Lead Security Engineer
Wilson Language Training
We are looking for an experienced, hands-on, and confident InfoSec Leader to help our company build a secure SaaS platform and Secure IT Infrastructure. They will be helping our teams with penetration testing, audit, risk assessment, obtaining and/or maintaining compliance, reviewing policies, and leading our incident response program.
Essential Job Functions:
- Performs vulnerability scans on software prior to release.
- Leads cybersecurity risk management activities, including threat modeling and vulnerability assessments.
- Participates in design and code reviews to identify security-related issues and recommends design changes as appropriate.
- Analyze security compliance requirements for new system features and proactively identify potential security issues.
- Work cross-functionally with the Product and Engineering teams to ensure security vulnerabilities are properly understood and prioritized, and remediation plans are developed to address and remediate the risk in a timely manner.
- Lead security projects and participates in IT projects.
- Prepare and update IT Security documentation (policies, procedures, response plans, etc.).
- Recommend security process changes or improvements.
- Identify and analyze potential security vulnerabilities and emerging threats and implement remediation.
- Develop, monitor, and assess our data, tech tools, and network security implementations.
- Configure, administer, and troubleshoot corporate security tools (DLP, IDS, SIEM, EDR etc.)
- Evaluate and partner with vendors to implement security solutions.
- Act as the Lead in major incident management and problem management processes.
- Create configuration baselines, identify gaps, and create detailed recommendations.
- Provide support for RFP review and responses along with vender questionnaire related to IT security.
- Maintain awareness of external events to identify threats and opportunities for enhancement.
- Assists development teams in penetration and fuzz testing of new products containing software.
- Provides support on product security issues and questions that are escalated to Engineering.
- Develops awareness of security concerns, shares best engineering practices, and creates/updates procedures to ensure compliance.
- Mange Risk Register & Vender Risk Management.
- Performs audits of users, systems, and log per company policy with regular reporting requirements to leadership.
- Lead NIST, PCI, and SOC Assessment processes and annual maintenance
- Champions continued improvement of security-related processes and tools.
- Manage security education platform and the training of our employees.
- Identifies and evaluates new technologies and tools related to security.
- Proposes solutions and helps define the future technical direction for product security.
- Propose / execute monthly Cyber Security Newsletter
- Understand and display WLT’s values.
- Other duties as assigned.
- Minimum of 5 years of proven experience in Information Technology security work
- Minimum of 5 years of overall IT experience
- Demonstrated experience in application security, vulnerability assessments, penetration testing, and risk assessment activities across functional business areas and technology services.
- Knowledge or experience penetration testing methods and tools such as Burp Suite, OWASP ZAP, Rapid7, Kali Linux, and more
- Demonstrated ability to explain standards and frameworks such as OWASP Top Ten, NIST CSF, CIS Benchmarks, and more to technical and non-technical staff, developers, system administrators, and management.
- Experience with Microsoft AD, Azure AD, LDAP, and Mac security controls
- Experience managing Office 365 security controls (data loss prevention, encryption, conditional access)
- Ability to work in and enjoy a fast-paced environment across organizational teams.
- Ability to work flexible schedules to meet job requirements.
- Experience with or knowledge of either application security or Azure infrastructure security.
- Some audit and compliance (ISO-27000, NIST-800, SOC, PCI) efforts and understanding.
- Technical Certifications, such as CISSP, ACSP, MCP, MCDT, MCITP/MCSA, A+, Network+, or Security+
- PowerShell, Bash, Python scripting, and coding abilities.
- Proven experience with change and incident management practices in medium to large enterprise environments.
Education or Certification:
- Bachelor’s degree in information technology or related field.
Wilson has identified the anticipated pay range for this role based on the many factors that we consider in defining compensation levels for our roles, including market data, and internal equity considerations. Actual pay, and allocation between base and any target discretionary bonus, will vary based on geographic location, education, work experience, skills, market data, and internal equity considerations. Wilson offers competitive benefits, including:
- Medical, dental, vision, and Life & Disability Insurance
- 401k plan with partial employer match
- Paid Time Off
- Paid holidays
- Tuition reimbursement
- “O’Connor days,” which refers to a company-wide office closure between Christmas and New Year’s Eve, as well as other perks.
Wilson Language Training is an Equal Opportunity, Drug-Free Employer Committed to Diversity in the Workplace. M/W/D/V