Security Compliance Engineer#
The Security Compliance Engineer will be responsible for ensuring that the company's information systems and technologies are in compliance with regulatory and industry standards, including but not limited to PCI, ISO 27001, and SOC2. This role will be responsible for designing, implementing and maintaining effective security controls that protect the company's information assets and ensure compliance with applicable laws and regulations.
- Conduct risk assessments to identify vulnerabilities in the company's information systems and technologies.
- Develop and implement security policies, procedures, and standards to mitigate identified risks and ensure compliance with regulatory and industry standards.
- Collaborate across multiple workstreams to implement security controls that align with business requirements and support the company's goals and objectives.
- Monitor and analyze security metrics and logs to identify security incidents and trends, and take appropriate action to mitigate identified risks.
- Participate in security incident response activities, including investigations, root cause analyses, and issue remediation.
- Conduct security awareness training for employees and third-party vendors (as required) to promote a culture of security and compliance.
- Conduct internal and external audits to ensure compliance with applicable laws and regulations, and make recommendations for improvements as necessary.
- Stay current with emerging security threats and industry best practices, and make recommendations for new security controls and technologies to improve the company's security posture.
- Maintain appropriate contacts with suitable legal authorities and membership in relevant professional groups.
- Engage with external entities such as customers, vendors, and open source security teams to understand their security requirements and ensure that the company's systems and technologies are compliant with these requirements.
- Work closely with the Sales worksteam to provide technical expertise on the company's security capabilities and compliance posture.
- Identify and prioritize security features and enhancements that can be added to the company's products and services to better meet customer needs.
- Fixing identified security issues
- 3 years+ of experience in a role related to Information Security
- 1 year+ of experience with Security configuration and/or auditing of Kubernetes and/or OpenShift clusters
- 1 year+ experience with at least one scripting language (BASH, Python, Perl, PHP)
- Advanced knowledge of at least one OS (*nix, OSX, or Windows)
- Some familiarity with InfoSec compliance certifications (ISO 27001, PCI, SOC2, etc.)
- Experience developing and implementing security policies, procedures, and standards.
- Familiarity with security tools and technologies such as firewalls, intrusion detection and prevention systems, and vulnerability scanners.
- Structured mindset, desire to plan ahead and mitigate bottlenecks and cyberattacks
- Ability to analyze problems efficiently and effectively; you stay calm and focused when outages and incidents occur
- Ability to work both independently and as part of a team
- Super comfortable reading, writing, and communicating in English
- Industry certifications (Security+, CySA, CEH, KSP, CISSP, GISP)
- Formal education in Cybersecurity (Master or Baccalaureate level degree)
- Bonus Points for having found a security issue in Lagoon
Employees who currently serve as Security Engineers will gain many of the skills required to excel as a Security Compliance Engineer as they gain more experience with and exposure to the processes and procedures relevant to industry compliance certifications. These are the basic qualifications required before a move from the role of a Security Engineer to that of a Security Compliance Engineer could be considered:
- At least one year of experience as a Security Engineer at amazee.io
- At least three years of experience in security overall
- A strong desire to work in InfoSec
- A written positive recommendation from the employee’s lead
- Some form of either an industry certification (Sec+, CySA, CEH, KSP, etc.) or relevant education (proof of completion of a college level course in Cybersecurity or the completion of a reasonably advanced Cybersecurity focused online learning program)
- Bonus Points for having found a security issue in Lagoon or the amazee.io platform