As Senior Information Security Engineer you will report to the IT Service and Security Director and work closely with Development, Product and other teams across the organization to assure vulnerabilities within the enterprise are identified, validated and mitigated in a timely manner.
In addition, you will validate compliance with information security policies and standards by conducting regular audits of the Organization.
You will work independently with Hosting / Infrastructure administrators, IT / Product owners and other colleagues to ensure secure design, development and implementation of applications and networks.
What you will do
Monitor and respond to alerts indicating security incidents and research new and emerging threats to preemptively eliminate the possibility of system breach
Conduct both self- assessments and coordinate third party risk assessments of technology infrastructure and operational processes and controls for assigned areas
Conduct recurring scans and audit and track mitigation activities through to completion.
Conduct scheduled, targeted IT compliance audits and vulnerability scans and pen tests for the organization
Provide remediation guidance and recommendations and coordinate with Development Operations, IT and other teams as needed to provide oversight to the remediation and / or mitigation of enterprise vulnerabilities
Establish appropriate security and compliance management calendar, schedule engagements and track activities to completion.
Maintain history of scans and activities for future reference
Maintain and report out on the Information Security Risk Register
Manage and maintain ISO 27001, PCI DSS, GDPR and any future security standards and compliances. What you will need
5+ years of Information Security and Vulnerability assesment Penetration testing experience
Bachelor s degree or equivalent in a related field
Direct experience with maintaining and utilizing common commercial and open source vulnerability scanning and security auditing tools (BurpSuite, Nesuss, Nexpose, OpenVAS, Nmap etc.
in both cloud (AWS) and conventional environments
Thorough understanding of network defense technologies, TCP / IP networking, Active Directory, DHCP, DNS, network security monitoring tools, WAF, secure engineering principles and technical security testing methodologies
Experience with one or more scripting languages (Perl, Python, or other) in an incident response environment
Extensive Linux and Unix experience including deep knowledge of file system layout, log file analysis, timeline creation, and common configuration deficiencies
Desktop, server, application, database, and network security hardening principles and practices for threat prevention
Experience with ISO 27001 and PCI DSS implementation, certification and maintenance
Knowledge of methods for on- going evaluation of the effectiveness and applicability of information security controls (e.
g., vulnerability testing, and assessment tools).
Familiarity with classes of vulnerabilities, appropriate remediation, and industry- standard classification schemes (CVE, CVSS, CPE).
Effective communication and presentation skills with demonstrated ability to prepare documentation and presentations for technical and non- technical audiences
Must be a critical thinker, with strong problem- solving skills
High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
Self- starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices.
What we have Loylogic is the world s leading innovator and creator of points experiences, insights, commerce and engagement.
By tantalizing members with more choices and arming programs with insights on behavior anticipating both present and future needs we deliver powerful solutions that amplify engagement and build loyalty.
Our goodies for you
Competitive salary dependent on experience
Office location on a non traffic road
Chief Joy Officer and Personal Coach
Internal incentive program
Annual Team Outing and regular Team events