Back to jobs

Senior Security Engineer

Senior Security Engineer

Job Description

You are responsible for ensuring the correct selection, implementation and configuration of security controls to protect our organization's data and systems. You partner with internal teams during vendor selection to ensure that security requirements are met, and that risks are understood and mitigated. You partner with the product team to ensure the appropriate security measures are included throughout the product life cycle. 

You ensure that all systems are compliant with and supportive of our overall compliance requirements, including SOC 2, HIPAA, GDPR and CCPA. You work closely with internal stakeholders and third party auditors to ensure our controls and documentation result in successful audits.

You are a key participant in the incident response process, including running exercises and training. You monitor and maintain our security infrastructure, both reactively for evidence of malicious or suspicious activity, as well as proactively for evidence of vulnerabilities.

Primary Responsibilities

  • Safeguarding our cloud environment and employee endpoints, ensuring the confidentiality, integrity, and availability (CIA) of the systems our employees use daily.
  • Continuing to mature, scale, and operationalize our already robust, SOC 2 Type II, HIPAA GDPR and CCPA compliant information security program.
  • Monitoring and analyzing security logs to identify incidents and suspicious activity across cloud systems, endpoints, and SaaS applications.
  • Developing and implementing robust security protocols to protect Fixify’s computer systems, networks, and data.
  • Identifying, assessing, and resolving security vulnerabilities and risks across various environments.
  • Collaborating with the Product and Operations teams to embed security measures throughout the product lifecycle.
  • Providing guidance and support to all teams from a security perspective.
  • Automating security tasks, log aggregation, analysis, and device management.
  • Managing and maintaining security technologies including IAM, CSPM, Vulnerability Scanning, SIEM, IDS/IPS, EDR, and malware analysis and protection tools.
  • Ensuring compliance with security standards and frameworks such as ISO 27001, NIST CSF, SOC2, GDPR, CCPA and HIPAA.
  • Preparing for and supporting audits to verify compliance with regulatory and organizational security standards.
  • Other duties as assigned.

 

Non-Technical Skills Required

  • Excellent written and verbal communication skills
  • Ability to establish relationships and quickly engender trust
  • Ability to prioritize and work at multiple timescales
  • Detail oriented
  • Well organized
  • Calm under pressure

Technical Skills Required

  • Strong understanding of operating systems, network protocols, architecture, and security vulnerabilities, particularly macOS and AWS.
  • Expertise in analyzing security logs and identifying incidents and suspicious activity for Cloud systems, endpoints and SaaS applications.
  • Coding experience relevant to automating security tasks, log aggregation and analysis, and device management. Leveraging low-code platforms is a plus. 
  • Experience managing security technologies (IAM,SIEM, IDS/IPS, EDR, malware analysis, and protection).
  • Familiarity with AWS systems (e.g., KMS, S3, Security Groups, and IAM)
  • Knowledge of compliance frameworks (ISO 27001, NIST CSF, SOC2,GDPR, CCPA and HIPAA) and experience with audits.

Education and Experience

  • Minimum of 5 years of experience in information security, particularly in security operations or a similar role.
  • Bachelor’s degree or a compelling story

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf