About Soroco

Soroco is on a mission to discover how the world works to help teams be their best. To do this we are evangelizing and commercializing a new technology category called work Graph, which is a structured view of how teams get work done across people, process, technology, and documents.

The ‘work graph’ unifies disjoint categories like Process Mining, Task Mining, user training, BPM and RPA to provide a single source of truth. Teams can use the work graph to identify and resolve sources of friction at work, such as technology impediments, poor process design, opportunities for learning and collaboration, among others. Soroco’s work graph platform, Scout, enables a culture of continuous improvement and identifies benefits from applying a portfolio of change levers, delivering targeted change programs at scale.

Soroco has offices in Boston, London, and Bangalore with a roster of Fortune 500 customers across 30 countries. Our team has published 150+ papers and patents. Visit www.soroco.com to learn how we help teams discover their work graph.

What we are looking for: -

As Lead InfoSec Engineer you will be responsible for providing technical security leadership to global clientele for Scout Enterprise product adoption via Cloud on Azure and AWS.

In this role you will be a security subject matter expert and technical leader to product teams, suppliers, partners and business leaders and work on aligning product security with continually evolving business and market needs and expectations. Prior experience in researching, designing, developing, and implementing software, and expertise in product security best practices, standards, requirements, architectures, tools etc. is mandatory. A background in assessing products and related processes and architectures for compliance with security best practices, standards, and requirements, developing corrective action plans where necessary, and working with stakeholders to successfully implement those plans is desired.

The role purpose and scope: -

  • Review, evaluate and respond to incoming technical support requests from Soroco employees around the world.
  • Respond to support requests ranging from simple problem resolution to complete deployments of cloud environments.
  • Respond to all incoming requests in a timely and professional manner.
  • Efficiently resolve technical issues and requests - whether providing complete resolution alone or by coordinating a multi-discipline team response.
  • Manage service requests from initiation through fulfilment, balancing the requesters' requirements with corporate policies and procedures.
  • Manage small-scale projects to ensure timelines are met for design, approval and deployment of high quality and secure cloud environments - including configuration, security reviews and user acceptance testing.
  • Monitor performance, availability and security of cloud environments deployed by the team.
  • Develop and maintain technical documentation and service request records, FAQs, etc.
  • Continuously grow technical and interpersonal skills to better serve the organization and support your own career growth.
  • Proactively engage with internal service requests to ensure services provided by CIS team continue to meet organizational needs.
  • Research and develop standard documented ways to respond to vulnerabilities reported issues.
  • Monitor security information for key cloud areas and notify the appropriate team if action is needed.
  • Proactively audit all department cloud deployments on a rolling schedule to watch for security actions that need to be taken - which includes Nessus/Qualys vulnerability scans of VMs.
  • Perform other departmental technology related duties as requested.
  • Excellent oral, written, presentation collaboration and interpersonal communication skills.
  • Ability to travel to the client location, as required.

Experience and skills

  • Engineering graduate with work experience of 10+years with deep technical experience in application, infrastructure, network, and system security engineering
  • Adept at navigating and comprehending complex enterprise network, technology, and information & data security architecture.
  • Should have deep understanding of cloud infrastructure, cloud security practices, Cloud security maturity model awareness, Cloud authentication and authorization workflows, implementation of security projects, and security engineering best practices as well as industry standards such as ISO and NIST.
  • Develop and advocate security design patterns, reference architectures and security strategies.
  • Understanding of Security foundations such as hardening, least privilege, attack surface reduction, protection rings, cryptography use, static analysis, dynamic analysis, fuzzing, CVSS, CWE, OWASP/SANS/CIS Top X, etc. and Penetration testing, Vulnerability assessment and management.
  • Conduct Product Security Risk Assessments, participate in technical design reviews, analyze product/solution architectures for security deficiencies and formulate corrective actions.
  • Experience in Rest API, Kubernetes and Docker container security practices and assessments.
  • Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers.
  • Experience with Key vault, Encryption algorithms, Auth2, Single sign on.
  • Data security for cloud databases.
  • Provide Technical Demonstrations to clients highlighting the Data Security principles of Soroco products.
  • SOC and HIPAA / HITRUST certification and compliance requirement awareness.
  • Security certifications: One or more of CISSP, CSSLP, CSSP, or Azure/AWS Security is a plus.
  • Experienced in highly regulated environments subject to HIPAA, GDPR etc. is a plus.

Apply for this Job

* Required

When autocomplete results are available use up and down arrows to review
+ Add Another Education