Information Security Engineer (1503)
Turkey - Home Based
From the very beginning, SugarCRM had a unique vision: to offer a different kind of Customer Relationship Management (CRM). We pioneered the first commercial open-source CRM platform, and now, more than two decades later, are on a mission to provide products and services that make the hard things easier for sales, marketing and customer service teams. In fact, we help mid-market businesses around the globe reach new levels of performance and predictability by letting our award-winning CRM platform do the work. Our diverse group of worldwide employees are united and driven by a shared passion for our mission, culture, and values. We treat our employees like humans not line items and are building a culture where your work at Sugar helps fuel personal, professional and business growth – check out our recent ‘Great Place to Work’ certification that we are so proud of. Work/life fit and flexibility for our team matters and together we pride ourselves on solving for our customers, always. What’s more, we empower everyone to do their best work from home, the office, on the road, or anywhere in between. If you're ready to grow your career and help organizations grow better and faster, you've come to the right place. Find out more about our SugarCRM careers and how you can become a part of our journey.
The Information Security Engineer (engineer) is tasked with creating and certifying defense in depth for SugarCRM. The engineer will employ highly technical security skills to build and manage infrastructure security tools, respond to escalations, perform technical risk assessments, and ensure vulnerability remediation takes place. They will also act as a security subject matter expert (SME), providing advice for both corporate and product technical teams. The engineer will play a key part in defining technical strategy and aligning SugarCRM’s security program with industry standards, helping ensure our customers data is kept secure. The security engineer will have, but is not limited to, the following roles and responsibilities:
Impact you will make in the role:
- Serve as a key technical resource for corporate and product security.
- Select and deploy technologies to help protect SugarCRM customer data.
- Review, build and tune SIEM rules.
- Act as a liaison with 3rd party security vendors.
- Review security escalations both internally, and from SugarCRM’s MSSPs.
- Work on a range of cloud-based security technologies.
- Create and lead an action plan to reduce risk.
- Review and oversee remediation of vulnerability and penetration tests.
- Educate staff on information security best practices.
- Own encryption processes, key management and review.
- Deploy controls to help maintain security compliance, such as SOC2, NIST and ISO27001.
- Act as a technical point of contact for the compliance team.
- Provide expertise in privacy and data protection aspects.
- Research and collate threat intelligence and new attack trends.
What you will need to succeed:
- BS degree in computing, information security, or a related field. MS is preferred.
- 2+ years of information security experience is also acceptable in lieu of a degree.
- Industry certifications preferred – for example CISSP, CISA, CEH, OSCP, Security+
- Strong experience with Microsoft Windows, MacOS and Linux operating systems.
- Strong experience with AWS security & configuration best practices and tools.
- Strong experience in network security including next gen firewalls, IDS/IPS, VPN and WAF.
- Strong experience using vulnerability management tools, for example Tenable, Qualys, Veracode.
- Experience deploying security controls in a SOC2 environment.
- Experience working with SIEM tools, for example LogRhythm, QRadar, Splunk.
- Experience with script-based automation, including Kubernetes, Ansible, Python.
- Experience with incident response, forensics and evidence preservation.
- Experience working in a global, multi-time zone business.
- Strong communications skills – an ability to communicate technical security requirements to business units, set strategy, and implement security initiatives.
* Salary range is an estimate based on our salary survey 💰
Tags: Ansible Automation AWS CEH CISA CISSP Cloud Compliance Encryption Firewalls Forensics IDS Incident response IPS ISO 27001 Kubernetes Linux LogRhythm MacOS Network security NIST OSCP Privacy Product security Python QRadar Qualys Risk assessment SIEM SOC 2 Splunk Strategy Threat intelligence Veracode VPN Vulnerability management Windows
Perks/benefits: Career development Home office stipend
More jobs like this
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Head of Information Security jobs
- Open Cyber Hunt SME jobs
- Open Security Consultant jobs
- Open Lead Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Security Operations Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Penetration Tester jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Director of Information Security jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open DevSecOps-related jobs
- Open SaaS-related jobs
- Open Vulnerability management-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open CISM-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open Malware-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs