TripleLift is seeking a Senior Security Engineer to join our team full time
We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry
You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap
You'll help drive improvements in our security operations capability and support critical projects enhancing our detect-and-respond capabilities
Responsibilities
Play a critical role in building and maintaining a global security compliance program based on NIST CSF
Enhance SDLC to promote secure application development and infrastructure deployment, and facilitate secure-coding remediation activities
Coordinate with stakeholders to develop and implement a vulnerability management program and to perform threat-hunting activities
Configure and manage security monitoring tools related to protecting servers, endpoints, and the data within, including SIEM and EDR
Assess and improve security posture of cloud-based infrastructure in alignment with CIS benchmarks
Enhance and facilitate security incident handling activities
Evaluate engineering and infrastructure projects for proper alignment to security controls, and report identified risks through appropriate channels
Create and manage security procedure documentation
Evangelize security best practices and provide education and awareness to company employees
Evaluate and continuously improve the maturity of the security program through deployment and management of various security tools and processes
Desired Skills and Attributes
5+ years as a security engineer or similar role
Proven track record working in information security operations, engineering, architecture, or security consulting
Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of: PCI, SOC2, HITRUST, ISO 27001/2, or similar
Able to design and evaluate general security controls, as well as how to design effective compensating controls where necessary
Experience working in a Security Operations Center environment, i.e. monitoring and reacting to SIEM alerts/events
Deep understanding to securely manage cloud-native environments and ability to deploy tools in these environments
Comfortable taking ownership of projects and showcasing key accomplishments
Strives for continued learning opportunities to build upon craft
Values correctness and efficiency and has an exceptional eye for detail
Ability to work quickly and independently with minimal oversight
Ability to work under pressure and multitask in a fast-paced start-up environment
Desire to accept feedback and constructive criticism
Holds a Cybersecurity certification, e.g. CISSP, CISA, etc