Innate, Inc.: Senior information Security Specialist at Innate, Inc. (Washington, DC) (Washington, DC)
Posted: Dec 8, 2018
Innate develops, operates and maintains multiple systems based in Amazon Web Services to provide global eCommerce capabilities. Multiple direct-to-consumer websites, publicly available and high-throughput APIs are examples of the types of systems we have built and currently maintain in the cloud. Our systems are widely used and operate at scale across the world.
As we have grown, we recognized the need to centralize security functions in a specific role. As a result, we are looking to hire a hands-on Senior Information Security Specialist to help us align our systems to our global InfoSec standards. This position requires an experienced cloud engineer who can interact with global InfoSec leads at client sites including financial institutions, understand global security standards and then work directly with our development and infrastructure teams to implement these standards. This is a hands-on position and requires someone comfortable working on AWS directly to configure platform services.
Current Challenges to be Tackled
- Understand and audit existing IT systems to ensure they adhere to various InfoSec standards including the Payment Card Industry Data Security Standard (PCI DSS), the NIST Cybersecurity Framework and ISO 27001 Standards.
- Design, implement, and monitor security measures for the protection of web sites, cloud networks and information privacy.
- Identify, define & implement system security requirements for cloud applications.
- Work with development teams and infrastructure teams to incorporate tools and best practices to ensure cloud-based IT systems are secure and compliant.
- Schedule system patching and record patch history across our entire environment to meet auditing requirements.
- Set up and configure new platform services on cloud environments.
- Minimum 5 years working across organizations to develop and implement security standards across organizations to develop and implement security standards.
- Minimum 5 years working with operations and development leads to understand organizational security requirements and how they would impact production systems.
- Minimum 2 years working in a system engineering or DevOps capacity in any cloud-based environment (e.g. AWS, Azure, GCP).
- Experience writing security standards and related documentation including Risk Assessments and Risk Mitigation plans.
- A solid understanding of networking, network security, encryption and routing from a security perspective.
- Experience with implementation, administration, and troubleshooting of Windows Server and Linux systems, including patch management and server hardening.
- Experience with log file analysis, vulnerability scanning and monitoring tools.
- Excellent written and oral communications skills
Ideal / Bonus Experience
- Experience working in a global organization and working with remote teams to understand security requirements.
- Direct hands on experience with AWS and platform services such as ELB, EC2, SQS, RDS.
- Direct hands on experience with New Relic and/or Splunk.
- Experience working with distributed cloud-based systems operating at scale.
- Experience working in the Financial industry and understanding financial systems security best practices.
- Experience with various web application frameworks such as .NET, Java or PHP.