Information Security Engineer
The Information Security Engineer will safeguard Viewpoint’s digital infrastructure and customer data, focused on ensuring the appropriate internal cyber security controls are in place and operating effectively to mitigate risks to Viewpoint and its cloud customers. As a key team member of the Information Security and Cloud Operations teams, this role will help ensure Viewpoint maintains the highest level of security and privacy in our cloud services, evangelize the importance of security and privacy both internally and externally, manage the Viewpoint SSDLC KPI adherence and work directly with Viewpoint Product and Engineering teams to ensure Viewpoint ships and maintains secure application services. The ideal candidate must be familiar with vulnerability management practices and procedures to help shape the tactical risk mitigation and response protocol for the Information Security Office and the Company as a whole. The security engineer will perform the necessary operational analysis and security program tasks related to effective and secure cloud operating procedures. The security engineer will also be familiar with troubleshooting, basic Windows OS forensics, logging, network architecture, file systems, operating systems (Wndows/Linux), disk file systems, Active Directory, GPOs and threat monitoring solutions, including firewalls and other solutions. The security engineer will also be responsible for control compliance related to compliance requirements such as SOC 2 certifications as well as general Information Security policy enforcement within customer Cloud environments.
• Act as security control oversight for all security related operational tasks associated with deploying and operating secure customer cloud instances, including Active Directory and Group Policy Object security best practice and control adherence.
• Lead design and deployment of secure technical and application solutions to meet business requirements that are cost effective, sustainable and follow industry best practice. Deliver conceptual, logical, and physical solution specifications.
• Establish and implement technology migration strategies for a specific application or architecture within the Viewpoint portfolio.
• Enhance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
• Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues
• Design, deploy, manage and improve critical security infrastructure services and tools for authentication, authorization, PKI, secret management, logging, detection, vulnerability management and remediation.
• Partner with teams throughout Viewpoint on technology initiatives to improve security and bring standard methodologies to our products and services
• Analyze the latest attacker techniques and develop approaches to detect them across the company's diverse environments and endpoints.
• Define, implement, and tune detective capabilities and data sources to detect and remediate malicious activity
• Work with engineering and operations teams to implement threat detection signals, deploy new tooling, and improve response capabilities.
• Verifies security controls operating effectively on a regular basis by developing automation test scripts.
• Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements and provide leadership in the threat and vulnerability assessment process.
• Updates job knowledge by tracking and understanding emerging cloud security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations and disseminating that information to applicable Viewpoint team members.
• Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
• Ongoing improvement and communication related to the corporate security incident response plan and lead team through incidents and act as first responder. The first responder must be able to communicate while under pressure and be able to direct a team to resolve the incident
• Enforce Information Security policy and process and provide coaching and training where needed.
Information Security Engineer
• Communicate with other members of the security team to keep InfoSec management, COPs management and senior leadership apprised of the risks and threat landscape. Offer recommendations on the best course of action to stay in line with budgets and resource constraints.
• Proactively engage across the business to ensure an understanding of the importance of information security to protect Viewpoint’s technology assets and customer data.
• Lead, investigate, document, and partner to resolve security issues through individual and team contributions
• Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
• Assist with security incidents that the company may face in alignment with our response processes
• Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
• Bachelor’s Degree in Information Security, Computer Science or equivalent; or 5 years comparable work/military experience
• Security Certifications such as CCNA-S, MCSE, GIAC (any related).
• 3-5 years of progressive information security experience in an application security role deploying and securing cloud applications in Azure and/or AWS.
• Advanced level experience with scripting automation using PowerShell
• Proven experience building security reference architecture for on premise, all-in cloud deployments, and hybrid scenarios
• Implementation experience with enterprise security solutions such as Endpoint Protection (DLP/Whitelisting/HIPS), WAF, IPS, DDOS, FIM, and SIEM.
• Strong knowledge of networking including within cloud hosting solutions.
• Knowledge of Identity and Access Management, Single-Sign On, MFA, WAF and PKI/Certificate Services.
• Familiarity with compliance & security standards (NIST, ISO).
• Demonstrated ability to think strategically about business, product, and technical challenges
• Experience with working on global teams across time zones, cultures and languages.
• Strong communications skills, both written and spoken.
• Be a security subject matter expert and able to respond to internal security engineering questions/requests.
• Correctly balance security risk and product advancement.
• Perform penetration testing on internal cloud application environments.
• Perform proactive research to detect new attack vectors
• SME in cryptography, authentication and security protocols
• Prior experience with AWS and Azure, including hands-on expertise operating in an AWS and Azure environment with mastery of architecture and security capabilities of these cloud platforms.
• Deep understanding of securing web applications.
• Mastery of multiple security domains such as intrusion detection, incident response, malware analysis, and forensics.
• Knowledge of web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten