Principal Information Security Engineer

Senior Information Security Engineer 

The Vonage Information Security organization drives Security, Privacy, Trust, and Compliance by design and is seeking a Senior Security Engineer expert who would report directly to the Chief Information Security Officer of Vonage. In this role the expert individual will have deep and broad technical experience in a) designing a defense-in-depth security architecture, b) helping assess and implement appropriate security, privacy, and compliance constructs and controls, and c) helping develop strong security monitoring, alerting, and response mechanisms. As a senior security engineer, the candidate is expected to understand modern cyber threats and to champion world-class security best practices to effectively counter these threats. 

What you will do

• Lead system and application architecture security reviews and identify and help implement robust security architectural constructs
• Partner with senior engineering/IT/security leaders to develop and strategically implement and maintain a world class security posture across a variety of communication products and services
• Champion the  continuous  improvement of security monitoring, detection, and prevention capabilities.  This includes vendor technology evaluations, and the subsequent operational deployment of selected security  tools.  Key areas include network security, container security,  host-based intrusion detection systems, cloud security tools,  web application firewalls, database security monitoring systems and data classification tools, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs, to name a few. 

What is Required:

• A BS/MS in Computer Science, Computer Engineering, Information Security,, Mathematics or other related degrees
• A passion for Information Security
• Demonstrated track record of significant security contributions 
• Ability to function independently and partner strategically and effectively with cross-functional leaders across a modern software/technology company
• Demonstrated record of continuous learning – new technologies and best practices
• Knowledge of cloud computing systems - AWS knowledge is a must, Google Cloud highly desired
• Experience implementing an IaC based security strategy
• Knowledge of Secure SDLC (SSDLC) processes and tools in support of a shift-left software security philosophy
• Experience in working with Application and API software development teams in defining specific product security requirements and operating within a robust security architecture blueprint.
• Understanding of kubernetes / container ecosystems
• Demonstrated understanding of general Unix/Linux systems administration (Or similar, e.g. Ubuntu, Solaris, etc.)
• Knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec etc.)
• Foundational cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, etc.)
• Knowledge of Security incident response processes 
• Knowledge and understanding of MITRE ATT&CK vectors and tools as well as the best practices for securing systems and networks
• Must be fluent in English and have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff
• Candidates must be self motivated, have strong collaborative skills, and willing to work with and learn enterprise technologies and be comfortable working in a matrixed organization

 Nice to have

• Information Security and Cloud Certifications (CISSP, CISM, CompTIA, etc)
• AWS Cloud Certifications (AWS Architect, AWS Security Engineer, etc)
• Experience in Threat Hunting Processes and Tools
• Prior hands on software development experience 

What is in it for you:

• In addition to providing exciting work, career advancement opportunities, and a collaborative work environment, Vonage provides competitive pay and benefits including unlimited discretionary time off and tuition reimbursement.

Note:

The purpose of this profile is to provide a general summary of essential responsibilities for the position and is not meant as an exhaustive list. Assignments may differ for individuals within the same role based on business conditions, departmental need or geographic location.

#LI-JS3

#LI-REMOTE