As the Lead Security Engineer, you will be responsible for working with Senior IT Security staff and multiple IT organizations across the globe on to reduce risk and exposure of Cimpress and related brands infrastructure. This position requires broad IT background, knowledge of Information Security concepts, control and compliance as well as strong communications skills to effectively manage processes and projects with cross-functional teams.
This is a hands-on position requiring a person with a great deal of system management experience together with a thorough understanding of various security principles.
- Interact with Governance, Risk and Compliance groups as required to help prioritize risk and assess compliance status.
- Tool Development – develop or leverage open source tools to automate tests in CI/CD pipeline
- Assessment of tools for vulnerability management and penetration testing. Ability to conduct Proof of Concepts (PoC) or Request for Proposal (RFP) to determine best solution.
- Preform threat and risk analysis using FAIR methodology
- Work with business owners and developers to explain the associated risks of vulnerabilities to their specific environment or product.
- Experience developing in Python, Ruby, Go, or similar languages.
- Experience deploying Infrastructure as Code (IaC) via Terraform.
- Create integrations between security tools, or write new plugins as needed for existing tools.
- Experience with commercial and open source application and network/infrastructure vulnerability testing tools.
- Manage large amounts of threat and vulnerability data and create tool integrations.
- In-depth understanding of testing web-services (REST, SOAP, and Swagger) a big plus.
- Experience with PCI, SOX regulatory standards.
- Keep up to date on the latest and most advanced offensive security techniques and frameworks.
- Collaborate with “Blue Team” members to help test and prioritize defenses.
Ideal candidate would have:
- DAST or SAST experience, OWASP ZAP, Checkmarx, Burp Suite or equivalent,
- Experience in cloud services (AWS, GCP, Azure)
- Experience with various security tools and products (Tenable, Metasploit, etc…)
- Good understanding of the components of a secure SDLC
- Vulnerability analysis and application reversing skills
- Understanding of cryptography principles