Remote Senior Security Engineer

Description:

• As the Senior Security Engineer, you will play a critical role in safeguarding our organization’s digital and physical assets.
• You will be responsible for implementing and maintaining security measures to protect the organization's infrastructure, assets, data, and personnel in close collaboration with the Director of Information Security and Compliance.
• You will help manage our compliance programs, including SOC2, GDPR, and emerging state and country privacy laws.
• You will provide crucial technical security expertise to support the sales process.
• Your duties will include executing our comprehensive security program, including implementing policies, procedures, and guidelines that align with industry standards and best practices.
• You will work with cross-functional teams to implement security measures that align with business objectives.
• You will deploy, maintain, and monitor security technologies, tools, and systems to enhance the organization's security posture.
• You will support the sales engineers by providing technical expertise on security requirements for potential and existing customers.
• You will assist in customer-facing sales calls to address specific technical security concerns.
• You will help develop security presentations and training materials to support internal and customer security objectives.
• You will conduct daily monitoring, triage, and escalation of security alerts from various security systems.
• You will validate and document submissions from our Responsible Disclosure program.
• You will maintain situational awareness of emerging vulnerabilities for our technology stack and escalate as needed.
• You will conduct scheduled and on-demand security assessments to identify and evaluate potential security risks and assist in developing mitigation plans.
• You will implement product security features and capabilities in collaboration with the product development team.
• You will perform scheduled and on-demand vulnerability scanning and penetration testing against networks and applications.
• You will investigate, triage, and respond to security incidents, ensuring proper documentation and escalation.

Requirements:

• You must have 5+ years of experience in information security, with hands-on experience in security operations and compliance frameworks such as SOC2.
• You should have experience implementing and maintaining security tools and controls, including SDLC and GRC tools.
• You must be able to clearly articulate how our security program addresses customer security requirements.
• You should possess strong knowledge of security best practices and technologies, including access control, intrusion detection, and incident response.
• Experience with cloud security, specifically in Google Cloud Platform (GCP), is required.
• You must have the ability to identify and implement practical, effective security solutions that balance risk with business objectives.
• Strong communication skills with the ability to explain complex security concepts to various stakeholders are essential.
• You should have hands-on experience with security monitoring tools, vulnerability scanning, and security testing.
• An understanding of common security frameworks and the ability to map controls to compliance requirements is necessary.
• Experience with automation and scripting for security operations is required.
• Relevant security certifications such as Security+, CISSP, SSCP, GIAC/GSEC, or GCP platform-specific security certifications are preferred.

Benefits:

• The position is remote within the US.
• There is minimal travel required for this role.
• The role has limited physical demands.
• ActivTrak is an equal opportunity employer that celebrates diversity and is committed to creating an inclusive environment for all employees.