Kentik · 2 days ago

Staff Security Engineer

United States

Full-time

Remote

Senior Level

$174K/yr - $236K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Cloud Data ServicesInformation Technology

Comp. & Benefits

Insider Connection @Kentik

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Infrastructure & Cloud Security - Drive initiatives to identify, implement and operate processes/technologies to manage risk across product and corporate infrastructure in a hybrid-cloud environment. This includes initiatives such as email security, server & container security and cloud security posture management.

Threat Management - Lead the security threat detection and response strategy and operations by implementing processes and technologies to mature the same. Establish automated incident detection sensors and response playbooks. Manage technologies such as EDR and SIEM and engage with third party providers of services as needed. Lead the bug-bounty and annual penetration testing activities partnering with both internal and external stakeholders.

Vulnerability Management - Perform manual and automated vulnerability assessments. Manage automated vulnerability scanning technologies and Analyze/triage vulnerabilities from across these technologies and infrastructure to prioritize appropriate mitigation. Partner with business groups to establish & mature vulnerability detection processes and remediation SLAs.

SDLC Security - Improve the secure SDLC pipeline by maturing security practices at each stage of the SDLC from security and privacy by design (SbD & PbD) to automated assessments in the Ci/CD pipeline.

Data Protection - Establish procedural and technical controls to manage the security and privacy of the business data collected and processed within the organization.

Training & Mentoring - Provide security & privacy training including role specific training for groups across the organization and mentor other junior members in the team.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security & Privacy ProgramsInfrastructure SecurityThreat ManagementLinuxKubernetes/ContainersPublic Cloud ProvidersAWSGCPAzureEDRCSPMSIEMVulnerability ManagementIncident ResponseThreat Management FunctionsPlaybook AutomationManaged Service ProvidersCross-Functional CollaborationTechnical Security GuidanceComplianceRegulatory FrameworksNISTSOC2ISO27001ISO27701GDPRCCPACISSPOSCPSANS GIAC

Required

5+ years of hands-on relevant work experience in implementing Security & Privacy programs

2+ years of experience implementing infrastructure security and/or threat management technologies

Strong experience with technologies such as Linux, Kubernetes/containers and at least one of the public cloud providers (AWS/GCP/Azure)

Strong experience with EDR, CSPM, SIEM and other vulnerability management technologies

Experience driving incident response operations and building threat management functions from detection to response to playbook automation, as well as working with managed service providers

Experience working with cross-functional departments and partners to provide technical security & privacy guidance and recommendations

Experience with security & privacy compliance and regulatory frameworks such as NIST, SOC2, ISO27001, ISO27701, GDPR & CCPA