Cloud Security Engineer

Job Title: Cloud Security Engineer

Reports To: Director, Information Security

BMTX Overview

BM Technologies, Inc. (NYSE American: BMTX) - formerly known as BankMobile - is among the largest Banking-as-a-Service (BaaS) providers in the country, providing access to checking and savings accounts, personal loans, credit cards, and financial wellness. It is focused on technology, innovation, easy-to-use products, and education with the mission to financially empower millions of Americans by providing a more affordable, transparent, and consumer-friendly banking experience. BM Technologies, Inc. is a technology company and is not a bank, which means it provides banking services through its partner bank. More information can be found at www.bmtx.com.

Our Mission

We are on a mission to financially empower millions of Americans by providing a more affordable, transparent, and consumer-friendly banking experience. And we are passionate about having fun while making an impact!

What We Are Looking For:

BM Technologies is seeking a Cloud Security Engineer responsible for designing, creating, and maintaining the security systems within the BM Technologies network, including the computer systems and data. This role will be responsible for working with engineering, DevOps, project teams, third parties, and senior leadership to protect sensitive information. This role will provide oversight of security tools and controls to enhance the organization's security posture.  The Cloud Security Engineer will be a thought leader, an advocate of change, and a security subject matter expert.  The right candidate must be able to lead security incident resolution and oversee project management initiatives to support maturing security systems and their design. The right candidate will be looked to for expert guidance in this role.

 
This Role Will

• Oversee, manage, and help mature information security programs, including vulnerability management, SIEM, security incident response, and threat mitigation.
• Lead or participate in security incident response activities for moderately complex events. Conduct technical investigations of security-related incidents and post-incident digital forensics to identify causes and recommend future mitigation strategies.
• Review and correlate security logs, reporting, and subsequent incident management events.
• Provide security consulting on projects for internal clients to ensure conformity with corporate information, security policy, and standards.
• Utilize subject matter knowledge in industry-leading security solutions and best practices to implement, manage, and mature components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity.
• Identify security vulnerabilities and issues, perform risk assessments, and help drive/oversee remediation efforts.
• Collaborate and consult with peers, colleagues, and managers to resolve issues and achieve goals.
• Provide updates to leadership on the current risk posture. 
• Manage security policy enforcement and security monitoring operations. 
• Stay current on information security trends. Analyze threats and current security controls to identify gaps.  Propose mitigation strategies to reduce risk to acceptable levels.
• Represent Information Security on projects.

Required Qualifications:

• 3+ years of Information Security experience in the financial services and or financial technology sector, including demonstrated expertise deploying, operating, and maintaining Information Security programs and controls.
• 3+ years of Azure Cloud Security administration experience.
• 2+ years of SIEM experience, including Azure Sentinel and Defense Storm.
• 2+ years of successful project management experience.

Desired Qualifications:

• Understanding security controls and technologies such as host hardening, intrusion detection and prevention, identity and access management, firewalls, web application firewalls (WAF), vulnerability and patch management, and security information and event management (SIEM) systems.
• Experience with security incident identification, management, and investigations.
• Application security awareness of top security considerations (OWASP) for mobile and web application development in the Software Development Lifecycle
• Demonstrated understanding of Microsoft security technologies and strategy.
• Understanding Zero Trust and how it can be leveraged to mitigate risk and ensure compliance.
• Knowledge of security standards and guidelines, including NIST, CIS, and FFIEC.
• Ability to conduct risk assessments, audits, and reviews.
• Demonstrated ability to work well on collaborative, cross-functional teams. Solid interpersonal skills with the ability to work effectively with people of all levels of information technology expertise with a wide range of constituencies and organizational relationships.
• Excellent analytical and data-gathering skills.
• Understanding of Agile Project Management techniques & methodologies.
• Excellent communication skills; interpersonal, organizational and analytical skills; written and verbal communications; experience with management presentations.
• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related discipline or equivalent work experience.
• CISSP, GIAC, Azure Security Engineer, or similar industry certifications are highly preferred.

BMTX will provide consideration for employment to qualified applicants without regard to their race, color, religion, national origin, sex/ gender, sexual orientation, gender identity, protected veteran status or disability.