Remote Security Engineer

Description:

• DataVisor is the world’s leading AI-powered Fraud and Risk Platform that delivers the best overall detection coverage in the industry.
• The platform supports easy consolidation and enrichment of any data, scales infinitely, and enables organizations to act on fast-evolving fraud and money laundering activities in real time.
• It utilizes patented unsupervised machine learning technology, advanced device intelligence, a powerful decision engine, and investigation tools to provide guaranteed performance lift from day one.
• The platform is architected to support multiple use cases across different business units flexibly, dramatically lowering the total cost of ownership compared to legacy point solutions.
• DataVisor is recognized as an industry leader and has been adopted by many Fortune 500 companies across the globe.
• The company culture is open, positive, collaborative, and results-driven.
• The Security Engineer will protect system boundaries, keep computer systems and network services hardened against attacks, and secure sensitive data.
• The role involves collaboration with the team to ensure products and environments are built to industry security standards and best practices.

Requirements:

• The candidate must engage with internal business teams on projects to assess security risk and help deliver secure solutions via threat modeling, code review, penetration testing, and enforcing secure development lifecycle.
• The role requires assistance with the implementation and execution of the application security program with business and engineering teams.
• Guidance on security architecture related to cloud computing products and services is necessary.
• The candidate must test web applications for common vulnerabilities including input validation, broken access controls, session management, cross-site scripting, SQL injection, and web server configuration issues.
• Utilization of security information and event management for real-time analysis of security alerts generated by cloud infrastructure and applications is required.
• Active participation in Incident Management, Change Management, Security Policy Management, and Security Incident Response is expected.
• The candidate must perform secure code reviews and implement security in all phases of the SDLC.
• Experience with SAST, DAST, and Internal Penetration testing on applications and infrastructure is necessary.
• The candidate should lead SOC2 and PCI Compliance programs.
• A minimum of 3+ years of industry experience with a proven track record of end-to-end audit prep/compliance ownership in SOC 2, PCI, HIPAA, or similar is required.
• Knowledge and experience with security best practices within AWS (EC2, S3, IAM, VPC, Route53) and other providers is essential.
• Skills in Security Compliance, Vulnerability Scanning, and Managing PEN testing are required.
• Demonstrated experience with systems auditing and monitoring to ensure compliance with security policies and standards is necessary.
• Understanding of key security concepts such as cryptography, authentication, authorization, security protocols, or security vulnerabilities as applied to web application security and Cloud-based services is required.
• A deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls, is necessary.
• Experience with IDS/IPS, firewalls, DDoS Prevention, and WAFs is required.
• A solid understanding of IP networking protocols: IPv4/6, TCP/UDP, DHCP, HTTPS, FTP, etc., is necessary.
• Experience performing network/security maintenance tasks in the Cloud and highly available 24/7 data centers is required.

Benefits:

• The position offers a flexible schedule with competitive pay, equity participation, and health benefits.
• Employees have the opportunity to work with a world-class team.