Information Security Engineer (1503)

About SugarCRM
From the very beginning, SugarCRM had a unique vision: to offer a different kind of Customer Relationship Management (CRM). We pioneered the first commercial open-source CRM platform, and now, more than two decades later, are on a mission to provide products and services that make the hard things easier for sales, marketing and customer service teams. In fact, we help mid-market businesses around the globe reach new levels of performance and predictability by letting our award-winning CRM platform do the work.  Our diverse group of worldwide employees are united and driven by a shared passion for our mission, culture, and values. We treat our employees like humans not line items and are building a culture where your work at Sugar helps fuel personal, professional and business growth – check out our recent ‘Great Place to Work’ certification that we are so proud of. Work/life fit and flexibility for our team matters and together we pride ourselves on solving for our customers, always. What’s more, we empower everyone to do their best work from home, the office, on the road, or anywhere in between.   If you're ready to grow your career and help organizations grow better and faster, you've come to the right place. Find out more about our SugarCRM careers and how you can become a part of our journey. 
The Information Security Engineer (engineer) is tasked with creating and certifying defense in depth for SugarCRM. The engineer will employ highly technical security skills to build and manage infrastructure security tools, respond to escalations, perform technical risk assessments, and ensure vulnerability remediation takes place. They will also act as a security subject matter expert (SME), providing advice for both corporate and product technical teams. The engineer will play a key part in defining technical strategy and aligning SugarCRM’s security program with industry standards, helping ensure our customers data is kept secure. The security engineer will have, but is not limited to, the following roles and responsibilities:

Impact you will make in the role:

• Serve as a key technical resource for corporate and product security.
• Select and deploy technologies to help protect SugarCRM customer data.
• Review, build and tune SIEM rules.
• Act as a liaison with 3rd party security vendors.
• Review security escalations both internally, and from SugarCRM’s MSSPs.
• Work on a range of cloud-based security technologies.
• Create and lead an action plan to reduce risk.
• Review and oversee remediation of vulnerability and penetration tests.
• Educate staff on information security best practices.
• Own encryption processes, key management and review.
• Deploy controls to help maintain security compliance, such as SOC2, NIST and ISO27001.
• Act as a technical point of contact for the compliance team.
• Provide expertise in privacy and data protection aspects.
• Research and collate threat intelligence and new attack trends.

What you will need to succeed:

• BS degree in computing, information security, or a related field. MS is preferred.
• 2+ years of information security experience is also acceptable in lieu of a degree.
• Industry certifications preferred – for example CISSP, CISA, CEH, OSCP, Security+
• Strong experience with Microsoft Windows, MacOS and Linux operating systems.
• Strong experience with AWS security & configuration best practices and tools.
• Strong experience in network security including next gen firewalls, IDS/IPS, VPN and WAF.
• Strong experience using vulnerability management tools, for example Tenable, Qualys, Veracode.
• Experience deploying security controls in a SOC2 environment.
• Experience working with SIEM tools, for example LogRhythm, QRadar, Splunk.
• Experience with script-based automation, including Kubernetes, Ansible, Python.
• Experience with incident response, forensics and evidence preservation.
• Experience working in a global, multi-time zone business.
• Strong communications skills – an ability to communicate technical security requirements to business units, set strategy, and implement security initiatives.

We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of dedication, impact, and the ability to thrive in a fluid and collaborative environment. We want you to learn new things in this role, and we encourage you to apply if your experience is close to what we’re looking for. We also know that diversity of background and thought makes for better problem solving and more creative thinking, which is why we're dedicated to adding new perspectives to the team.