Previous Job
Previous
Security Engineer
Ref No.: 21-00027
Location: New York, New York
Position Type:Full Time

Senior Security Engineer
Security Department · New York, New York

Ninth Wave's security team defends the application, infrastructure, and services that are the foundation to our products. We have a strong security mindset, are passionate about infrastructure, and are dedicated to hardening our products, network, and endpoints against all threats.

The Senior Security Engineer will be responsible for coordinating with all aspects of the company to assess, design, and implement various security processes, tools, controls, and automation. The role will deliver an engineering and automation focused set of products and services for the company. You will work closely with our infrastructure and development teams to produce innovative and secure solutions. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, and the desire to implement best-in-class security measures using cutting edge technology. Additionally, the right person for this position has a strong track record of delivering high-quality, scalable security solutions, infusing transparency into decision making, and partnering across levels and functions with a collaborative lens.

Responsibilities

  • Improve security across all aspects of our infrastructure by tightening and configuring relevant Amazon AWS and Microsoft Azure services
  • Perform cloud infrastructure security reviews and risk assessment of NACLs, Security Groups, IAM, S3, KMS, and other core AWS infrastructure services
  • Implementation and operation of security tooling (WAF, SIEM, MDR, etc.)
  • Utilize programming and scripting languages for the purpose of automation
  • Conduct lightweight offensive/discovery operations on your own or with a team
  • Work with DevOps and Cloud Engineering team to secure infrastructure
  • Automate detection of vulnerabilities, evaluate and partner with infrastructure to deploy critical patches/fixes to production systems
  • Assist in conducting external and internal penetration testing for our key products and applications to identify critical vulnerabilities and partnered with our engineering team to drive remediation
  • Conduct security architecture reviews to identify potential vulnerabilities which may negatively impact the security of our products and software
  • Operationalize security incident response and investigative processes

Qualifications

  • 6+ years of experience working in a information security infrastructure engineering capacity
  • Strong experience with Amazon AWS & Microsoft Azure Security (Logging, Key Management, Detection, and Correction) and automation in a multi-account environment
  • Understanding of Amazon Web Services and Azure's native security controls
  • Experience with Cisco anti phishing protection, Meraki firewalls, Cisco Client
  • Strong network and system security background
  • Strong scripting and automation skills (python, etc)
  • Strong working knowledge of key management, privilege management and least privilege practices
  • Experience with application security, threat modeling, and integrating security tooling (open source or commercial) into a CI/CD pipeline
  • Consultative approach towards security with the ability to guide and educate developers on security best practices
  • Experience in security operations, incident response and managing security incidents
  • Experience with industry standard compliance regulations (SOC2, ISO27XXX, PCI, etc.)
  • Security and cloud certification preferred