Senior Information Security Engineer

Introduction 

Are you searching for an opportunity to play a key role in driving the dramatic growth of a highly successful software company? 

At Poppulo, we’re working on what’s next in communications and workplace technology. As a pioneer in this industry, we understand that meaningfully reaching every employee is hard. And so is managing office space in a hybrid world. And so is improving the customer and guest experience. We exist to make each of these things easier. We exist to bring harmony to our customers. 

And we do that at enterprise scale. Our omnichannel employee communications, customer communications, and workplace experience platform is trusted by over 6,000 organizations today, reaching more than 35M employees and delivering content to 500,000+ digital signs.

We know there’s no such thing as a “perfect" candidate - we’re all a work in progress and are growing new skills and capabilities all the time. We encourage you to apply for a position with Poppulo even if you don’t meet 100% of the requirements. We believe in fostering an environment where there is a diversity of perspectives, in hopes that we can all thrive. 

Opportunity

Poppulo is seeking a Senior Information Security Engineer to join our security team.  

The role of the Senior Information Security Engineer implements preventive, detective, and response controls to protect Poppulo assets. They will utilize established and create new processes and capabilities to focus on incident response, application security, threat identification, analyses, and remediation.   

The Senior Information Security Engineer will support the development and maintenance of business continuity planning, data, systems, and network security for systems and controls related to their job duties. 

Responsibilities:

• Develops and implements security controls, defenses, and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, and web-based systems. 
• Perform application security reviews, consulting, and testing in coordination with developer operations. 
• Reviews security violation reports or logs, investigates security exceptions and coordinates with internal teams or external agencies as needed. 
• Planning, implementing, and managing security measures/technologies to protect the organization's information systems and networks. 
• Monitoring security systems to identify alerts and leading response efforts for potential security events. 
• Perform the analysis of malware, attack trends, and intel for patterns and develop automated solutions for analysis, classification, and categorization of data for further automation. 
• Work with global cyber intelligence collectors to identify, contextualize, and instrument current and emerging cyber threats. 
• Developing and implementing security policies and procedures. 
• Providing training and support to end-users on security best practices.
• Analyzing Emails for spoofing, reading and understanding email headers, and maintaining email gateway security controls. 

• Assist with Identity and Access Management (IAM) operations. 
• Perform real-time detection, analysis, and response to threats via Security technologies and platforms. 
• Provides subject matter expertise when needed. 
• Develop and mentor junior staff through open communication, training and development opportunities, and celebrate their success. 
• Participate in On-Call rotations.  
• Other responsibilities, as required. 

Education & Experience:

• Bachelor's degree in Computer Science, Information Systems, related field, or equivalent experience. 
• One or more security-based certifications preferred, such as CISSP, Security +, GCIH, GCFA/E, etc. 
• 3+ years’ experience in some form of information security discipline; specialization in information security risk assessments and frameworks preferred. 
• Experience with the NIST or ISO 27001/2 security frameworks. 

Candidate Expertise Required:

• Strong problem-solving skills and self-motivation to learn and upskill regularly. 
• Highly developed threat detection and incident response analytical skills. 
• Experience working in a global hybrid environment and leading technical teams applying an agile methodology. 
• Familiarity with SecOps methods, tools, and practices. 
• Proven record of producing documentation relating to solutions for monitoring, processing, and alerting on security-based signals. 
• The ability to work independently and across functional teams while developing key working relationships.
• Knowledge of the current threat landscape and attack vectors utilizing and massaging Threat Intelligence sources.
• Strong experience in engineering and supporting solutions including but not limited to: 

• • Modern EDR/XDR solutions and Web application security (OWASP top 10 Knowledge). 
  • Containers security (Docker and Kubernetes security). 
  • Cloud Security: AWS (Amazon Web Services) knowledge, AWS security products/logging services. (e.g., GuardDuty, CloudTrail), Azure security products/logging services. 

• Deep understanding of the MITRE framework and tools (e.g., DeTT&CT Navigator). 

• • Experience on evaluating and prioritizing detection capabilities (log sources, requirements) based on MITRE ATT&CK coverage. 
• IT  experience and understanding of common devices, equipment, environments, network diagrams & systems. 
• Strong communication (verbally and written) and problem-solving skills with an ability to deliver on time and work with minimal direction. 

Who We Are

We are a values-driven organization that encourages our employees to bring their authentic selves to work every day and empowers everyone to make a tangible impact on our products, clients and culture. We offer a dynamic environment with driven, fun and flexible individuals, who thrive on challenge and responsibility. This is an opportunity to contribute to our culture and join a company that’s on the move.

Named a Great Place to Work in 2015, 2016, 2017, 2018, 2019, 2020 and 2021 , we are one of the fastest growing technology companies in Ireland with additional offices in the US and the UK.

This is an opportunity to contribute to our culture and join a company that’s on the move. We live the Poppulo company values each day and they are key to everything we do.

“Bring Your Best Self”, “See It”, “Own It”, “Solve It”, and “Better Together”

Poppulo is an equal opportunity employer.

We disclose your personal information to our private equity sponsor, Vista Equity Partners, and its affiliates, including Vista Consulting Group (collectively, “Vista”), for administration, research, database development, workforce analytics and business operation purposes, in line with the terms of this Privacy Policy. Vista processes and shares your personal information with its affiliates, including other Vista portfolio companies, on the basis of its legitimate interests in managing, administering and improving its business and overseeing the recruitment process and, if applicable, your employment relationship with Four Winds Interactive LLC. If you have consented to us doing so, we also share your personal information with other Vista portfolio companies for the purpose of being considered for other job opportunities in the pooling system, both inside and outside the EEA. Please find a full list of all Vista portfolio companies at: https://www.vistaequitypartners.com/companies/ and Vista’s privacy policy at https://www.vistaequitypartners.com/privacy/. Where this requires us to transfer your personal information outside of the EEA, please refer to the FWI Privacy Policy for further details on cross-border transfers. In connection with the recruitment process, your personal data may be transferred outside of the EEA to iCIMS and/or Greenhouse, Hirebridge, LLC and Criteria Corp., which provide applicant tracking and evaluation services. Hirebridge, LLC and Criteria Corp. have agreed to comply with the EU Standard Contractual Clauses to ensure that your personal information is adequately protected whilst outside of the EEA.