Security Engineer II

About the Position:As a senior security engineer, you will support the security engineering function at Everbridge to ensure appropriate and effective security controls protecting Everbridge information assets, including Everbridge SaaS products. This role is responsible for close alignment with Everbridge engineering, architecture, and DevOps teams to support a secure build process and help with the continual evolution of analysis and prioritization of identified security vulnerabilities related to coding, platform, and systems.
Responsibilities will also include ongoing research, developing and supporting the integration of security systems.  The role operates in collaboration with other Information Services team members to mentor, evangelize, improve, and maintain the overall security posture of Everbridge companies, products, and information assets. The senior security engineer role maintains a critical function of ensuring the operational effectiveness of systems and processes globally.  

What you'll do:

• Assess, implement, automate, and document security processes and controls within Everbridge’s cloud platforms, including Amazon Web Service (AWS), Google Cloud Platform (GCP) and Microsoft Azure
• Collaborate with product development teams to ensure that security controls are appropriately implemented and operating effectively
• Work with product engineering and release teams to develop procedures to automate security tasks during code builds, testing, and deployments
• Collaborate with the corporate IT team to ensure that enterprise security controls are appropriately implemented and operating effectively
• Implement  controls required to meet security, compliance, and audit requirements
• Create and share unique ways to solve challenges with others
• Provide tooling and automation to support the mission of the Everbridge Security team.
• Respond to and, when appropriate, resolve or escalate security incidents
• Identify and report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes
• Implement security tools
• Perform security testing and assessment
• Proactively stay current with developments in relevant technologies
• Assist and train team members in the use of cloud security tools and the resolution of security issues
• Keep on top of security events and technologies. 

What you'll bring:

• Minimum 5 years of information security experience with with top-tier cloud computing companies.  AWS experience required
• Minimum 5 years of experience with security products, web and mobile application security, infrastructure security, cryptography, identity management and broader security technologies.
• Security certifications such as: Certified Information Systems Auditor (CISA), SANS GIAC, CompTIA Security+, CompTIA CASP, Certified Ethical Hacker (CEH)
• Experience with a common vulnerability management solution such as Qualys, container scanners, etc
• Experience with DevSecOps tools and processes
• Experience with the development, deployment, and automation of security solutions in AWS required.  Experience with GCP and Azure is desired.
• Solid understanding of Amazon Web Services (AWS) including Control Tower, Security Hub, Detective, IAM, KMS, CloudTrail, GuardDuty, VPC, ELB, EC2, Config, CloudFormation, Lambda, AWS CLI and others
• Experience performing penetration tests and reviewing code and/or architectures
• Experience with a broad range of security technologies, including SAST, DLP, IDS/IPS, IAM, Certificate Management, etc...
• Knowledge of network-based, system-level, and application-layer attacks and mitigation methods
• Some level of proficiency with commonly used coding/scripting languages such as bash, python, go, etc...
• Working knowledge of Nmap, Nessus, Kali Linux, Wireshark, Metasploit Framework, and other security-related tools

Bonus if:

• Certified Information Systems Security Professional (CISSP)
• Knowledge of technical security control environments and compliance frameworks, including CSA CCM, ISO 27017, FedRAMP
• AWS cloud practitioner certification
• Experience working with Forensic tools.
• Experience working with container technologies
• Experience with configuration management systems such as salt and terraform
• Interesting projects in your GitHub repository
• Enjoying puzzles

#LI-PT1
Bridger Culture: 
At Everbridge, we have a mission that matters – to keep people safe and businesses running during critical events. Our “Bridgers” join Everbridge to make a positive impact on the world through their work. The core of our company culture is built around making a difference. Our people are dedicated to solving problems during difficult times and challenging situations as our software was built to save lives. We are a rapidly growing organization transforming the field of critical event management and need passionate, committed and determined individuals to help us carry out our mission. Our environment is dynamic, and our culture is constantly evolving and expanding in order to provide the best employee experience. Click here to learn more about what we do. Passionate about our mission? Want to #BeTheBridge? Apply to be a part of our team today! Everbridge is an Equal Opportunity/Affirmative Action Employer. All qualified Applicants will receive consideration for employment without regard to race, creed, color, religion, or sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.