SWBC is seeking a talented individual to serve as a key Information Security Engineer empowered to leverage the industry’s latest security principles, practices, and tools to improve the reliability, integrity, and security of on premise and cloud-hosted applications. Works by, with, and through internal and external DevOps stakeholders to incorporate security into all stages of the software development life cycle. Applies DevSecOps principles and applicable security standards to secure cloud services, cloud native applications, integrations, and supporting infrastructure through Continuous Integration (CI) and Continuous Delivery (CD) workflows, patterns, and tools. Analyzes cybersecurity, software development, infrastructure, software design, architecture and information technology best practices, threat intelligence, and emerging requirements to improve the security of the hosting environment and applications. Monitors cloud applications and services for indicators for compromise and compliance shortfalls and tracks issues for timely remediation. Implements administrative and technical controls to ensure security, privacy, and compliance of data stored, processed, or transmitted on Company owned or controlled cloud platforms. Monitors industry security updates, technologies, and best practices to ensure the Company's multi-cloud environment continues to provide adequate security and meet compliance requirements.
Why you'll love this role:
In this role, you will work with some of the top information security, technology, and business professionals in the financial services industry. As part of an agile and innovated security team, you will work closely with stakeholders at all levels and interact with the industry’s top partners. You will employ advanced security technology and tactics to defend cutting-edge FINTECH and business technology. Beyond amazing career opportunities and singular experiences, our security team is diverse in all aspects; passionate about collaboration; leverages amazing technology and automation; laughs often; and celebrates our success as a team. Our leaders recognize that empowerment, autonomy, work-life balance, professional development, continuous improvement, and a commitment to shared values are key enablers of our success. We work hard, take care of each other, and deliver positive outcomes daily. This will be your best career decision.
Essential duties include the following:
Identifies, implements, maintains, and monitors risk-informed, standards-based, effective, and efficient security controls within a hybrid multi-cloud technology environment.
Supports continuous integration and continuous development pipelines and processes that automatically build, test, and deploy infrastructure and containerized applications to ensure appropriate security checks are included automatically or manually. Reviews software releases and infrastructure changes for security vulnerabilities and risks prior to approval.
Supports enterprise software development and cloud infrastructure projects and production applications that store, process, and transmit regulated data to ensure controls meet or exceed standards.
Manages vulnerabilities and security testing for on premise and cloud-hosted applications and tracks issues to remediation.
Supports audit and compliance efforts to ensure applications, infrastructure, and integrations meet applicable compliance and contractual standards.
Identifies, recommends, and tests technical security standards and guidelines for software development, DevOps, and release management to ensure that all delivered solutions and architecture adhere to industry best-practices for availability, confidentiality, and integrity.
Partners with internal and external development teams and other stakeholders to improve security and operational monitoring for cloud hosted workloads.
Develops and tests incident response plans to prepare for, respond to, and recover from security incidents and operational issues as part of an incident response team.
Supports efforts to provide for a secure integrated development environment for external and internal software and release management pipelines.
Builds and tracks performance indicators and metrics to inform security control monitoring in cloud environments.
Performs all other duties as assigned.
Serious candidates will possess the minimum qualifications:
Bachelor’s Degree in Computer or Software Engineering, Information Security, Cybersecurity or related field from an accredited four year college or university required. Master’s Degree preferred.
AWS Certified Solutions Architect or DevOps Engineer Professional certification required.
AWS Security Specialty certification highly desired.
Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) highly desired.
Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK) desired.
GIAC Cloud Security Automation (GCSA) certification highly desired. Must be able to obtain certification within 6 months of hire.
Minimum eight (8) years of extensive security engineering experience, including architectural design using AWS best practices and industry standards.
Experience implementing and managing tools for security, availability, and compliance monitoring in a cloud environment which includes collecting data, parsing log files, capturing network traffic, setting alert thresholds, and notifying stakeholders.
Experience and understanding of the DevOps deployment pipeline and security considerations for each step of the CI/CD processes.
Experience with serverless architectures, their features, advantages, security concerns, and tactics for deploying effective security in serverless implementations.
Experience with vulnerability management and virtual patching in the cloud.
Experience with Amazon Web Services (AWS) cloud architecture components, security, identity, & compliance services, and knowledge of how to secure the environment.
Familiar with DevOps toolsets to track work items, code, test, build, and release, and knowledge of how each stage is secured and automated.
Familiar with tools to perform vulnerability assessments, threat detection, compliance benchmarking, audit logging, log evaluation, and network collection for cloud hosted applications.
Familiar with basic web development practices, i.e. HTML, CSS, JavaScript, JQuery, etc.
Familiar with team development tools and source control, including Azure DevOps, GIT, etc.
Familiar with the principles of software development life cycle (SDLC) and separation of duties.
Understanding of micro service architecture and implementation of appropriate security controls used in various architectural designs and conditions.
Understanding of “As Code” processes and attack surfaces presented by CI, CD, and CM tools and familiarity with techniques for how to harden these tools.
Understanding of the Secure DevOps auditing controls and how to leverage automated scanners to automate policy requirements.
Demonstrated knowledge of how to configure security services and tools such as Web Application Firewalls, Content Delivery Networks, and Intrusion Monitoring to protect against common website attacks.
Demonstrated knowledge of encryption and encryption key management using managed services and a dedicated cloud hardware security module.
Knowledge of container security issues, hardening containerized environments, container orchestration tools, and running production workloads in the cloud.
Knowledge of IT Security Operations.
Knowledge of UI, AI, and Machine Learning.
Knowledge the Payment Card Industry (PCI) Data Security Standard (DSS).
Able to understand and write basic JSON programming language policies.
Demonstrated ability to work as an essential part of a highly motivated business, technology, development teams.
Proficient Microsoft Office skills, including Word and Excel.
Written and verbal communication skills and the ability to work with teams and external stakeholders are essential.
Strong problem resolution and interpersonal skills.
Strong multi-tasking skills.
Able to use general office equipment including copy machine and phone system.
SWBC offers*:
Competitive overall compensation packageWork/Life balance Employee engagement activities and recognition awards Years of Service awardsCareer enhancement and growth opportunities Leadership Academy and Mentor ProgramContinuing education and career certifications Variety of healthcare coverage optionsTraditional and Roth 401(k) retirement plans Lucrative Wellness Program*Based upon employee eligibility
Additional Information:
SWBC is a Substance-Free Workplace and requires pre-employment drug testing.
Please note, SWBC does not hire tobacco users as allowed by law.
To learn more about SWBC, visit our website at www.SWBC.com. If interested, please click the appropriate apply button.