Staff Infrastructure Security Engineer
What you will do in a Staff Infrastructure Security Engineer role at Kyruus:
- Architect and Design Security Solutions: Collaborate with the team in the design and implementation of cutting-edge security solutions tailored to our cloud infrastructure and business goals, ensuring robust defense against potential threats.
- Monitor and Manage Cloud Security Tools: Utilize and manage tools to monitor and protect our cloud infrastructure, implementing best practices for cloud security.
- Integrate and Automate Security Tools: Identify processes that can be improved by automation and integration of our security tools. Identify gaps in our tools and recommend solutions to fill those gaps.
- Collaborate with Engineering and Ops Teams: Work closely with development, operations, and other teams to integrate security into the infrastructure design and deployment process, fostering a culture of security awareness.
- Incident Response Activities: Collaborate in incident response activities, from detection to resolution, ensuring a coordinated reaction to security incidents impacting the infrastructure.
- Develop Security Policies and Procedures: Contribute to the development and maintenance of collaborative security policies and procedures specific to infrastructure security, encouraging input from various stakeholders.
- Stay Informed and Share Trends: Monitor emerging security threats, technologies, and trends, and share insights that may impact the organization's infrastructure with relevant stakeholders.
- Contribute to a Collaborative Security Strategy: Engage with various teams in defining and implementing the overall security strategy related to infrastructure, ensuring that security is an enabler for our business.
- Help Us Achieve our Certification Goals: Participate in our journey to HITRUST or FedRamp certification.
- You’ll report to the Information Security Officer in the InfoSec Department within the Technology Division.
- Kyruus will bring you through an onboarding process that is both structured and self-guided, designed to enable connection and productivity as you learn more about our company, functions and products. Additionally, we have a culture of feedback, inclusive of our performance review process that provides you with the coaching, resources and opportunities to help you learn and grow with us.
- Kyruuvians in the Staff Infrastructure Security Engineer role can move in a more linear career path to a Senior Staff position. From there, you could move into an even more senior level role or explore a management position within the Information Security vertical.
- Kyruus also loves to see an internal transfer. If a linear career path is not what you’re looking for, you can work with your manager and HR to explore lateral moves to other parts of the organization as you continue to grow with us.
What you will bring:
- 8+ years in an information security role
- Experience with a variety of infrastructure security tools including:
- Experience with web application firewalls and an understanding of common web vulnerabilities.
- Proficiency in securing AWS and GCP cloud environments with hands-on experience with cloud and server security tools like IDS and server/container scanning.
- Strong understanding of network security principles, including experience with tools like VPNs and firewalls.
- Skills in vulnerability assessment and remediation, including experience with environment and code scanning tools.
- Experience in efficiently and effectively working with a team to handle security incidents.
- Knowledge of endpoint tools like endpoint detection and response, anti-malware, MDM tools.
- Proficiency in managing and utilizing Security Information and Event Management (SIEM) tools.
- Experience with Governance, Risk Management, and Compliance (GRC) tools facilitating efficient monitoring and management of organizational governance, risk, and compliance with privacy and healthcare related regulations.
- Experience with scripting languages, integration and automation tools to streamline security processes.
- Experience engaging with stakeholders to develop policies, document procedures and facilitate gathering of evidence of compliance.
- Good written and verbal communication skills.
- Proactive problem solving and team collaboration skills
- Experience with SOC 2, HITRUST, FedRamp or other compliance frameworks is a plus.
- Experience in a HIPAA regulated environment is a plus.
- Experience in a Mac environment is a plus