Remote Security Engineer

Description:

• Modern Campus is seeking a Security Engineer to maintain the organization's security posture and compliance programs, including PCI DSS, SOC 2, and TX-RAMP certifications.
• The role involves ensuring adherence to global data privacy regulations such as GDPR, FERPA, CCPA, and PIPEDA.
• The Security Engineer will serve as a liaison between internal teams and external auditors, ensuring continuous compliance and driving security initiatives through proactive security assessments and improvements.
• Responsibilities include maintaining a comprehensive security assessment program that encompasses vulnerability management, penetration testing coordination, and risk analysis, delivering actionable insights to enhance security posture.
• The engineer will analyze and interpret security scan results and vulnerability reports to develop prioritized remediation strategies, collaborating closely with development teams to address vulnerabilities effectively.
• The role requires engineering and implementing security controls based on industry standards (NIST, CIS, ISO) while continuously evaluating and enhancing the security infrastructure.
• The Security Engineer will coordinate and facilitate audit activities, including evidence collection and preparation of audit documentation and submissions.
• Tracking compliance requirements and deadlines across multiple frameworks is essential.
• Collaboration with IT and DevOps teams to architect, configure, and implement security monitoring and defense tools (e.g., SIEM, IDS/IPS, ASM, WAF) is required to safeguard against security breaches and cyber threats.
• The engineer will implement incident response procedures, including assessing impact, incident reporting, and coordinating with relevant teams for containment and resolution.
• Staying current on the latest vulnerabilities, security trends, and data privacy standards is crucial.

Requirements:

• A University or College degree in Computer Science, Information Technology, Cybersecurity, Data Privacy, or a related field is required, along with 3+ years of work experience.
• Strong programming/scripting skills for security automation and tool integration are necessary.
• Advanced knowledge of cloud platforms and infrastructure, preferably AWS and Azure, is required.
• Experience with security control automation and infrastructure as code is essential.
• Hands-on experience implementing and configuring vulnerability scanning tools (Qualys, Nessus, Snyk, Tenable, Rapid7) is required.
• Experience with SIEM platforms and log correlation systems, IDS/IPS, WAF technologies, and Attack Surface Management (ASM) tools is necessary.
• In-depth knowledge of OWASP Top 10 vulnerabilities and application security best practices is required.
• Understanding of privacy laws and regulations (GDPR, CCPA, etc.) is essential.
• Knowledge of NIST and CIS Benchmarking frameworks and ISO 27001 is required.
• Understanding of PCI DSS, SOC 2, and TX-RAMP / StateRAMP frameworks is necessary.
• Experience with audit preparation and coordination is required.
• Strong knowledge of information security principles and best practices is essential.
• Excellent documentation and technical writing skills are necessary.
• Strong project management and organizational abilities are required.
• Experience building and maintaining effective relationships with cross-functional stakeholders in a remote-first work environment is essential.

Benefits:

• The base salary range for this full-time position is between $70,000 - $140,000.
• The position offers a remote-first workplace, allowing employees to work from anywhere in North America.
• Rewards and recognition programs are available to employees.
• Learning and development opportunities are provided to enhance employee skills.
• Employees will have the opportunity to make a difference every day for universities trying to grow and students trying to learn.