Senior Security Engineer

DataVisor is the world’s leading AI-powered Fraud and Risk Platform that delivers the best overall detection coverage in the industry. With an open SaaS platform that supports easy consolidation and enrichment of any data, DataVisor's solution scales infinitely and enables organizations to act on fast-evolving fraud and money laundering activities in real time. Its patented unsupervised machine learning technology, advanced device intelligence, powerful decision engine and investigation tools work together to provide guaranteed performance lift from day one. DataVisor's platform is architected to support multiple use cases across different business units flexibly, dramatically lowering the total cost of ownership, compared to legacy point solutions. DataVisor is recognized as an industry leader and has been adopted by many Fortune 500 companies across the globe.

Our award-winning software platform is powered by a team of world-class experts in big data, machine learning, security, and scalable infrastructure. Our culture is open, positive, collaborative, and results driven. Come join us!

We are seeking a Senior Security Engineer who possesses expertise in cloud environments. You will be part of a team that protects system boundaries, keeps computer systems and network services hardened against attacks, and secures sensitive data. You will collaborate closely with our team to ensure that our products and environments are built to industry security standards and best practices.

RESPONSIBILITIES

• Engage with internal business teams on projects to assess for security risk and help deliver secure solutions via threat modeling, code review, penetration testing, and enforcing secure development lifecycle
• Assist with the implementation and execution of the application security program with the business and engineering teams
• Provide guidance on security architecture related to cloud computing products and services
• Test web applications for common vulnerabilities including input validation, broken access controls, session management, cross-site scripting, SQL injection and web server configuration issues
• Utilize security information and event management for real-time analysis of security alerts generated by our cloud infrastructure and applications
• Actively participate in Incident Management, Change Management, Security Policy Management and Security Incident Response
• Perform secure code reviews and implement security in all the phases of SDLC.
• Perform SAST, DAST, Internal Penetration testing on the Applications and the Infrastructure.
• Lead SOC2 and PCI Compliance programs

• 5+ years of industry experience with a proven track record of end-to-end audit prep/compliance ownership in one or more of the following: SOC 2, PCI, HIPAA, etc.
• Must have knowledge/experience with security best practices within GCP or AWS (e.g., EC2, S3, IAM, VPC, Route53) and other providers
• Skills in the following areas: Security Compliance, Security stack, Vulnerability Scanning, Managing PEN testing
• Demonstrated experience with systems auditing and monitoring to ensure compliance with security policies and standards
• Understanding of key security concepts such as cryptography, authentication, authorization, security protocols, or security vulnerabilities as applied to web application security and Cloud-based services
• Technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
• Desired:  Experience with IDS/IPS, firewalls, DDoS Prevention, and WAFs
• Desired:  Solid understanding of IP networking protocols: IPv4/6, TCP/UDP, DHCP, HTTPS, FTP, etc.
• Desired:  Experience performing network/security maintenance tasks in the Cloud and highly available 24/7 data centers
• Education requirements
• BS Computer Science or cybersecurity or related degree
• In lieu of degree, 10+ years of deep cybersecurity experience

We offer a flexible schedule with competitive pay, equity participation, and health benefits, along with catered lunch, company off-sites, and game nights, as well as the opportunity to work with a world-class team.