Senior Information Security Engineer

The Senior Information Security Engineer is responsible for implementation operation monitoring and administration of a variety of tools and processes to protect company information in accordance with the Information Security Program and related policies. The engineer identifies security vulnerabilities assesses risks and recommends and implements remediations. The engineer writes and maintains policy and process documentation documents controls provides training and works across the organization to effect change and reduce risk. Responsibilities span the scope of information security management including ID and Access Vulnerability Continuity Operations Secure Development Cryptography and Vendor Management as well as Penetration Testing Privacy and Compliance and supporting internal and external audit. The engineer participates in Incident Response and investigates and assesses threats and responds to enterprise security events and incidents.

Key Responsibilities

• Establish and maintain strong working relationships with the departments involved with information security (Operations Development IT Legal Human Resources and others)
• Develop Information Security Program policies processes procedures standards and guidelines and train staff.
• Recommend and implement improvements to the effectiveness of the Information Security Program.
• Evaluate and recommend security tools to address information security risks and weaknesses.
• Provide direction to employees according to established policies and management guidelines for system application and network security.
• Implement operate monitor and improve technical security controls across the enterprise including AV IDS vulnerability scanning WAF code scanning web proxies encryption and audit log monitoring.
• Perform periodic internal security reviews and risk assessments; coordinate and support internal and external information security audits.
• Use a variety of vulnerability assessment and testing tools to identify security vulnerabilities and weaknesses and ensure consistency and compliance with established standards and security policies.
• Write scripts queries and/or applications to automate common IT security related tasks including system monitoring user access audits and alerting. Review reports for anomalies. Take appropriate action to address alerts and report findings.
• Respond to security incidents conduct root cause analysis of incidents recommend corrective actions and ensure corrective action completion.
• Initiate special projects related to information security.
• Identify SaaS application infrastructure and operational vulnerabilities assess risks and work with network server help desk and software development teams to remediate issues.
• Review policy violations and breaches of information security with staff identify root causes and determine plans of action to prevent future occurrences.
• Document information security monitoring scanning and testing procedures.
• Keep up to date with the security field including emerging vulnerabilities and communicate trends for existing and proposed security systems.
• Evaluate vendors security posture and perform periodic vendor assessments.
• Perform other duties to support the technical and operational security of the organization as required.

Qualifications

• Bachelors degree in an IT related field or equivalent experience and 5 years of experience in working in IT security IT systems or network engineering software development QA or a related role.
• Desired certifications one or more of the following: CISSP (Certified Information Systems Security Professional) Certified Information Security Manager (CISM) SSCP (Systems Security Certified Practitioner) CCSP (Certified Cloud Security Professional) or CompTIA Security.
• Desired compliance/framework experience: familiarity with GDPR CCPA HIPAA or PCI privacy and security requirements and ISO 27001 SOC 2 NIST or CIS 20 frameworks.
• Knowledge of security implications of threats to and vulnerabilities of networks servers operating systems applications and databases.
• Flexibility to work off-hours to support global project teams and maintenance windows.
• Ability to support 24x7 on-call for incident response on a rotating basis.
• Other desired experience:
  • Working knowledge of and experience in desktop and server environments including Mac Windows and Linux operating systems.
  • Experience with various IT technologies related to security including Active Directory Group Policies LDAP SSO SSL encryption and hashing algorithms and key management practices.
  • Experience conducting security assessments technology reviews and application requirements analysis from a security design perspective.
  • Experience with basic scripting and SQL queries for automation of controls and reporting.
  • Experience configuring and operating Web Application Firewalls web servers and reverse proxies to secure web applications.
  • Experience installing configuring and managing network and host vulnerability scanning tools.
  • Experience managing SIEM and log management tools.

Competencies

• Strong analytical problem-solving and critical thinking skills and attention to detail.
• Organization Time Management & Prioritization - Self-starter that focuses on key priorities; plans organizes schedules and executes on tasks and projects in an efficient and productive manner.
• Ability to form productive relationships across the organization to accomplish information security objectives.
• Ability and willingness to learn all aspects of the information security field.
• Professional verbal and written communication skills in English and the ability to write clear concise and effective policies and procedures.
• Expresses ideas using clear effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style substance detail confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone email tickets and chat.
• Able to assess document and prioritize identified security flaws and vulnerabilities based on risk.

Typical Office Environment: Requires extensive sitting with periodic standing and walking. May be required to lift up to 35 pounds unassisted. May be required to lift over 35 pounds using assistive device and/or team lift. Requires significant use of personal computer phone and general office equipment. Needs adequate visual acuity ability to grasp and handle objects. Needs ability to communicate effectively through reading writing and speaking in person or on telephone.

Nextiva DNA (Core Competencies)

Nextivas most successful team members share common traits and behaviors:

• Drives Results:Action-oriented with a passion for solving problems. They bring clarity and simplicity to ambiguous situations challenge the status quo and ask what can be done differently. They lead and drive change celebrating success to build more success.
• Critical Thinker: Understands the why and identifies key drivers learning from the past. They are fact-based and data-driven forward-thinking and see problems a few steps ahead. They provide options recommendations and actions understanding risks and dependencies.
• Right Attitude: They are team-oriented collaborative competitive and hate losing. They are resilient able to bounce back from setbacks zoom in and out and get in the trenches to help solve important problems. They cultivate a culture of service learning support and respect caring for customers and teams.

Total Rewards

Our Total Rewards offerings are designed to allow our employees to take care of themselves and their families so they can be their best in and out of the office.

Our compensation packages are tailored to each role and candidates qualifications. We consider a wide range of factors including skills experience training and certifications when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position compensation may include base salary and/or hourly wages incentives or bonuses.

• Medical - Medical insurance coverage is available for employees their spouse and up to two dependent children with a limit of 500000 INR as well as their parents or in-laws for up to 300000 INR. This comprehensive coverage ensures that essential healthcare needs are met for the entire family unit providing peace of mind and security in times of medical necessity.
• Group Term & Group Personal Accident Insurance - Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent visible & external means.
  • Coverage Type - Employee Only
  • Sum Insured - 3 times of annual CTC with minimum cap of INR
  • Free Cover Limit - 1.5 Crore
• Work-Life Balance - 15 days of Privilege leaves per calendar year 6 days of Paid Sick leave per calendar year 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves 1 week of Paternity leave a day off on your Birthday and paid holidays
• Financial Security - Provident Fund & Gratuity
• Wellness - Employee Assistance Program and comprehensive wellness initiatives
• Growth - Access to ongoing learning and development opportunities and career advancement

At Nextiva were committed to supporting our employees health well-being and professional growth. Join us and build a rewarding career!

Established in 2008 and headquartered in Scottsdale Arizona Nextiva secured $200M from Goldman Sachs in late 2021 valuing the company at $ check out whats going on at Nextiva check us out on Instagram Instagram (MX) YouTube LinkedIn and the Nextiva blog.

#LI-RQ1 #LI-Hybrid