As the Lead Security Engineer, you will be
responsible for working with Senior IT Security staff and multiple IT
organizations across the globe on to reduce risk and exposure of
Cimpress and related brands infrastructure. This position requires broad
IT background, knowledge of Information Security concepts, control and
compliance as well as strong communications skills to effectively manage
processes and projects with cross-functional teams.
This
is a hands-on position requiring a person with a great deal of system
management experience together with a thorough understanding of various
security principles.
Responsibilities
Interact with Governance, Risk and Compliance groups as required to help prioritize risk and assess compliance status.
Tool Development – develop or leverage open source tools to automate tests in CI/CD pipeline
Assessment
of tools for vulnerability management and penetration testing. Ability
to conduct Proof of Concepts (PoC) or Request for Proposal (RFP) to
determine best solution.
Preform threat and risk analysis using FAIR methodology
Work
with business owners and developers to explain the associated risks of
vulnerabilities to their specific environment or product.
Qualifications
Experience developing in Python, Ruby, Go, or similar languages.
Experience deploying Infrastructure as Code (IaC) via Terraform.
Create integrations between security tools, or write new plugins as needed for existing tools.
Experience with commercial and open source application and network/infrastructure vulnerability testing tools.
Manage large amounts of threat and vulnerability data and create tool integrations.
In-depth understanding of testing web-services (REST, SOAP, and Swagger) a big plus.
Experience with PCI, SOX regulatory standards.
Keep up to date on the latest and most advanced offensive security techniques and frameworks.
Collaborate with “Blue Team” members to help test and prioritize defenses.
Ideal candidate would have:
DAST or SAST experience, OWASP ZAP, Checkmarx, Burp Suite or equivalent,
Experience in cloud services (AWS, GCP, Azure)
Experience with various security tools and products (Tenable, Metasploit, etc…)
Good understanding of the components of a secure SDLC
Vulnerability analysis and application reversing skills
Utilizamos cookies propias y de terceros para medir tu actividad en éste sitio web y mejorar el servicio ofrecido mediante el análisis de tu navegación. Si continuas navegando, consideramos que aceptas su uso. Puedes cambiar la configuración y obtener más información aquí.