Security Engineer
Precisely
Precisely is the leader in data integrity. We empower businesses to make more confident decisions based on trusted data through a unique combination of software, data enrichment products and strategic services. What does this mean to you? For starters, it means joining a company focused on delivering outstanding innovation and support that helps customers increase revenue, lower costs and reduce risk. In fact, Precisely powers better decisions for more than 12,000 global organizations, including 93 of the Fortune 100. Precisely's 2500 employees are unified by four company core values that are central to who we are and how we operate: Openness, Determination, Individuality, and Collaboration. We are committed to career development for our employees and offer opportunities for growth, learning and building community. With a "work from anywhere" culture, we celebrate diversity in a distributed environment with a presence in 30 countries as well as 20 offices in over 5 continents. Learn more about why it's an exciting time to join Precisely!
Application and Interview Impersonation Notice:
Impersonating another individual when applying for employment, and/or participating in an interview process to assist another individual in obtaining employment, with Precisely Software Incorporated (“Precisely”) is unlawful. If Precisely identifies such fraudulent conduct, then as applicable and to the extent permitted by law, the application will be rejected, an offer (if made) will be rescinded, or the employment will be terminated, and legal action may be taken against the impersonators.
Join our global Product Security team as a Security Engineer, assisting with the implementation of key internal security programs across our diverse portfolio of 100+ products. We are looking for an experienced security professional that can help secure our cloud hosted applications and products. Further, you will be helping us in all aspects of our secure development lifecycle. With a proven record of discovering hard to find security issues and responding to security incidents originating from cloud hosted application platforms, you will integrate with our security operations and application security teams and coordinate with engineering and product teams to improve the security posture and maturity of our products. This is a role with many opportunities for growth and specialization.
Essential duties and responsibilities
- Monitor, analyze and respond to security events and incidents and participate in forensic investigations.
- Manage identity and access controls, including role-based access, SSO, MFA and zero trust implementation models.
- Participate in Red and Purple Teaming activities.
- Assist with Threat Modelling and product design security reviews.
- Investigate possible issues in a cloud hosted production environments and assist in ensuring secure configurations are deployed with our SRE and DevOps teams.
- Consult on security best practices across our Engineering, Cloud, SRE, DevOps and Product management groups to achieve end to end security for our products.
- Collaborate with the application development teams to ensure a common and shared understanding of any security issues.
- Help develop internal security standards, procedures and policies.
- Implement automation and security orchestration processes to reduce the time to contain serious security threats or auto-remediate commodity level security findings.
- Review and understand results from vulnerability scanning tools and security event logs.
- Research and advise on usage of the latest tools and techniques to secure cloud hosted deployments.
- Maintain awareness of the latest security trends and zero-day findings.
Essential education, skills and knowledge requirements:
- 4+ years minimum of Security Experience Required.
- Demonstrable expertise in Microsoft Azure cloud security design, implementation and operations is required.
- Proficiency in AWS and Google Cloud Platform security design, implementation and operations is highly desirable.
- Experience performing security testing on cloud infrastructure is highly desirable.
- Experience performing web application security testing is a plus.
- Advanced knowledge of security tooling and vulnerability toolkits.
- Good understanding of application architectures designs, and the common tech stacks involved.
- Familiarity with the OWASP Top 10 and MITRE ATT&CK framework is a plus.
- Working knowledge of common authentications models (SAML, OAuth, OIDC, JWT).
- Familiarity with cloud hosted deployment models and their associated attack vectors in Azure, AWS and GCP is essential.
- Knowledge of Kubernetes related security and attack vectors (or other container-based deployments) is desirable.
- Knowledge of WAF / DDoS protection and mitigation options and virtual patching techniques.
- Experience with scripting and automation (Python, Bash, PowerShell, workflow engines or other automation systems).
- Demonstrated excellence in English communication skills in a stakeholder facing environment.
- Must be self-directed, resilient, and creative.
- Working knowledge of FedRAMP requirements and processes advantageous.
- Software Engineering background useful.
- CISSP, CSSLP and other similar certifications can help.
- Full agile scrum working experience a benefit
About Precisely
- Precisely is a global leader in data integrity, providing accuracy and consistency in data for 12,000 customers in more than 100 countries, including 90 percent of the fortune 100. Precisely’s data integration, data quality, location intelligence, and data enrichment products power better business decisions to create better outcomes. We are looking for talented individuals with the experience and motivation to join our innovative team.
#LI-IH1
The personal data that you provide as a part of this job application will be handled in accordance with relevant laws. For more information about how Precisely handles the personal data of job applicants, please see the Precisely Global Applicant and Candidate Privacy Notice.