Senior Security Engineer

Company: Clear Capital
Location: Roseville
Posted on: January 13, 2021

Job Description:

This key position will play a critical role in safeguarding our organization's technology infrastructure. You will be responsible for assessing risk and recommending appropriate security measures and evaluating the effectiveness of their implementation in protecting the confidentiality, integrity, and availability of the information systems and the data entrusted to our safekeeping. You will stay abreast of company business strategies, information technology advances in the industry, and the risk profile of assigned product areas to ensure relevancy of all countermeasure approaches.As a product security engineer, you will review new and existing applications for vulnerabilities and opportunities for enhancements in their security posture. Interact with application owners to increase security awareness and the potential risks presented by application vulnerabilities, and establish the appropriate mitigating actions to manage risk to an acceptable level. Review infrastructure components, their configurations and technical controls, working with system owners to identify security gaps, establishing the appropriate mitigation steps as necessary with timelines for remediation. Maintain a complete understanding of the implementation of security controls, the security architecture, and resulting security posture of assigned product lines, and support the product owner as the product security expert during customer engagements and interactions.You will be the leader of an information security specialty area for your peers (Cloud, Web Application, Offensive, Defensive, etc), and provide mentoring and oversight in your area of concentration as necessary. You will be responsible for mentoring junior members of the team and other members of the Tech organization without a security background. You will make recommendations on technical solutions and the adoption of tools/systems that will increase the security posture of your area of concentration in relation to the risk exposure level.Primary Duties and Responsibilities* Architect, design, and monitor information system security controls and countermeasures relevant to the risks associated with the application of technology in support of our customers and information infrastructure* Analyzes and recommends security controls for the entire lifecycle of information systems, and assess controls for effectiveness* Analyzes and recommends security controls and procedures in business processes related to use of information systems and assets, and monitors for effectiveness* Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends* Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement* Assess authentication and access controls of user and system accounts, security/access roles, and access permissions to information assets* Analyzes trends and changes in threat and compliance environment with respect to organizational risk; advises organization management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments* Analyzes and develops information security governance, including organizational policies, procedures, standards, baselines and guidelines with respect to information security and use and operation of information systems* Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs* Integrate security into the software development lifecycle, to include architecture security assessments, system security documentation, vulnerability assessments, and recommendations for improvements in security posture* Play an active role in the design and execution of infrastructure initiatives to ensure an evolving adherence to industry best practices for information security* Lead the execution of the security assessment of specific technical areas of a project, supervising other team members, and coaching/teaching/mentoring where necessary* Assess audit findings/gaps including control weaknesses with an appropriate degree of professional skepticism, seeking to fully understand risks to Clear Capital. Assist technology partners with the development of remediation plans to mitigate weaknesses, providing thought leadership on the appropriateness of the plan* Demonstrate commitment to client's and the CTO's strategic vision, be a self-starter, and promote project ownership and responsibility for actionsRequired Job Related Skills and Experience* Bachelor's Degree, ideally in a technology-related field, or equivalent work experience* Deep experience in one of the following security focus areas: web application security, system security hardening, AWS Cloud Security and compliance as code, offensive security, defensive security* Certified Information Security Systems Professional (CISSP), Global Information Assurance Certification (GIAC) Security Essentials (GSEC), Offensive Security Certified Professional (OSCP), or equivalent information security certification* Experience in performing vulnerability assessments using a variety of tools and techniques and prioritizing remediation efforts based on risk and availability of resources* Demonstrable knowledge of information security control frameworks, i.e. National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), International Organization of Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 Information Security Management* Demonstrable knowledge of information security best practices* High attention to detail and excellent analytical skills* Excellent oral and written communication skills; ability to interact with internal and external stakeholders at all levels of the organization* Customer centric (internal and external), motivated, focused personality* Self Accountable and self motivated* Sound independent judgement* Ability to set priorities and adapt to changes in a quick, professional manner* Ability to use discretion when handling confidential information* Ability to "manage-up", often working closely with the executive team to complete projects and/or host customersAbout UsClear Capital is the premier provider of real estate valuation, analytics, and technology solutions. Powered by its more than 45 years worth of information on nearly every U.S. metro, neighborhood, and property, Clear Capital's solutions are trusted by community credit unions and billion-dollar financial institutions alike. Clear Capital is headquartered in Reno-Tahoe with a team of more than 600 nationwide, dedicated to going wherever it leads, and doing whatever it takes.Clear Capital is an equal opportunity employer.To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.INDT

Keywords: Clear Capital, Roseville , Senior Security Engineer, Engineering , Roseville, California