Senior Security Engineer

Job Description

As the Senior Security Engineer, you will play a critical role in safeguarding our organization’s digital and physical assets. You will be responsible for implementing and maintaining security measures to protect the organization's infrastructure, assets, data, and personnel in close collaboration with the Director of Information Security and Compliance. You will help manage our compliance programs, including SOC2, GDPR, and emerging state and country privacy laws. You will also provide crucial technical security expertise to support the sales process. Your duties will include, but are not limited to:

• Execute our comprehensive security program, including implementing policies, procedures, and guidelines that align with industry standards and best practices.
• Work with cross-functional teams to implement security measures that align with business objectives.
• Deploy, maintain, and monitor security technologies, tools, and systems to enhance the organization's security posture.
• Support the sales engineers by providing technical expertise on security requirements for potential and existing customers.
• Assist in customer-facing sales calls to address specific technical security concerns.
• Help develop security presentations and training materials to support internal and customer security objectives.
• Conduct daily monitoring, triage, and escalation of security alerts from various security systems.
• Validate and document submissions from our Responsible Disclosure program.
• Maintain situational awareness of emerging vulnerabilities for our technology stack and escalate as needed.
• Conduct scheduled and on-demand security assessments to identify and evaluate potential security risks and assist in developing mitigation plans.
• Implement product security features and capabilities in collaboration with the product development team.
• Perform scheduled and on-demand vulnerability scanning and penetration testing against networks and applications.
• Investigate, triage, and respond to security incidents, ensuring proper documentation and escalation.

Requirements

• 5+ years experience in information security, with hands-on experience in security operations and compliance frameworks such as SOC2.
• Experience implementing and maintaining security tools and controls, including SDLC and GRC tools.
• Ability to clearly articulate how our security program addresses customer security requirements.
• Strong knowledge of security best practices and technologies, including access control, intrusion detection, and incident response.
• Experience with cloud security, specifically in Google Cloud Platform (GCP).
• Ability to identify and implement practical, effective security solutions that balance risk with business objectives.
• Strong communication skills with the ability to explain complex security concepts to various stakeholders.
• Hands-on experience with security monitoring tools, vulnerability scanning, and security testing.
• Understanding of common security frameworks and ability to map controls to compliance requirements.
• Experience with automation and scripting for security operations.
• Relevant security certifications such as Security+, CISSP, SSCP, GIAC/GSEC, or GCP platform-specific security certifications.

Benefits

Work environment:

• Position is remote within US
• Minimal travel
• Limited physical demands

If you are a security professional with a strong technical background and passion for implementing robust security measures, we encourage you to apply for this opportunity.

ActivTrak is an equal opportunity employer. We celebrate and are committed to creating an inclusive environment for all employees. ActivTrak does not discriminate on the basis of political affiliation, marital status, protected veteran status, or any other factor protected by applicable federal, state or local laws.