\nJob Duties & Responsibilities:\nThe core responsibilities of this position will be:\n\n\n* Drive the long term Data Protection, tech road map and driving continual optimization\n\n* Lead enterprise Data Protection projects, provide assessment of compliance to policies and standards, research solutions and provide guidance to project teams to resolve shortcomings\n\n* Identify, select and develop architecture artifacts (reference architectures, standards, policies, reusable designs, principles, models, frameworks, guidelines, and best practices) across data protection topics\n\n* Provide technical oversight, drive change and provide guidance thru a cross-enterprise services program to ensure that the proper technical capabilities exists to support the business, and can sustain required security, availability, reliability and resiliency levels for Data Protection\n\n\n\n\nQualifications:\n\n\n* Proficient in the use of pen-testing tools and techniques for web systems.\n\n* 10 or more years of hands-on experience in IT Security with a focus on data systems, IT security systems engineering, or software engineering, at least 5 of which have been at Enterprise level\n\n* 15 years total experience in IT field\n\n* 10+ years experience in IT security requirements analysis, design, development, unit testing and operation of distributed, fault-tolerant security solutions with particular attention to security, scalability, performance, availability and cost/revenue optimization\n\n* Demonstrates expertise and leadership in working with business units, product management, development and operations to architect innovative solutions that meet the requirements with respect to functionality, performance, scalability, and reliability, realistic implementation schedules and adherence to architectural goal and principles.\n\n* Experience with high volume data processing (database, file systems, etc.) systems or large transaction client-server systems; experience with mobile, wearable computing, 3D printing and other emerging technology trends\n\n* Working knowledge of TOGAF, Zachman, Agile Architecture, FEA or other enterprise architecture methodologies\n\n* Broad experience across business, application, information, infrastructure and security architecture domains\n\n* Broad experience across business analysis, product design, engineering, QA, operations and sustainment in a large corporation / enterprise environment\n\n* Presentation skills, verbal, written\n\n* Ability to work in fast paced environment, problem solve, work independently\n\n* Proficient in the use of enterprise architecture, diagraming and documentation tools\n\n\n\n\nEssential Functions:\n\n\n* Conduct recurring internal penetration tests and document results.\n\n* Implement and maintain a compliance and vulnerability management program designed to assure protection of assets\n\n* Conduct regular scans of computing platforms to detect the presence of unauthorized software\n\n* Perform periodic audits of outsourced security operations (rogue device scans, account management, etc.) to validate compliance with security policies and requirements and report audit results to leadership and IT\n\n* Leverage security related data from internal sensors (e.g. SIEM, firewalls, IDS, routers, proxies, hosts, and Advanced Persistent Threat technologies deployed internally) and external sources (vendors, industry working groups, law enforcement etc.) in an effort to implement effective mitigations, and reviewing appropriate data sources for indications of adversarial activity.\n\n* Audit server OS and software asset versions to ensure they are kept up to date\n\n* Coordinate white hat penetration tests and oversee remediation and documentation of detected vulnerabilities\n\n* Integrate into SDLC process and perform regular vulnerability scanning to detect vulnerable code and/or solution design prior to deployment to staging and production\n\n* Develop and Publish reports demonstrating regular vulnerability scanning and vulnerability remediation and trends over time\n\n* Perform ad-hoc vulnerability scan requests as directed in response to security breaches and/or pending attacks\n\n* Assesses threats to the environment and provide input into security architectures and designs\n\n* Develops, researches and maintains proficiency in tools, techniques, countermeasures and trends in computer and network vulnerabilities\n\n* Respond to emerging threats such as APT and other forms of targeted attacks, organized crime, etc.\n\n* Perform detailed forensic analysis of assets, including logs, malware samples, hard drive images, etc.\n\n* Reconstruct events of a compromise by creating a timeline via correlation of forensic data.\n\n* Perform malware analysis and other attack analysis to extract indicators of compromise.\n\n* Implement and manage tools and technologies for indicators of compromise and other threat intelligence.\n\n* Ensure that, where appropriate, all forensic investigations are recorded and tracked to meet audit and legal requirements\n\n* Mentor and train more junior analysts in intrusions and intelligence-driven network defense techniques and skills\n\n* Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to the business\n\n* Performs other duties as assigned\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Junior and Legal jobs that are similar:\n\n $80,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n