Sr Information Security Engineer

#Description#

Employ Inc. provides people-first recruiting solutions that empower companies to overcome their greatest hiring challenges. Serving SMBs to global enterprises, Employ focuses on the unique recruiting needs of each organization — from simple hiring to sophisticated talent acquisition.

Employ is the only organization to offer companies choice in their hiring solutions, providing a curated set of recruiting technologies and services. By prioritizing people ahead of products, Employ helps companies grow, scale, and thrive through personalized choice, collective intelligence, and lasting relationships. Together, Employ and its brands (JazzHR, Lever, Jobvite and NXTThing RPO) serve more than 21,000 customers across multiple industries. For more information, visit www.employinc.com. ​

About this Role:

What you’ll do

As a Senior Information Security Engineer, you will play a critical role in advancing the security strategy for a market leading HR Tech SaaS company. You will join a dynamic team of professionals focused on strengthening our security posture, responding to emerging threats, and proactively mitigating risks. Acting as the lead engineering resource for the InfoSec team, you will collaborate with stakeholders across the organization and around the world. This role involves a mix of proactive security projects and reactive incident response responsibilities.

Responsibilities include:

• Lead and mentor a team of security engineers.
• Lead regional incident response efforts through security event platforms, triage, potential resolution, and takes part in retrospective activities as needed.
• Lead efforts for vulnerability management program including categorization, tracking, documentation, and reporting on vulnerabilities from discovery through remediation.
• Aid in review of new security tools including developing requirements, recommending/assessing various tools, and then implementation through to a production ready status.
• Provides initiative-taking feedback to enable improvement of the current monitoring and tools, based on information and knowledge/experience.
• Create reports for Security Management Team.
• Performs front line response and escalation tasks and updates runbooks and procedures as needed.
• Compiles statistics and contributes to the improvement and creation of playbooks.
• Use public cyber security resources (e.g., sites/blogs/podcasts) to stay up to date with latest news, threats, and security analysis tools.
• Participate in on-call rotation

Qualifications

• Bachelor’s degree in information technology, Computer Science, or a combination of training and experience.
• 10 years of firsthand IT experience, +5 years of experience in Information Security Engineering focused on incident response, security architecture/design, monitoring, and threat detection, and DevSecOps.
• Experience leading a team of security engineers.
• Demonstrated experience leading end-to-end incident response in cloud environments, including detection, containment, eradication, and recovery.
• Demonstratable ability to design, implement and improve security controls using industry standard frameworks.
• Advanced scripting skills for automation, system management, and process efficiency; PowerShell or Python preferred.
• Expertise in identity and access management (IAM, SSO/MFA, SCIM), preferably with Okta, and a strong understanding of DNS and networking protocols
• Demonstrated experience working in SOC- or ISO-compliant environments, with an understanding of security standards and compliance practices.
• One or more industry-recognized certifications such as CISSP, AWS Security Specialty, or Azure Security Engineer are strongly preferred.
• Cloud security administration

Nice to have:

• Proficient in offensive, “Purple Team”, security tactics such as threat hunting and penetration testing, as well as implementing effective defensive solutions.
• Security Information and Event Management (SIEM) engineering and administration experience
• End-point Detection and Response (EDR) engineering and administration experience.
• Deep knowledge of DAST, SAST, SCA, and the secure software development lifecycle, with the ability to read and understand code (e.g., JavaScript, PHP, Java)
• Security Operations Center (SOC) Team experience
• Digital Loss Prevention (DLP) engineering and administration

What You’ll Bring:

• Technical Expertise:
  • Deep Understanding of Security Principles:
    • A comprehensive grasp of cybersecurity frameworks (NIST, ISO 27001), threat modeling, risk assessment, and vulnerability management.
  • Incident Response Mastery:
    • Proven ability to lead and execute incident response plans, including detection, containment, eradication, and recovery, especially in cloud environments.
  • Cloud Security Proficiency:
    • Extensive experience with cloud security platforms (AWS, Azure), including IAM, network security, and data protection.
  • Automation and Scripting Skills:
    • Advanced proficiency in scripting languages (Python, PowerShell) to automate security tasks and improve efficiency.
  • Security Tool Expertise:
    • In-depth knowledge of security tools, including SIEM, EDR, vulnerability scanners, and penetration testing tools.
  • DevSecOps Knowledge:
    • Understanding of secure software development lifecycles, and how to integrate security into the development process.
  • IAM and Network Knowledge:
    • Expertise in Identity and Access Management systems, and deep understanding of network protocols.

  Experience and Leadership:

  • Proven Leadership:
    • Experience leading and mentoring security teams, fostering a collaborative and high-performing environment.
  • Incident Management Experience:
    • A history of successfully managing and resolving complex security incidents.
  • Vulnerability Management Leadership:
    • Experience in creating and running effective vulnerability management programs.
  • Compliance Experience:
    • Experience working in regulated environments (SOC, ISO) and ensuring compliance with security standards.

  Personal Attributes:

  • Problem-Solving Skills:
    • Strong analytical and problem-solving abilities to identify and address security threats.
  • Communication Skills:
    • Excellent written and verbal communication skills to effectively convey security risks and recommendations to stakeholders.
  • Proactive Approach:
    • A proactive mindset to stay ahead of emerging threats and continuously improve security posture.
  • Continuous Learning:
    • A commitment to staying up-to-date with the latest security trends and technologies.
  • Collaboration:
    • The ability to work well with cross functional teams.

Employ is an Equal Opportunity employer.
Employ is an EVerify employer.