Information Security Engineer

About The Role

We are looking for an Information Security Engineer to develop security safeguards and countermeasures to protect our organization’s assets, employees and customers. You will assist the Security and Compliance team with expanding and building a leading information security practice to transform our information security capabilities and IT compliance posture. You will be joining a growing team of information security professionals and reporting directly to our Director, Security Compliance & Risk.

This role will require a strong background in securing SaaS environments, implementing network and endpoint security solutions and has experience with GCP security (specifically App Engine). The ideal candidate will have a firm grasp of compliance concepts (e.g., SOC 2, PCI, ISO2700x, etc.) balanced with the practical experience in building security related operations, implementing security toolsets and to use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues. 

What You’ll Do

• Security Operations: Design and implement security operational processes to analyze, troubleshoot and investigate security related incidents, events and alerts; Maintain, configure and analyze security platforms and tools.
• Vendor Management: Manage and execute on our third party risk management program including conducting vendor risk assessments; Partner with external teams (e.g. Pen Testers) to validate the security health of our platform
• Internal Communication: Own and manage our security awareness program - Facilitate internal training on various security topics to raise awareness and interest; foster a security aware culture at SevenRooms.     
• Security Operations: Detailed involvement in performing annual security risk assessments and evaluating security gaps using existing security tools; Identify, evaluate and implement a Data Loss Prevention (DLP) tool and relevant processes for a decentralized SaaS environment.   
• Security Operations (SIEM): Identify, evaluate and implement a Security Information and Event Management (SIEM) tool including developing our log data taxonomy and configuring effective alerting rules.
• Collaboration: Work cross-functionally to ensure other business units are in compliance with security best practices; Work with the Director of Security & Compliance, and CTO to build and maintain our security roadmap
• Continuous Improvement: Develop dashboards and reports on security objectives and overall posture; Participate in DR exercises, Incident Response Plan exercises  and continuous improvement processes.

Who You Are

• 5 + years of relevant experience in Information Security and a minimum of 2 or more years of experience in a cyber-security role with strong working knowledge and understanding of cyber security, frameworks, incident management, operations and application security best practices
• Experience with Software-as-a-Service or cloud service providers industry challenges
• Must have experience with implementing and managing DLP and SIEM platforms, Event Logging and alerting systems.
• Proven ability to develop tactical response procedures for security incidents and lead the identification, response, investigation and remediation of potential breaches and issues surrounding data security.
• Experience with SentinelOne EDR, JAMF, Cisco Umbrella, endpoint security and networking technologies preferred 
• Experience coordinating 3rd party/ vendor risk management or coordinate business continuity and disaster recovery efforts
• Knowledge of network, host, application and data security; Vulnerability Scanning, internal and external perimeter protection, virtual private networks (VPN); intrusion detection & response; incident handling and forensics.
• Security and cloud certifications (CySA+, GCIA, CCSP, CISSP, Google Compute Platform)
• Experience using programming/scripting languages (Python, Ruby, etc)
• Proven ability to manage projects to conclusion, while collaborating with a diverse group of professionals from both technical and non-technical backgrounds
• Effective verbal and written communication skills with a proven ability to present complex security ideas in a business-friendly and user-friendly way.
• Maintains updated knowledge of best practices in the field of information security, security operations and security incident response/threat hunting.

What We Offer

• Fair and equitable compensation: Our compensation packages are competitive based on external market data. At SevenRooms, you can expect fair pay for your hard work and dedication to helping us transform the hospitality industry. In addition, we also offer equity in our growing organization.
• Comprehensive benefits package: A full slate of benefits coverage including: medical, dental, vision, pre-tax commuter options, gym reimbursements, 401K, and unique memberships through One Medical and Perkspot.
• Flexible and independent working schedule: We offer unlimited vacation because we trust you to take the time you need to recharge and be your most productive self.
• Opportunities for training and professional development: Your manager will partner with you on establishing quarterly objectives that not only benefit the company but aid in your overall development as a leader in the industry.

SevenRooms is an equal opportunity workplace and an affirmative action employer. We welcome all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity, or veteran status. We understand the importance of creating a more diverse and inclusive workplace and celebrate our employees for their differences.

View our Prospective Employee Privacy Notice by visiting https://bit.ly/3iUUpYK