Security Engineer II

About Company:

• Security Engineering:
  • Serve as lead technical resource for assigned security tools and services.
  • Lead efforts to automate cloud inventory processes.
  • Lead efforts to implement aspects of our SOAR strategy.
  • Participate in security event investigation and/or incident response.
  • Support security metrics through automated testing of security controls.
  • Contribute to information security planning, e.g., strategy, standards.
  • Support compliance efforts by producing artifacts from security tools and services.
• Partnership:
  • Collaborate with Operations on cloud environment and customer data security.
  • Collaborate with IT on corporate network, endpoint, and corporate data security.
  • Collaborate with HR to create a culture of security awareness.
• Continuous Education:
  • Maintain awareness and knowledge of emerging security threats and vulnerabilities.
  • Maintain awareness and knowledge of AWS services and cloud security best practices.
  • Maintain awareness and knowledge of major information security frameworks/guidance, e.g., CSA Controls Matrix, NIST CSF, FedRAMP.

• An attitude of “Problems are opportunities!” and “Manual work is tech debt!”
  • A passion for process improvement, efficiency, and automation.
• Proven integration and automation skills via REST APIs and microservices.
  • 1 - 3 years of development and/or automation experience, preferably with Python.
  • Familiarity with open-source or commercial integration platforms. Experience with Workato is a plus.
• Familiarity with version control. Experience with GitLab is a plus.
• Strong Linux skills.
• Experience with open-source or commercial SIEM, IDS/IPS, and vulnerability scanning solutions.
• Familiarity with security exploits, threats, and adversarial tactics, e.g., OWASP Top 10, MITRE ATT&CK.
• Experience working in AWS environments.
• Excellent critical thinking and problem-solving skills. You can contribute to spirited, yet professional, debate.
• Self-managed. Excellent planning, and time management skills.
• Experience working within Agile and Kanban frameworks.
• Education:
  • Bachelor’s degree in Computer Science, Computer Information Systems, Information Assurance, or related.
  • Relevant security certifications, e.g., Security , CySA , CASP , CISSP, GSEC.
• A strong interest in information security as a career field and related continuous education.
• U.S citizenship is required. Sponsorship is not available.

• Experience with open-source or commercial security orchestration and automated response (SOAR) platforms.
• Experience with security compliance audits, e.g., SOC2, HIPAA, FISMA, FedRAMP.
• Experience as a DevOps engineer.
• Experience with Docker and Kubernetes.
• PMI Citizen Developer Foundations or higher Certification.
• Experience with Low/No-Code solutions.

• The salary range for this position is [$]
• We cover 100% medical, dental, and vision benefits
• We understand you have a life outside of work and have an unlimited, flexible time-off policy
• We provide competitive paid parental leave for all new parents after 6 months
• We made Built in Colorado’s Best Small Companies to Work For list, Denver Business Journal’s Largest Denver-area Tech Employers list, and Outside Magazine’s 50 Best Places to Work list
• You will have the opportunity to challenge yourself and have a high degree of responsibility and impact
• Your daily tasks will change often and give you many opportunities to grow your professional and technical skillset and advance your career

• • Hands-on low-code application development training via Company University.
  • Sponsorship for Project Management Institute’s (PMI) Citizen Developer certification program.
  • Security and/or compliance certification and continuing education assistance.