StackPath is a platform of secure Internet services built at the cloud's edge. StackPath services enable developers to build protection and performance into any cloud-based solution—from apps, to games, web sites, and beyond—without needing cloud security and delivery expertise of their own. More than 800,000 customers already use StackPath services, ranging from early-stage enterprises to Fortune 100 organizations. Headquartered in Dallas, Texas, StackPath has offices across the U.S. and around the world.
For more information, follow StackPath at www.fb.com/stackpathllc and www.twitter.com/stackpath.
About the Role
The Senior Information Security Engineer is responsible for responsible for maintaining the safety and security of the organization's systems, network, and communications to prevent unauthorized access and avoid data breaches and intrusions. A good understanding of Infrastructure, application development security, and cloud security technologies and processes is required.
The role requires a personality capable of being a champion, and proactive in managing threat data from multiple sources including vulnerability scanning, penetration testing, and threat alerts from key third party suppliers. Candidates must be capable of interfacing with multiple product teams to assess risk and priority for remediation.
This position also requires a strong personality, that is willing to, and enjoys, interfacing with people as much as hiding in a hole doing exploit testing. In addition to technical breadth, strong communication and writing skills are a must. The candidate will ideally find it acceptable to author policies and standards that lay out the controls requirements in the various SOC 2 Common Criteria, ISO 27001, PCI, and other standards. Complex vulnerabilities must be communicated in a straight-forward, clear, concise way to make the importance and risk associated with vulnerabilities clear to multiple stakeholders (engineers and senior management).
This position is highly collaborative and champions security objectives and initiatives across the enterprise and will be responsible for defining, implementing, and leading a formalized information security function in the company.
This role will report to our: Manager of Security & Security Architecture
Essential Duties and Responsibilities
- Proactively protect the availability, integrity, and confidentiality of all customer and company data.
- Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs.
- Help product engineering teams adopt and integrate security capabilities into their product and software development lifecycles
- Core contributor to establishing configuration baseline standards and ongoing management of configuration/systems lifecycle management processes.
- Design a security management methodology for all types of nodes that sit on a distributed network (firewalls, routers, servers).
- Perform security due diligence on vendors whose products or services involve company or customer data.
- Factor regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
- Conduct legal, ethical, and sound security forensics investigations in close cooperation with Human Resources and General Counsel.
Desired Skills and Experience
- Bachelor of Science in Computer Science, Electrical Engineering, Software Engineering Information Technology or equivalent experience required.
- 5+ years experience in IT Security, Risk and/or Compliance or equivalent.
- Demonstrated knowledge of industry authoritative sources such as COBIT, NIST, SOC2, PCI, GDPR, CCPA and ISO standards.
- Experience in configuring and managing a SIEM.
- Major security certification (CISA, CISSP, CISM, or other security certifications) required.
- Deep experience in network/host/application security, incident handling, ethical hacking, forensics. Scripting/development experience desired.
- Demonstrated experience planning and conducting cybersecurity penetration tests of networks and web applications.
- Understanding of web-based applications, infrastructure, and architecture.
- In-depth knowledge about ISO 27001 requirements and working experience in an ISO-compliant environment for at least 3 years.
- Proven technical documentation skills in translating control requirements into policies and standards.
- Demonstrated knowledge and application of vulnerability risk assessment technology in areas including application security/architecture, infrastructure, and cloud security throughout the data lifecycle.
- Capable of supporting the development and deployment of innovative security solutions to safeguard assets, in the cloud and our data centers, while enabling the business.
- Proactively identify, evaluate, and assist in the mitigation of cybersecurity risks aligned with the organizations risk posture as well as business and operational objectives across an international footprint.
- Full understanding of how to evangelize factoring security in the entire software/systems development life cycle. SaaS experience preferred.
- Awareness of key software industry vulnerabilities including OWASP top 10.
- Conduct, coordinate and perform application vulnerability assessments (Dynamic & Static) manually and using proprietary tools.
- Knowledge of complex application, network, host, and virtual system operations.
- Ability to relate business requirements and risks to policy and technology implementation.
- Expert level knowledge of risk assessment and remediation methodology, processes, and procedures.
- Proven ability to manage projects and implementations across organizations.
- Strong collaborative approach and ability to effectively interface with technical staff, senior management, and customers.
This job description is not intended to be all-inclusive.
StackPath is an Equal Opportunity Employer. EOE/AA M/F/D/V
If your experience and qualifications match our current needs, a member of our human resources team will contact you. We look forward to hearing from you.