About the role
Ideally located in the US (remote which means you can be based almost anywhere), this newly created position will manage risk and security related requirements in the cloud and on Smile CDR platform. The role is heavily focused on evaluating technology controls, supporting audits for certifications programs, conducting risk assessments, investigating incidents and creating support documentation. You will also look after enhancing security and supporting relevant compliance programs with the appropriate privacy and security frameworks.
- Perform security scanning/testing, controls testing, document results, and provide detailed updates to internal stakeholders. Vulnerability assessments need to be done regularly per contractual agreement and per compliance requirements.
- Perform assessments of systems, networks, and applications in Smile CDR cloud environments and readily address vulnerabilities identified.
- Assist with remediation of control deficiencies and security gaps.
- Research and perform tests with cutting edge security tools.
- Generate regular reports and technical documentation for the SecOps team.
- Assist with the education and training of process/control owners so they better understand technology control frameworks and their responsibilities.
- Assist with other security aspects as needed including vendor security assessments, customer audit needs.
- Facilitate third-party attestations, audits, and certification efforts for the organization.
- Assist IT Operations team and IT Security and Privacy Governance teams with maintaining coverage of applicable privacy laws and regulations and closely follow emerging IT Security technologies.
- Possess a minimum of 3 years of experience with Linux, networking, docker and security combined with a minimum of 2 years of experience in Azure, AWS or GCP along with containerized computing environments Solid Network and IT Security fundamentals.
- Proven ability to utilize various assessment tools and navigate through logs to establish the root cause of issues.
- Ability to work with various security tools and frameworks including SOAR/ SIEM, Vulnerability Scanners, IDS/IPS, Cloud Security Posture Management.
- Working knowledge of IT and Security compliance frameworks, such as: HITRUST, GDPR, SOC 2, ISO 27001 and HIPAA, PHIPA, etc.
- 1 to 2 years of experience with public (AWS/ Azure) and private (vCloud) cloud combined with about 3 years of network and security troubleshooting.
- Preference will be given to those with a cloud, network, security certification.
- Experience in dealing with security issues and policy, as well as supporting audit and compliance requirements from a technical standpoint.
- Ability to analyze system data, including, but not limited to, security and network event logs, web, anti-virus, DLP, syslogs, IPS and firewall logs
- Experience in access control and identity management for on premise and cloud environments.
- The capacity to accommodate a flexible schedule (for audits and security incidents) and work on a regular on-call rotation.
- Proven knowledge of working with SOAR/SIEM, vulnerability scanners, IDS/IPS, Cloud security.
- Must have experience with access control and identity management, analyzing security and network logs along with supporting audit and compliance requirements from an technical and operational standpoint.
Smile CDR is committed to recruitment practices that are inclusive, non-discriminatory, and welcoming of persons with disabilities. Accommodations are available on request, for candidates taking part in all aspects of our selection process. If you are contacted for an interview and require accommodation during the selection process, please let us know.