LANs, WANs and Wireless systems, Windows and Linux servers.
- Familiarity with network architectures and technologies, Windows Active Directory, Windows-Linux server, desktop operating systems, database and application architecture, etc.
- Expertise in either Windows or Linux helpful
- Must have IT Security auditing experience throughout work history conducting device configuration and security policy reviews, penetration testing, vulnerability assessments including web application vulnerabilities, network architecture assessments, system security assessments, general security posture and risk assessments, etc.
- Must have experience with SOX and PCI compliance control frameworks
- ISO 27001, COBIT, Safe Harbor, Privacy and Breach and Disclosure law favorable
- Project management skills including requirements analysis, project scoping, problem solving, status reporting, technical analysis, and meeting tight deadlines.
- A desire to participate in creating the workplace you want to be a part of.
- We're casual and informal but we work hard and work responsibly. Personal accountability goes a long way. We believe we are the change.
Desired Qualifications:
- CISSP, CISA, or other industry certifications
- Professional memberships with ISACA, ISSA, IRCA
About us:Leaf Group is among the 2022 & 2019 Built In LA Best Places To Work Among Comparably's 2021 Best Companies for Company Culture, Company Perks & Benefits, Company Compensation, Best CEO for Diversity, and Best CEO for WomeneHow is the 2019 & 2020 People's Choice and official Webby Winner for Social Video/How To-DIY OnlyInYourState is ranked the #3 Travel and Information Site (ComScore)Well+Good is the 2019 People's Choice winner of the Webby’s Award for Best Lifestyle BrandLeaf Group is among TalentDesk’s 2019 Best Companies To Work ForWell+Good is the 2018 winner of Fast Company’s Most Innovative Company AwardMyPlate is the 2018 winner of the Webby Award for Best DesignWinner of the 2017 Best Company for Diversity award ComparablyWe are a wholly owned subsidiary of Graham Holdings Company (NYSE: GHC), a storied diversified holding company
For full-time permanent roles:Competitive compensation and benefits packages (i.e., Medical, Dental, Vision, FSA, 401K)Gender neutral family leavePaid-to-play vacation rewardsDiscretionary unlimited vacation timeEmployee discounts for Saatchi Art, Society6, and Deny Designs
Process:Step 1: A video/phone call with a member from our Hiring Team. In this call, we will cover the basics of the role and our company, and discuss a high level overview of your past experiences, goals, and interest in this role.Step 2: A call with your potential manager or someone from the hiring team to dive deeper into your experiences and goals.Step 3: If applicable, short assessment to help us see your skill sets as they relate to the role we have. We will review this in Step 1.Step 4: Depending on the role, interviews with key stakeholders from the role (could be 1 or up to 3) who will dive further into the role with you and answer any questions you may have.
Leaf Group is a diverse, equitable, and inclusive workplace that reflects our customers and the world we live in. We encourage people from all backgrounds, ages, abilities, and experiences to apply for our roles. Leaf Group is an equal opportunity employer. We do not discriminate based on race, color, ancestry, religion, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender, gender identity or expression, pregnancy or caregiver status, veteran status, or any other legally protected status.
Agency Disclosure: If the Leaf Group Talent Acquisition department, or any current company employee, receives an unsolicited resume from a third party recruiting agency and Leaf Group does not have a signed Agency Agreement active, Leaf Group will not be deemed liable to pay a placement fee. The unsolicited resume will be considered a gift and can be considered for our recruitment efforts.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Active Directory Audits CISA CISSP COBIT Compliance Exploits Firewalls IDS Incident response Intrusion detection IPS ISACA ISO 27001 Linux Malware Monitoring Network security Pentesting Privacy Risk assessment Risk management Security assessment SIEM TCP/IP VPN Vulnerabilities Windows
Perks/benefits: Career development Competitive pay Fitness / gym Flex vacation Health care Startup environment Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs