Information Security Engineer
Canada - Eastern - Remote
Sonatype
Accelerate innovation by building security directly into your software development lifecycle. Trusted by +2000 organizations and +15 million developers.Already used by 15 million developers, we have lofty goals for our technology to be in the hands of every engineering team. And, we need you to do that. Join us!
Learn more at www.sonatype.com.
The Information Security Engineer will secure the technical and operational aspects of Information Security for the organization, products and services. The role requires a strong understanding of Cloud security, and experience with industry standard secure software development practices, to contribute to the safe operation of cloud native solutions. This includes monitoring and vulnerability management practices, incident response, reporting, and guide security improvements.
Primary job duties:
- Vulnerability Management: Perform vulnerability scans and internal penetration testing, review output, provide initial analysis and remediation
- Incident Management: Perform information security incident response and issue resolution as needed
- Security Tooling: Implement, configure and upgrade security tools and systems.
- Security Event Management: Security event handling IE: InfoSec tickets, investigate log alerts and other security events via monitoring tools, event to incident conversion
- Risk Management: Perform technical risk assessments for software/products/services used anywhere inside Sonatype (OEMs, tools, algorithms, libraries etc.)
We are looking for:
- 3-5 years' experience in cloud, networking or security operations roles
- 1+ year experience in incident response and vulnerability management
- 1+ year experience in project management or security architecture
- SANS Certifications: GSEC, GCIH, GCLD, GCID, GMON
- CISSP
- Resides in EST (Eastern Standard Timezone)
It would be great if you have experience with any of the following:
- Web application security and OWASP top 10
- Security architecture
- Disaster recovery and business continuity planning and execution
- Threat modeling
- Penetration testing
- Vulnerability scanning
Things that we are proud of:
- Fast Company Top 50 Companies for Innovators 2018, 2019, and 2020
- 2019 Best Places to Work Washington Post and Washingtonian
- 2019 Wealthfront Top Career Launch Company
- EY Entrepreneur of the Year 2019
- Diversity & Inclusion Working Groups
- Parental Leave Policy
- Paid Volunteer Time Off (VTO)
At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity, and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.
#LI-Remote
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security CISSP Cloud GCIH GSEC Incident response Java Malware Monitoring Open Source OWASP Pentesting Risk assessment Risk management SANS Vulnerability management Vulnerability scans
Perks/benefits: Career development Flex hours Flex vacation Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs