Senior Security & Compliance Engineer

About the Role

Our Security & Compliance team is looking for a Senior Security & Compliance Engineer to successfully engineer and implement our security and compliance processes. This role will be reporting to the Security & Compliance Manager.

You'll be responsible for building security architecture, engineering security systems, monitoring the security controls as well as working closely with other teams to ensure business continuity and compliance. You'll be a critical part of our Security & Compliance team, serving as a senior engineer and consultant to address various security and compliance challenges. You'll also leverage your expert knowledge of today's ever-changing cybersecurity and risk landscape to influence operations across Pliancy and communicate security and compliance needs to the rest of the organization.

As Senior Security & Compliance Engineer, you'll participate in complex projects designed to provide for the protection of Pliancy information assets; recommend solutions and appropriate technology to meet Pliancy needs; work with our project management office to design project and resource plans and schedules; develop proposals using cost/benefit analysis; evaluate proposed system hardware and software to ensure compatibility with existing systems. Coordinate with security and compliance vendors and contractors.

Who are we looking for?

You're an attentive and curious person who loves connecting with the people you support and working in a team environment. To you, privacy is a right, and security is a must. Few things make you feel better at the end of a workday than helping your team work swiftly and efficiently toward a common goal. You look out for your people and they're grateful for your responsiveness. You enjoy solving security and compliance problems through the clever use of emerging technologies, often pioneering the adoption of these tools.

This role is a fully remote position with occasional travel to our offices and client sites.

Responsibilities

• Engineer, implement, and monitor security systems; configure and troubleshoot security infrastructure.
• Perform a critical role in the company of managing risk, audit compliance, and maintaining and updating the company's security posture in an ever evolving regulatory and threat landscape.
• Work with cross-functional teams to translate compliance controls, security, data privacy, and risk assessment findings into actionable tasks.
• Assist in conducting periodic internal audits and coordinate with third party auditors to facilitate audit compliance and work with internal leaders to modify and elevate internal controls.
• Maintain compliance with audit requirements and conduct security assurance actions for cloud environments.
• Help develop and maintain data flow documentation, privacy policies, and associated processes to ensure compliance with data privacy regulations.
• Develop technical solutions, and select or build new security tools to mitigate vulnerabilities.
• Develop automation and orchestration between security tools.
• Document the requirements, procedures, and protocols of the architecture and systems.
• Proactively identify and mitigate cybersecurity risks and respond to observations identified by auditors and security service providers.
• Perform vulnerability assessments and review processes for remediation and patching procedures periodically.
• Serve as a Tier 1 & 2 SOC analyst to proactively monitor logs, alerts, and security events daily; function as an escalation point for security events reported by other Pliancy's teams.
• Assist the manager in reports on assessments, outcomes, and improvement recommendations; evaluate and report security controls' state and effectiveness using standard metrics such as KCIs, KRIs, and KPIs.
• Work with the team in developing and presenting various training materials.
• Serve as a Pliancy Security & Compliance liaison to vendors, auditors, partners, and external parties; Coordinate emergency preparedness activities and tabletop exercises related to security and compliance.
• Collaborate with the rest of the Security & Compliance team in investigations, incident response, and audit procedures; assist in the recovery process and lesson learned exercises.
• Maintain current knowledge of laws, regulations, emerging threats, and new developments in and around the cybersecurity field; Attend and participate in relevant security conferences, meetings, and training.
• Be an advocate and subject matter expert for researched solutions, which can include internal and client-facing documentation or training sessions.
• Advocate for policy change that will support new initiatives or required changes and enhancements.

Recommendations

Should have:

• Soft skills (personality, relationship building, communication skills, stress management)
• +5 years of direct experience in the Information Security field
• Deep understanding of security principles and concepts such as CIA, Defense-in-depth, Abstraction, and Threat modeling.
• Proficiency in information security domains, including policies and standards, risk and control assessments, access controls, regulatory compliance, technology resiliency, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.
• Familiar with best practices in audit compliance, change management and security architecture; frameworks would be SOC2, ISO/IEC 27k families, CCPA, NIST CSF, NIST RMF, NIST 800-53.
• Fluent in researching, configuring, and deploying various controls and solutions (e.g., XDR, EDR, MDM, SIEM, SOAR, IDPS) following best practices.
• Understanding of supply chain risk management and APTs.
• Ability and willingness to produce proper documentation and requirements for security systems.
• Incredible sense of pride and passion for what you do and a desire to help your teammates.
• Ability to travel to our different locations and client sites across the country (as needed).
• Authorization to work in the USA for any employer.

Nice to have:

• Industry-recognized certification meeting DoD Directive 8570 IASAE Level II / III. Preferably CISSP-ISSEP, CISSP-ISSAP, CISSP, CASP+, GCSA
• Familiar with different threat modeling frameworks (STRIDE, MITRE ATT&CK/CWE, Cyber Kill Chain, OWASP)
• Proficiency in one or more specialized SOC team functions (e.g., Incident responder, Forensic specialist, Threat hunter)
• Experience in offensive/defensive cyber exercises, such as red/blue/purple teaming, penetration testing, or incident response.

As of September 27, 2021, Pliancy requires all employees to show proof of full COVID-19 vaccination before being admitted to any of our physical offices.

Benefits

• Generous salary, above-average pay ($140,000-$150,000 dependent on experience)
• Healthcare: Premiums 100% covered for employees, 50% for dependents for our base level plan with option to upgrade
• Medical HRA: Company-funded reimbursement account to help cover copays, deductibles, and coinsurance
• Optional dental and vision plans are offered for you to opt into.
• 401(k) Options
• Unlimited PTO - and a culture where you can actually use it!
• Paid leave for new parents
• Wellness stipend ($120 per month)
• Home internet and mobile phone reimbursement ($160 per month) to help you stay connected
• Employer-funded commuter benefits and mileage reimbursement
• Employee stock options so you can share in Pliancy's success