Information Security Engineer

ConsumerAffairs helps consumers make smart buying decisions in moments of need. Every month millions of consumers turn to our site and tools for help with their considered (often emotional) purchases.

We educate them about their options, learn about their specific needs, and connect hundreds of thousands of them directly to brands. These brands use our SaaS tools to manage their reviews and communicate directly with consumers to serve them better. Our business thrives when the consumers who trust us get matched with the right brands for them.

We’re fast-paced and our core values are the bedrock of who we are and who we want to be.

Our employees believe in raising the bar through data-driven innovation, intellectual curiosity, and grit. We have a team-first mentality, and manifest wins by putting the team first. Collaboration and teamwork are in our hearts; we believe winning together is the most fun. But, above all else, we care. We have servant hearts for our consumers, customers, and colleagues. If you want to be part of a globally diverse team focussing on helping people, in an environment where we raise the bar, win as a team, and care above all else—then ConsumerAffairs may be just the place for you!

ABOUT THE JOB:

We are looking for an experienced Information Security Engineer to monitor and manage security on our hardware, software, and networks. This position will be responsible for preventing unauthorized access to our data by searching for vulnerabilities and risks. In this role, the Information Security Engineer should be knowledgeable about security frameworks and possess both deep and wide expertise in the security space. If you’re a problem-solver and quick decision-maker, we’d like to meet you. Your goal will be to ensure that our technology infrastructure is well protected and implement appropriate security measures when needed. Qualified candidates will have a background in Security or Systems Engineering.

RESPONSIBILITIES & EXPECATIONS:

These responsibilities are not to be construed as a complete statement of all duties performed. Employees will be required to perform other job-related duties as required

Responsibilities:

• Monitor and respond to security incidents and threats
• Monitor network activity to identify issues early and communicate them to IT teams
• Conduct regular security assessments, scans, and audits to identify vulnerabilities and threats
• Manage and maintain security systems and tools such as intrusion detection and prevention systems, endpoint protection solutions, and vulnerability scanning tools
• Develop and maintain incident response plans and procedures
• Prepare and document standard operating procedures and protocols
• Engineer, implement, and monitor security measures for the protection of systems, networks, and information
• Configure and troubleshoot security infrastructure devices
• Develop technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Analyze IT specifications to assess security risks
• Manage and maintain security awareness training program on information security standards, policies, and best practices for employees
• Collaborate with internal teams to identify and remediate security vulnerabilities
• Provide technical guidance and support to other teams on security-related issues
• Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement
• Develop and carry out information security plans and policies
• Stay up to date with the latest cybersecurity threats and technologies

Requirements

Minimum Qualifications & Credentials

• BSc/BA in Computer Science, Information Technology, or a related field
• Professional certification (e.g. CompTIA Security+, CISSP) is a plus
• At least 4-5 years of experience in Information Security or a related field

Experience

• Experience with vulnerability scanning solutions
• Experience with an enterprise SIEM platform
• Experience in building and maintaining security systems
• Experience with network security and networking technologies
• Experience with system, security, and network monitoring tools
• Proven work experience as a System Security Engineer or Information Security Engineer
• Experience with AWS and cloud platform as a service (PaaS) security
• Experience with change management processes

Hard/Technical Skills

• Well-versed with various security tools such as Burp Suite, Nmap, Nessus, Qualys, etc.
• Understanding of OWASP testing methodology
• Familiarity with public key infrastructure (PKI) and cryptographic protocols (e.g. SSL/TLS)
• Familiarity with security frameworks (e.g. NIST Cybersecurity framework or ISO 27001) and risk management methodologies
• Detailed technical knowledge of database and operating system security
• Familiarity with web related technologies (web applications, web services, service oriented architectures) and of network/web-related protocols
• An analytical mind with excellent problem-solving ability
• Outstanding communication, collaboration, and organizational skills
• Decision-making skills and ability to work under pressure

Soft Skills

• Obsessed with ensuring an exceptional customer experience- for both internal and external customers.
• Stands up for decisions, takes responsibility for results, and shares both good and bad outcomes transparently.
• Demonstrates a relentless focus on results with a commitment to deliver.
• Takes decisive action, and confidently changes course if unsuccessful.
• Displays a growth mindset to continually improve; encourages everyone around them to be tenacious and never settle.
• Constantly seeks feedback to improve; Focuses on solving issues through teamwork, and collaboration
• Acts with urgency; delivers top results in hours and days instead of weeks and months.
• Relentless in their pursuit of success and possessing the willpower to embrace challenges as opportunities.

Specific Measures of Success – Expected Outcomes

Start Date to Start Date +1 Year

Conduct Security Assessments and Code Audits (within 6 months)

• Work with external pentesters to identify and remediate weaknesses in current systems and resolve findings with relevant stakeholders
• Run vulnerability scans on website and systems - analyze and remediate findings with the Engineering team

Conduct User Training (within 6 months)

• Conduct user awareness training on information security best practices to increase employee awareness and minimize the risk of security incidents
• Conduct security incident response tabletop exercises with departments

Security Assessment (within 1 year)

• Conduct and complete a comprehensive security assessment of the organization’s infrastructure, networks, and applications. Develop a risk register from this security assessment with plans for improving process and access to data. We want to take a proactive security stance and address identified risks.

CORE VALUES:

Raise The Bar

• We raise the bar through innovation, intellectual curiosity, and grit. We are not satisfied with yesterday and our hearts thirst to be better tomorrow.

Win As A Team

• We manifest wins by putting the team first. We have collaboration and teamwork in our hearts and believe winning together is the most fun.

Care Above All Else

• We care above all else. We have servant hearts for our consumers, customers, and colleagues.

Physical Requirements & Environmental Conditions

• Location: Remote/ Tulsa
• Frequency of travel: Occasional travel may be required for meetings, training and/or conferences.
• Light physical activities and efforts required in working within an office environment.

(Reasonable accommodations will be made in accordance with existing ADA requirements for otherwise qualified individuals with disabilities.)

ConsumerAffairs provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

• This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Benefits

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Training & Development
• Work From Home
• Free Food & Snacks
• Stock Option Plan