Sr. Security Engineer
About the Position:
As our Senior Security Engineer you will be front and center with solving our most complex security challenges. As a Software-as-a-Service platform, Everbridge utilizes a hybrid-cloud ecosystem to achieve worldwide scalability goals. We have data centers worldwide, and offices in 3 countries.
About the Team
As a member of the security engineering team, you will strive to take a pragmatic approach when proposing security solutions, implement security best practices, guide our architecture toward a security-first posture.
- Assess, design, implement, automate, and document security processes and solutions leveraging Amazon Web Service (AWS) and other third-party cloud solutions.
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Proactively stay current with developments in relevant technologies.
- Create and share unique ways to solve challenges with others.
- Deploy security solutions in cloud environments.
- In-depth knowledge of VPCs, Security Groups, and ACLs.
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity.
- Must have experience extracting pertinent security data from SIEM solutions and AWS audit, logs, and reports.
- Investigate and resolve security violations by providing postmortem analysis to illuminate the issue, and identify causes, possible solutions, and preventative measures.
- Develop procedures to automate security tasks during code builds and deployments.
- Develop program quality metrics as both program performance indicators and enterprise risk indicators.
- Respond to and, when appropriate, resolve or escalate security incidents.
- Report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes.
- Assist and train team members in the use of cloud security tools and the resolution of security issues
- Develop and maintain documentation for security systems and procedures
- Collaborate with the Ops team to build infrastructure and servers on AWS
- Minimum 8 years of information security experience with 2 years Cloud Security focus
- Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, Config, CloudTrail, CloudFormation, Lambda, and others
- Knowledge of network based, system level, and application layer attacks and mitigation methods
- Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 27017, FedRAMP
- Experience in DevOps environments and maintaining security in CI/CD processes
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud based environment
- Experience with a broad range of security technologies including, SAST, DLP, IDS/IPS, IAM, Certificate Management, etc
- Experience working with container technologies
- Knowledge of AWS automation strategies and tools
- Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
- Ability to clearly and effectively communicate concerns, issues to other teams
- Experience in developing, documenting, and maintaining security procedures
- Proficient in AWS CLI, Bash, and Python
- Certified Information Systems Security Professional (CISSP) preferred
- Certified Information Systems Auditor (CISA), SANS GIAC, CompTIA Security+, CompTIA CASP, Certified Ethical Hacker (CEH), Certified Information Systems Auditor (CISA) certifications strongly desirable.
- Working knowledge of Nmap, Nessus, Kali Linux, Wireshark, Metasploit Framework, and other security related tools.
- Demonstrated experience in conducting security audits and assessments.
- Demonstrated experience in investigating security issues related to Internet, server, desktop, laptop, tablet and other mobile device security issues; OS patching, hardening and anti-virus.
- Understanding of data network configuration and infrastructure concepts, including TCP/IP, routers, internet/intranet/extranet, firewalls, web servers and security hierarchy including the application of encryption key infrastructures and authentication processes.
- The ability to communicate effectively, both verbally and in writing, with individuals and groups.
- Experience in full project life cycle and application development desired.
- Strong written and verbal communication skills.
- US Citizen
About the Company:
Our people, solve problems. Our product, saves lives. Our purpose, to keep people safe and business running.
Headquartered in the great cities of Boston and Los Angeles, with operations all over the world, our dedicated team of 500+ employees supports over 3,400 global customers a day in their most crucial moments. During critical business events, public safety threats, and man-made or natural disasters, our software provides critical event management capabilities and communication applications to quickly and reliably deliver location aware, contextual notifications to millions of people across 100+ modalities.
As a company with a culture that is committed to “Making a Difference,” we are proud to serve 8 of the 10 largest U.S. cities, 9 of the 10 largest U.S.-based investment banks, all 25 of the 25 busiest North American airports, and 6 of the 10 largest global automakers. In 2016 alone, over 1.5 billion messages in more than 200 countries and territories were sent through the Everbridge platform. As we continue to grow and transform the field of critical event management, we’ll need passionate, committed individuals to help us carry out our mission. Do you think you have what it takes? Apply to be a part of our award-winning team today!
Everbridge is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.