About SevenRooms
SevenRooms is a guest experience platform that helps hospitality operators connect data across the guest journey. We enable operators to automatically drive revenue & profitability by leveraging data to build direct relationships, deliver exceptional experiences, and increase repeat business. Founded in 2011, SevenRooms is venture-backed by Amazon, Comcast Ventures and Providence Strategic Growth. We were included on Inc.‘s annual Best Workplaces & Forbes’ Best Startup Employers lists in 2020.
About the Role
The SevenRooms Security and Compliance team is expanding and building a leading information security practice to transform our information security capabilities and IT compliance posture. We’re seeking a highly-motivated and experienced Information Security Engineer to join us at SevenRooms to develop security safeguards and countermeasures to protect our organization’s assets, employees and customers.
This role will require a strong background in securing SaaS environments, implementing network and endpoint security solutions and has experience with GCP security (specifically App Engine). The ideal candidate will have a firm grasp of compliance concepts (e.g., SOC 2, PCI, ISO2700x, etc.) balanced with the practical experience in building security related operations, implementing security toolsets and to use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues.
What You'll Do
- Design and implement security operational processes to analyze, troubleshoot and investigate security related incidents, events and alerts.
- Manage and execute on our third party risk management program including conducting vendor risk assessments.
- Own and manage our security awareness program - Facilitate internal training on various security topics to raise awareness and interest; foster a security aware culture at SevenRooms.
- Detailed involvement in performing annual security risk assessments and evaluating security gaps using existing security tools.
- Identify, evaluate and implement a Data Loss Prevention (DLP) tool and relevant processes for a decentralized SaaS environment.
- Identify, evaluate and implement a Security Information and Event Management (SIEM) tool including developing our log data taxonomy and configuring effective alerting rules.
- Develop dashboards and reports on security objectives and overall posture
- Maintain, configure and analyze security platforms and tools.
- Partner with external teams (e.g. Pen Testers) to validate the security health of our platform
- Participate in DR exercises, Incident Response Plan exercises and continuous improvement processes.
- Work cross-functionally to ensure other business units are in compliance with security best practices
- Work with the Director of Security & Compliance, and CTO to build and maintain our security roadmap
Who You Are
- 5 + years of relevant experience in Information Security and a minimum of 2 or more years of experience in a cyber-security role with strong working knowledge and understanding of cyber security, frameworks, incident management, operations and application security best practices
- Experience with Software-as-a-Service or cloud service providers industry challenges
- Must have experience with implementing and managing DLP and SIEM platforms, Event Logging and alerting systems.
- Proven ability to develop tactical response procedures for security incidents and lead the identification, response, investigation and remediation of potential breaches and issues surrounding data security.
- Experience with SentinelOne EDR, JAMF, Cisco Umbrella, endpoint security and networking technologies preferred
- Experience coordinating 3rd party/ vendor risk management or coordinate business continuity and disaster recovery efforts
- Knowledge of network, host, application and data security; Vulnerability Scanning, internal and external perimeter protection, virtual private networks (VPN); intrusion detection & response; incident handling and forensics.
- Security and cloud certifications (CySA+, GCIA, CCSP, CISSP, Google Compute Platform)
- Experience using programming/scripting languages (Python, Ruby, etc)
- Proven ability to manage projects to conclusion, while collaborating with a diverse group of professionals from both technical and non-technical backgrounds
- Effective verbal and written communication skills with a proven ability to present complex security ideas in a business-friendly and user-friendly way.
- Maintains updated knowledge of best practices in the field of information security, security operations and security incident response/threat hunting.
What We Offer
- Competitive salaries and flexible work life balance
- Equity share in a growing business
- Unlimited Vacation. We trust you to take the time you need to be your most productive self.
- A full slate of benefits coverage including: medical, dental, vision, and pre-tax commuter benefits, gym reimbursements, and unique memberships through One Medical and Perkspot
- 401k plan
We are proud to be an equal opportunity workplace and an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or veteran status.
View our Prospective Employee Privacy Notice by visiting https://bit.ly/3iUUpYK