US National – Telecommute
Senior SecOps Engineer – REMOTE
Salary: $140,000 – $160,000
Location: any us city
As a Senior SecOps Engineer, you will be responsible for leading the implementation of security configuration standards (hardening standards) across BounceXs cloud infrastructure to provide the company and its customers a secure environment from all internal and external threats. You will help us ensure a high standard of security by working to design and implement effective infrastructure security controls, audits, and security monitoring systems. You are a mentor to BounceX’s broader engineering community on how to design and implement secure systems while proactively identifying and fixing security flaws and vulnerabilities. You use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues.
Own the security architecture design and maintenance for BounceXs infrastructure
Perform review and analysis of infrastructure / application designs and security controls to identify security strengths and weaknesses, and recommendation of appropriate risk treatment
Implement compliance controls with key security standards that accelerate BounceX’s business goals
Analyzes and develops information security governance, including procedures, standards, baselines and hardening guidelines with respect to information security and use and operation of information systems
Perform incident response and disaster recovery tabletops
Define architecture, design and configuration of security tools to monitor, detect, prevent and mitigate security risks
Perform vulnerability scans and/or analyze results of scans and assist with remediation as required. Experience in application and cloud infrastructure vulnerability management is key.
Support needs for other parts of the security and compliance team, helping BounceX maintain a secure and compliant company
Administers authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets
Evangelize a security mindset with our development team using OWASP and other development/test integration best practices.
Conduct infrastructure security audits on an ongoing basis and provide reports
Minimum of 5 years experience in security engineering
Deep understanding and recent experience with cloud security concepts, in particular with Google Cloud Platform, IAM management, container security, infrastructure security architecture.
Experience performing threat modeling for systems and infrastructure to identify potential security issues
History of implementing enterprise security tools – SIEM, IDS/IPS, FIM, DLP, PAM
Experience with vulnerability management and incident response processes
Cloud administration and architectural experience specifically related to GCP
Recent and meaningful work with securing Kubernetes environments
Deep understanding of industry standards and regulatory compliance (SOC-2, ISO 27k, GDPR)
Experience with attacks and mitigation methods
Management of authentication and access controls; applied cryptography and security protocols
Experience with security monitoring and implementing intrusion detection systems
Development of security tools, automation or frameworks
Excellent communication skills, both written and oral, you must love to document!
Computer & IT , Computer Security , Software Development