Description
Information Security Engineer
Boston, Massachusetts
About Us
Shorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high- touch, technology-driven services that help talented students thrive and become global citizens.
Job Overview
The Information Security Engineer will validate that Shorelight’s services, applications, and websites are secured against the latest threats. This role conducts security reviews, develops threat models, evolves the security assurance process, and creates metrics to demonstrate the team’s performance. The Information Security Engineer manages the development and implementation of security standards and controls to ensure the organization's products are secure.
The Information Security Engineer is a problem solver with outstanding oral and written communication skills and a proven ability to outline security risks at all levels of the organization to both technical and non-technical individuals. He/She/They is an energetic team player who thrives in a fast-paced, high-tech environment and has high-level customer service skills. The ability to adjust quickly to shifting priorities, make decisions with limited information, and use good judgement to escalate risks and concerns to the leadership level is essential. The Information Security Engineer will influence and motivate participants in cross-team projects to engage on Security initiative so the proven ability to build partnerships and collaborate with key stakeholders is critical.
Essential Functions
Information Security
- Develop and maintain cloud security controls and best practices
- Deploy security automation and develop tools to secure the cloud
- Maintain an internal security library that outlines security controls and identifies common security flaws
- Conduct vulnerability assessments and mitigate and patch based on findings
- Develop automated security testing to ensure secure coding best practices are being used
- Prepare critical and regular security releases
- Setup tools and sensors to detect various attacks and exploitation techniques targeted towards cloud platforms and applications running within them
- Create and conduct risk evaluations for new processes, products, and services
- Develop, facilitate, and distribute security training modules corresponding security materials
Engineering
- Maintain Docker container and Kubernetes security, including pod-security and network security policies
- Support the DevOps and Engineering teams in developing infrastructure-as-code using Terraform, CloudFormation, CI/CD, GitHub, etc.
- Manage security across various Amazon Web Services (AWS) tools/products such as, VPCs, Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, and WAF
- Partner closely with Engineering and Product teams to suggest improvements that increase application security
Security
- Comply with Shorelight Written Information Security Policy, and all other Shorelight Information Security Policies and Procedures.
- Take responsibility for any Shorelight assets assigned to you.
- Promptly report any security events, incidents, or weaknesses to Shorelight Security.
Minimum Qualifications
- 7+ years of formalized information security experience
- Bachelor's degree or equivalent years’ experience
- CISSP Information Security certification
- Experience managing security vendors and managed-services providers
- Strong understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Working familiarity with Cyber Security, Cloud Platform Security, Risk Assessment, Network Security, IAM, Data Security, and Data Governance
- Ability to occasionally provide weekend and after-hours support
Preferred Qualifications
- Bachelor's degree in Information Security, Computer Science or related field
- Strong background in technical engineering and architecture, such as infrastructure/cloud engineering or software development
- Information Security certifications in SANS GIAC, CISA, etc.
- Experience with OWASP, static/dynamic analysis, and common exploit tools and methods
- Development experience
- Prior experience managing and growing a team
Application Process
Background Check Required--Education, Criminal, Identity
Shorelight is an Equal Opportunity Employer.