Information Security Engineer
Shorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high touch, technology-driven services that help talented students thrive and become global citizens.
The Information Security Engineer will validate that Shorelight’s services, applications, and websites are secured against the latest threats. This role conducts security reviews and threat models, evolves the security assurance process, and creates metrics to demonstrate the team’s performance. The Information Security Engineer manages the development and implementation of security standards and controls to ensure the organization’s products are secure.
The Information Security Engineer is a problem solver with outstanding oral and written communication skills and a proven ability to outline security risks at all levels of the organization to both technical and non-technical individuals. He/She/They is an energetic team player who thrives in a fast-paced, high-tech environment and has high-level customer service skills. The ability to adjust quickly to shifting priorities, make decisions with limited information, and use good judgement to escalate risks and concerns to the leadership level is essential. The Information Security Engineer will influence and motivate participants n cross-team projects to engage on Security initiative so the proven ability to build partnerships and collaborate with key stakeholders is critical.
- Develop and maintain cloud security controls and best practices
- Deploy security automation and develop tools to secure the cloud
- Build and maintain an internal security library that outlines security controls and identifies common security flaws
- Conduct vulnerability assessments and mitigate and patch based on findings
- Develop automated security testing to ensure secure coding best practices are being used
- Prepare critical and regular security releases
- Setup tools and sensors to detect various attacks and exploitation techniques targeted towards cloud platforms and applications running within them
- Create and conduct risk evaluations for new processes, products, and services
- Develop, facilitate, and distribute security training modules corresponding security materials
- Maintain Docker container and Kubernetes security, including pod-security and network security policies
- Support the DevOps and Engineering teams in developing infrastructure-as-code using Terraform, CloudFormation, CI/CD, GitHub, etc.
- Manage security across various Amazon Web Services (AWS) tools/products such as, VPCs, Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, and WAF
- Partner closely with Engineering and Product teams to suggest improvements that increase application security
- 7+ years of formalized information security experience
- Bachelor’s degree or equivalent years’ experience
- Information Security certifications in CISSP, SANS GIAC, CISA, etc.
- Experience managing security vendors and managed-services providers
- Strong understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Working familiarity with Cyber Security, Cloud Platform Security, Risk Assessment, Network Security, IAM, Data Security, and Data Governance
- Ability to occasionally provide weekend and after-hours support
- Bachelor’s degree in Information Security, Computer Science or related field
- Strong background in technical engineering and architecture, such as infrastructure/cloud engineering or software development
- Experience with OWASP, static/dynamic analysis, and common exploit tools and methods
- Development experience
- Prior experience managing and growing a team
To apply for this position, please visit the Shorelight Careers page to submit an application with a resume and cover letter.
Background Check Required–Education, Criminal, Identity
Shorelight is an Equal Opportunity Employer.