Associate Security & Compliance Engineer

Job Description

You will be part of Denodo’s Security team, which is responsible for managing security compliance, as well as, respond to customers' and third parties' security requirements. Besides, the Security team provides design, deployment & support for security systems, services, and requirements in all Denodo locations.

The ideal candidate will be a technical security professional. We are willing to consider candidates that have a serious desire to enter the security profession and would enjoy jumping into a challenging position on the cutting edge of security operations. As a Security Engineer, you will be responsible for enhancing the corporate security and detection capabilities to catch advanced threats, appraising threat actors, building advanced correlation use cases, and reporting. The candidate will improve global corporate security by defining, selecting, deploying, and operating new security platforms.

• Presales & Customer Communication

  • Respond to security sections on Request for Proposals (RFP), Requests for Information (RFI), Proof of Concept (POC), assessments, review security contract clauses, and perform vendor assessments from our customers

• ISO Audit and Compliance

  • Managing the Denodo Information Security Management System (ISMS) according to the ISO/IEC 27001:2013 certification processes including the Information Security policies, procedures, guidelines and audit

  • Participation in the risk analysis process in the role of a technical expert

  • Collaborate with the business teams and staff at all levels to promote the Information Security agenda

  • Develop and manage the continuous improvement of security controls

  • Develop and perform a vendor assessment to our suppliers

  • Help identify and select new technologies or vendors to ensure security and compliance

  • Update process documentation and team portals

  • Support auditors and provide articles of evidence as needed, review audit reports, implement or support the implementation of necessary remediations

  • Manage equipment tracking, internal software, and hardware utilization

• Build, Communicate and Secure Internal Systems

  • Ensure that security policy and security standards are implemented and adhered to while also managing exceptions.

  • Write, develop, and implement all IT security policies, protocols, guidelines, and procedures

  • Stay abreast of current and future security risks and adapt mitigations and controls accordingly

  • Raising user awareness in technological areas

  • Implement and support the deployment of new security technologies, both software and hardware, across the company including both Cloud and on-site solutions for the protection of the organization based on the latest threats

  • Provide operational incident support across a set of assigned technologies

  • Implement requested changes, updates, and improvements to the global security infrastructure including technology refreshes, minor updates, report development, access provisioning, implementation of major upgrades, as well as alert tuning and development

  • Use scripting languages to automate tasks and gather data

  • Responsible for defining hardening for the Windows, Linux & Virtualization platforms

  • Assisting Information Asset Owners and other company teams to define and implement appropriate security recommendations

• Security Operations

  • Monitor networks/systems for security breaches and investigate violations when they occur

  • Manage the day-to-day security monitoring, change management, rule set deployment, and issue handling

  • Implementation of technical safety measures

  • Maintenance of Information and Communication Technology (ICT) infrastructure and resources related to support the ISMS

  • Supervision of access rights to the Denodo’s corporate resources

  • Monitoring and maintenance of ICT networks and resources

  • Management of the availability, executive potential and events

  • Responding to threats and security incidents

  • Support of users in security related topics and incidents

  • Communicate with peers and managers regarding system issues

  • Participate in 24x7 on-call

  • Willing to work on a flexible schedule when necessary (working outside of normal business hours, holidays, and some weekends)

Qualifications

• Minimum 5 years of relevant experience in an Information Security function
• Ability to handle multiple complex tasks in a dynamic environment, with tight deadlines concurrently
• Required experience with ISO/IEC 27001 maintenance or another security compliance standard (SOC-2, NIST CSF, NIST 800-53, etc.)
• Certification to one or more or of the equivalent: CISSP, CISM, ISO/IEC 27001 lead implementer, ITIL
• Experience in responding to customer/partner-specific Information Security requirements (RFP, RFI, POC)
• Experience reviewing security contracts clauses, and performing vendor assessments
• Be able to understand the controls and processes associated with other certification, legal, regulatory, and compliance security frameworks. For example, these include the General Data Protection Regulation (GDPR), The California Consumer Privacy Act (CCPA), China’s first Cybersecurity Law (CSL), Cyber Essentials, ISO-27001, SOC 2, NIST CSF, NIST 800-53, Federal Risk and Authorization Management Program (FedRAMP), The Federal Information Security Management Act (FISMA), Payment Card Industry Data Security Standard(PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), etc.
• Ability to use problem-solving techniques, troubleshoot system outages, and provide timely solutions to operational issues
• Identify root causes to drive improvements into the platform to prevent future operational incidents
• BS/BA or higher degree relating to Information Systems or Computer Science or equivalent and demonstrated knowledge and experience
• Proactive and ability to work autonomously
• Have professional curiosity and the ability to enable yourself in new technologies and tasks
• Good English level, additional languages will be a plus
• Excellent verbal and written communication skills to be able to interact with technical and business counterparts
• Strong knowledge of information security with operations (ITIL) experience.
• Knowledge of Linux & Windows Operating Systems
• Have Cloud experience (on AWS, AZURE, or Google).
• Experience in computer networking (TCP/IP, DNS, AD, LDAP, SMTP, DHCP, HTTP, FTP, SMTP, SSL, Syslogd, PKI, IDS, IPS, SIEM, Monitor Tools, DPI, DLP, GRC),
• Familiarity with application and infrastructure vulnerabilities and encryption
• Knowledge of G Suite and Microsoft 365 Security Administration (MS-900, MS-500)
• Experience supporting complex global security infrastructures
• Proven operations experience in the Information Security field
• Experience with container platforms is a plus.
• Good understanding of relational database systems, SQL query language, and scripting language (Powershell, Linux Shell, Perl, Python, etc)

Additional Information

• We are committed to equal employment opportunity.
• We respect, value and welcome diversity in our workforce.
• We do not accept resumes from headhunters or suppliers that have not signed a formal fee agreement. Therefore, any resume received from an unapproved supplier will be considered unsolicited, and we will not be obligated to pay a referral fee.