Role: Security Engineer
Location: Remote. Must work in a location within the United States
Travel: Up to 10%
Classification: Exempt
Reports to: Director of Security and Compliance
Salary Range: Commensurate with experience
about the role
The Security Engineer is responsible for designing, implementing, and maintaining our company’s security systems to protect our sensitive data and infrastructure from cyber attacks. You’ll spend your days identifying, designing and architecting security solutions for our company to address security risks within the organization. This work includes evaluating new capabilities and emerging technologies and how they best fit within the organization’s operational structure.
responsibilities
- Monitor and analyze security event logs from various sources (e.g., SIEM, firewalls, IDS/IPS, antivirus, and other security tools). Identify, investigate, and respond to potential security risks in a timely manner. Assist in the tuning, management, and configuration of cybersecurity tooling.
- Help evaluate and monitor cybersecurity controls to protect revology’s information systems and regulated data. Manage and maintain security tools and technologies, ensuring they are updated and configured correctly.
- Conduct security reviews of applications and third-party vendors to ensure compliance with security requirements. Collaborate with development and procurement teams to integrate security into the software development lifecycle and vendor selection process.
- Assist in the review, development, implementation, and maintenance of cybersecurity policies, procedures, and guidelines. Help educate and train staff on cybersecurity policies and procedures.
- Implement and manage protective measures for endpoint devices, ensuring they are monitored, configured securely, and updated regularly to prevent and respond to security threats.
- Assess, negotiate, and manage vendor security practices and contracts, ensuring ongoing compliance and addressing any security issues that arise.
- Develop and execute response plans for security incidents, including detection, containment, eradication, recovery, and post-incident analysis.
- Identify, assess, and mitigate security risks, ensuring effective controls are in place and compliance with relevant standards and regulations. Includes conducting risk assessments and providing recommendations to ensure appropriate organizational risk management is being implemented.
- Stay current with the latest cybersecurity trends, threats, and technology solutions.
- Participate in security audits and assessments as required.
- Collaborate with other IT, development, and security team members to navigate and address security challenges and enhance overall security posture.
- Prepare regular reports on security activities, incidents, and metrics for management review.
- Stay curious, kind and contribute positively to the revology culture. The health + harmony of the team is everybody’s responsibility at revology.
The statements stated in this job description reflect the general duties as necessary to describe the basic function, essential job duties/responsibilities, job requirements, physical requirements and working conditions typically required, and should not be considered an all-inclusive listing of the job. Individuals may perform other duties as assigned, including work in other functional areas to cover absences or relief, to equalize peak work periods or otherwise balance the workload.
requirements
- Bachelor’s degree in Computer Science, Information Technology, or a related field, or commensurate experience, and/or training.
- Industry certifications such as CISSP, GSEC, CEH or CISM are a plus
- Minimum of 3 years of experience in information security, preferably in application security and/or cloud computing environments
- In-depth knowledge of security principles, technologies, and protocols (e.g., TCP/IP, SSL/TLS, DNS, HTTP, HTTPS, etc.)
- Experience with security tools such as firewalls, intrusion detection/prevention systems, SIEM, and vulnerability scanners
- Experience with cloud security and DevSecOps practices
- Strong problem-solving and analytical skills
- Excellent communication and collaboration skills
- Experience in Identity and Access Management
- Familiarity with regulatory requirements such as GDPR, HIPAA, or PCI-DSS
- Strong understanding of relevant cybersecurity frameworks and standards (e.g., NIST CSF, SOC, ISO 27001)
remote work requirements
Internet capability must be a high-speed internet connection.
physical requirements
Must be able to perform physical activities, such as, but not limited to: moving or handling (lifting, pushing, pulling and reaching overhead) office equipment and supplies weighing 1 to 25 lbs. unassisted. Frequently required to sit for extended periods during the workday. Manual dexterity and visual acuity required. Must be able to communicate effectively on the telephone and in person.
working conditions
Work will generally be performed indoors in an office environment. Must maintain a professional appearance and manner.
employment eligibility
Candidates must be legally authorized to work in the United States without sponsorship.