Security Engineer Lead - Military veterans preferred

Beyond Identity


  full-time   part-time   employee   contract

United States

Job DescriptionAt Beyond Identity, our mission is to provide passwordless authentication which allows the implementation of passwordless identity management. Passwords are an antiquated technique for establishing a person’s identity with a digital service. 80%+ of cyber incidents involve the misuse or mishandling of passwords, it is time for passwords to be replaced by strong security techniques that are usable by an audience that is not technical.The ideal candidate for the position will be a self-starter who is driven to find innovative ways to improve the product. The candidate will be results-oriented, passionate in the improvement of the user experience, and a critical and strategic thinker. The candidate is highly organized, can multitask and meet aggressive deadlines, and is a team-player and team-builder who can make meaningful and long-lasting connections with others.The candidate must have the ability to assess and analyze a wide range of information to draw conclusions on how to improve the security of our systems. The candidate will be responsible for building out Beyond Identities Security Engineering and Security Operations team from the ground up, aligning the team around our new SecOps initiatives, implementing company wide security controls, and working within the risk management frameworks. You will provide strong leadership through technical excellence and mentoring, and your contributions will be key to the success of Beyond Identity.ResponsibilitiesLead a SecOps team that is responsible for the implementation of all Cloud-Native security and corporate controlsProvide technical leadership through mentoring, a commitment to technical excellence, accountability, transparency, and skills developmentResponsible for screening and testing the organization’s security software for vulnerabilities, including existing systems and any new software they might obtainPartner with Security and Compliance teams to identify, manage, document, and implement best practices and automated controls for cloud and internal solutionsStay up to date with the latest application security developments and security trends to continually improve internal processesAssess current applications and architecture to determine methods for automating security testing and control validationContribute to technical design, product and vendor selection, application and technical architectures related to SecOps, transformation and automation effortsEstablish, document, and maintain the security and regulatory posture of platforms and solutionsRespond to security incidents by conducting incident response activities involving containment to remediation and lessons learnedCollaborate with the operations team to understand the risk of the vulnerabilities at the time of discovery as well as if new information, such as an exploit in the wild, requires reprioritization or a change in tacticsSkills& QualificationsBachelor’s Degree in Computer Science or similar4+ years of experience with Agile, SecOps practices working with cross-functional teams and integrating security into a CI/CD environment1+ years of experience with securing cloud systems Deep experience with security incident response, including process, metrics, and operational executionSolid Experience in performing security vulnerability assessment and deployment of relevant tools ( i.e Nessus, other )Strong WAF and Security Modelling, proven experience writing WAF rulesKnowledge of any CyberSecurity Frameworks such as CIS, NIST, ISO, COBITUnderstanding of SecOps principles as it relates to corporate networks and cloud-native solutions.Hands-on experience in security systems, including firewalls, intrusion detection systems, authentication systems, log management, content f iltering, penetration test tooling (based on NIST CSF / OWASP), and automated vulnerability testing Broad knowledge of security monitoring, prevention, and control techniques and how they can be applied in a traditional IT environment as well as cloud-based systemsPlusesExperience with the use and deployment of Nginx, Postgres, Redis, Memcached, GitLab/GitHub, and the Atlassian platformExperience with cloud-based security management / IDS /IPS / SIEM / DLP tools such as Splunk, AlienVault, AlertLogic, Prisma Cloud, Threat Stack, OWASP ZAP, OWTFExperience with one or more SSO methodologies (SAML, LDAP, MS AD)Experience leading Computer Incident Response Team (CSIRT)Experience creating and implementing Data Classification Policy and Data Loss Prevention controlsExperience establishing compliance and system hardening using CIS frameworks and vulnerability scannersPreferred certifications: CISSP, Security+, CEH, CCSP, ITIL, CISMPowered by JazzHRD70YenAiG8