Shorelight
Information Security Engineer
Shorelight, Boston, Massachusetts, us, 02298
Information Security Engineer
Boston, MassachusettsAbout Us
Shorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high-touch, technology-driven services that help talented students thrive and become global citizens.Job Overview
The Information Security Engineer will validate that Shorelight’s services, applications, and websites are secured against the latest threats. This role conducts security reviews, develops threat models, evolves the security assurance process, and creates metrics to demonstrate the team’s performance. The Information Security Engineer manages the development and implementation of security standards and controls to ensure the organization's products are secure.The Information Security Engineer is a problem solver with outstanding oral and written communication skills and a proven ability to outline security risks at all levels of the organization to both technical and non-technical individuals. He/She/They is an energetic team player who thrives in a fast-paced, high-tech environment and has high-level customer service skills. The ability to adjust quickly to shifting priorities, make decisions with limited information, and use good judgment to escalate risks and concerns to the leadership level is essential. The Information Security Engineer will influence and motivate participants in cross-team projects to engage on Security initiatives, so the proven ability to build partnerships and collaborate with key stakeholders is critical.Essential Functions
Information Security
Develop and maintain cloud security controls and best practicesDeploy security automation and develop tools to secure the cloudMaintain an internal security library that outlines security controls and identifies common security flawsConduct vulnerability assessments and mitigate and patch based on findingsDevelop automated security testing to ensure secure coding best practices are being usedPrepare critical and regular security releasesSetup tools and sensors to detect various attacks and exploitation techniques targeted towards cloud platforms and applications running within themCreate and conduct risk evaluations for new processes, products, and servicesDevelop, facilitate, and distribute security training modules corresponding security materialsEngineering
Maintain Docker container and Kubernetes security, including pod-security and network security policiesSupport the DevOps and Engineering teams in developing infrastructure-as-code using Terraform, CloudFormation, CI/CD, GitHub, etc.Manage security across various Amazon Web Services (AWS) tools/products such as VPCs, Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, and WAFPartner closely with Engineering and Product teams to suggest improvements that increase application securitySecurity
Comply with Shorelight Written Information Security Policy, and all other Shorelight Information Security Policies and Procedures.Take responsibility for any Shorelight assets assigned to you.Promptly report any security events, incidents, or weaknesses to Shorelight Security.Minimum Qualifications
7+ years of formalized information security experienceBachelor's degree or equivalent years’ experienceCISSP Information Security certificationExperience managing security vendors and managed-services providersStrong understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)Working familiarity with Cyber Security, Cloud Platform Security, Risk Assessment, Network Security, IAM, Data Security, and Data GovernanceAbility to occasionally provide weekend and after-hours supportPreferred Qualifications
Bachelor's degree in Information Security, Computer Science or related fieldStrong background in technical engineering and architecture, such as infrastructure/cloud engineering or software developmentInformation Security certifications in SANS GIAC, CISA, etc.Experience with OWASP, static/dynamic analysis, and common exploit tools and methodsDevelopment experiencePrior experience managing and growing a teamApplication Process
To apply for this position, please visit the Shorelight Careers page to submit an application with a resume and cover letter.Background Check Required--Education, Criminal, IdentityShorelight is an Equal Opportunity Employer.
#J-18808-Ljbffr
Boston, MassachusettsAbout Us
Shorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high-touch, technology-driven services that help talented students thrive and become global citizens.Job Overview
The Information Security Engineer will validate that Shorelight’s services, applications, and websites are secured against the latest threats. This role conducts security reviews, develops threat models, evolves the security assurance process, and creates metrics to demonstrate the team’s performance. The Information Security Engineer manages the development and implementation of security standards and controls to ensure the organization's products are secure.The Information Security Engineer is a problem solver with outstanding oral and written communication skills and a proven ability to outline security risks at all levels of the organization to both technical and non-technical individuals. He/She/They is an energetic team player who thrives in a fast-paced, high-tech environment and has high-level customer service skills. The ability to adjust quickly to shifting priorities, make decisions with limited information, and use good judgment to escalate risks and concerns to the leadership level is essential. The Information Security Engineer will influence and motivate participants in cross-team projects to engage on Security initiatives, so the proven ability to build partnerships and collaborate with key stakeholders is critical.Essential Functions
Information Security
Develop and maintain cloud security controls and best practicesDeploy security automation and develop tools to secure the cloudMaintain an internal security library that outlines security controls and identifies common security flawsConduct vulnerability assessments and mitigate and patch based on findingsDevelop automated security testing to ensure secure coding best practices are being usedPrepare critical and regular security releasesSetup tools and sensors to detect various attacks and exploitation techniques targeted towards cloud platforms and applications running within themCreate and conduct risk evaluations for new processes, products, and servicesDevelop, facilitate, and distribute security training modules corresponding security materialsEngineering
Maintain Docker container and Kubernetes security, including pod-security and network security policiesSupport the DevOps and Engineering teams in developing infrastructure-as-code using Terraform, CloudFormation, CI/CD, GitHub, etc.Manage security across various Amazon Web Services (AWS) tools/products such as VPCs, Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, and WAFPartner closely with Engineering and Product teams to suggest improvements that increase application securitySecurity
Comply with Shorelight Written Information Security Policy, and all other Shorelight Information Security Policies and Procedures.Take responsibility for any Shorelight assets assigned to you.Promptly report any security events, incidents, or weaknesses to Shorelight Security.Minimum Qualifications
7+ years of formalized information security experienceBachelor's degree or equivalent years’ experienceCISSP Information Security certificationExperience managing security vendors and managed-services providersStrong understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)Working familiarity with Cyber Security, Cloud Platform Security, Risk Assessment, Network Security, IAM, Data Security, and Data GovernanceAbility to occasionally provide weekend and after-hours supportPreferred Qualifications
Bachelor's degree in Information Security, Computer Science or related fieldStrong background in technical engineering and architecture, such as infrastructure/cloud engineering or software developmentInformation Security certifications in SANS GIAC, CISA, etc.Experience with OWASP, static/dynamic analysis, and common exploit tools and methodsDevelopment experiencePrior experience managing and growing a teamApplication Process
To apply for this position, please visit the Shorelight Careers page to submit an application with a resume and cover letter.Background Check Required--Education, Criminal, IdentityShorelight is an Equal Opportunity Employer.
#J-18808-Ljbffr