EverCommerce - Information Security Engineer (Centralized Functions) – (Remote, US)

At EverCommerce [Nasdaq: EVCM], we are on a mission to digitally transform the service economy with tailored, end-to-end SaaS solutions that simplify and empower the lives of our 685,000+ customers. As a leading service commerce platform, our modern digital and mobile applications create predictable, informed, and convenient experiences between customers and their service professionals in the areas of Home & Field Services, Health Services, and Wellness industries.We are building an extraordinary company and looking for talented, energetic, and motivated people to join our team. You can learn more about our Company, Culture and Values here: https://careers.evercommerce.com/us/enWe are looking for an experienced Information Security Engineer to join our security team. In this role, you will focus on implementing, monitoring, and enhancing our security measures. You’ll work with a range of security tools and platforms, including CrowdStrike, Orca, and Elastic SIEM, to ensure the confidentiality, integrity, and availability of our data and systems. Your role will also include threat detection, penetration testing, and supporting compliance efforts related to industry regulations. While AWS, Linux, and Windows administration experience is ideal, it will not be part of your primary responsibilities.Key Responsibilities:• Security Monitoring and Incident Response: Utilize Elastic SIEM to continuously monitor and analyze security alerts. Respond to incidents swiftly and effectively, implementing corrective actions as needed.• Compliance and Regulatory Standards: Ensure adherence to industry-specific regulations such as HIPAA, PCI-DSS, SOX, and EHNAC by participating in regular audits, implementing compliance-related security measures, and preparing documentation.• Threat Detection and Proactive Security: Use CrowdStrike, Orca, and Elastic SIEM to identify, analyze, and respond to security threats in real-time. Conduct threat hunting activities to proactively seek out malicious activity and vulnerabilities.• Vulnerability Assessment and Penetration Testing: Perform regular vulnerability assessments using Orca, Crowdstrike, and Burp Suite. Report findings, recommend mitigations, and collaborate with development teams to resolve security gaps.• Security Incident Management: Investigate, document, and respond to security incidents and alerts. Coordinate with the IT and Development teams to mitigate any security threats.• Issue Tracking and Project Management: Use JIRA for managing issues, tracking project progress, and ensuring timely resolution of security tasks and incidents.Qualifications and Skills:• Education: Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience.• Experience:• 3+ years in information security, with a focus on threat detection, incident response, and vulnerability management.• Proficiency in CrowdStrike, Orca Security, Elastic SIEM, and Burp Suite.• Familiarity with compliance standards (HIPAA, PCI, SOX, and EHNAC) and experience supporting audit processes.• Technical Skills:• Hands-on experience with vulnerability assessment and penetration testing methodologies.• Strong knowledge of Linux and Windows system administration.• Proficiency in AWS cloud and O365 security practices and administration (preferred).• Beneficial Experience:• Experience with JIRA for issue and project tracking.• Soft Skills:• Strong problem-solving skills with the ability to prioritize and manage multiple tasks.• Excellent verbal and written communication skills for explaining security findings and recommendations.• Detail-oriented and proactive, with a passion for staying current on cybersecurity trends and threats.Why Join the Team:• Challenging Work: This role offers a blend of threat detection, vulnerability management, and compliance.• Professional Growth: Opportunities to learn new technologies and practices within an innovative security environment.• Collaborative Culture: Be part of a skilled and passionate team dedicated to security excellence.Where:The EverCommerce team is distributed globally, with teams in the U.S., Canada, the U.K., Jordan, New Zealand, and Australia. With a widely distributed team, we are used to working remotely across different time zones. This role can be based anywhere in the United States. if you’re close to one of our offices, we can set you up in-office or you can work 100% remotely. Please note that you must be eligible to work without sponsorship to qualify for this position, and this role may require travel to our Corporate Headquarters in Denver, Colorado, or to other office locations around North America.Benefits and Perks:• Flexibility to work where/how you want within your country of employment – in-office, remote, or hybrid• Continued investment in your professional development through Udemy• Robust health and wellness benefits, including an annual wellness stipend• 401k with up to a 4% match and immediate vesting• Flexible and generous (FTO) time-off• Employee Stock Purchase Program• Student Loan Repayment ProgramCompensation: EverCommerce is committed to equal pay and transparency. The annual base salary range for this position is $85,000 - $100,000 USD per year. Please note that the salary range information provided is a general guideline and combines all of the distinct labor markets within the US. EverCommerce considers factors such as (but not limited to) scope and responsibilities of the position, candidate’s work experience, candidate’s work location, education/training, key skills, internal peer equity, external market data, as well as market and business considerations when making compensation decisions.EverCommerce is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, age, marital status, veteran status, or disability status. We look forward to reviewing your credentials and getting to know more about your experience!