MID/Senior -Security Operations Engineer- CIM/SRL- Remote

The Team

The Security team is responsible for building, enforcing and reporting on information security maturity across products by adopting, adapting and extending Enterprise Corporate standards and tools. The products are a critical component of the global financial markets, so building and ensuring information security compliance is an extremely important function. 

Responsabilities

• Working with the Director of Security Operations Engineering you will be implementing and enforcing corporate security standards

• Responsible for the successful operations of all security tools and technologies and participates in or drives security reviews for new products and services.

• Partners closely with the scrum teams, DevOps leads, Product Development managers, and Product Managers to improve the operating risk posture, improve security maturity, and mitigate risks.

• Implement the best practices in Database privacy and Security, Privilege access management (for application and database) and Recertification, data redundancy and disaster Recover scenarios

• Collect and analyze available vulnerability data to identify risks, and manage remediation.

• Aggressively but realistically eliminate technical debt that leads to security vulnerabilities.

• Assist in performing risk assessments and developing remediation plans for identified risks.

• Work with Internal Audit team ensuring audit compliance of all the products.

• Documents wiki, run books, and trains others to help operationalize and automate DevSecOps.

• Works across engineering teams to prioritize flaws and with external entities to respond to security issues and concerns.

• Continuously identifies areas needing improvement, creates action plans, and executes to implement changes in a timely manner

Desirable skills

• Strong knowledge of NIST standards and the NIST Cybersecurity Framework.

• Strong knowledge in Database Security framework and implementation specifics on RDBMS platforms like SQL Server, Oracle on Linux/Windows Platforms.

• Experience with complex SaaS and Corporate IT services environments

• Expertise with administering security technology controls (firewalls, orchestration platforms, anti-malware, forensics, IAM, IDS, DLP, open-source, etc.)

• Experience with security automation and technology and process integrations with CI/CD pipelines.

• Experience with creating Analytics Dashboards with Tableau for the underlying asset data.

• Experience managing security in DevOps and SaaS environments.

• Experience with AWS and best practices for monitoring an IaaS environment

• Familiarity with operating enterprise security technologies and establishing enterprise security processes.

• Familiarity and experience with standards and compliance frameworks ISO, SANS, OWASP, NIST, SSAE SOC, ITIL, etc.

Qualifications

  • BE Computer Science and Engineering (Computer Science)