"Alerted.org

Job Summary:

The Security Engineer will focus on security concerns for the development, implementation, operations, and ongoing analysis of SCRAM Systems security and operational infrastructure. The ideal candidate will have a deep understanding of security topics, as well as in-depth knowledge of core infrastructure technologies. The engineer will be responsible for all the security aspects related to our physical and cloud infrastructure as well as the implementation and maturation of our security initiatives. They will work closely with all of SCRAM Systems’ teams to ensure information systems are protected throughout the organization. The ideal candidate should have thorough engineering experience in security operational domains.

Join us in our mission to make a meaningful impact in the criminal justice field and help build a safer society. As a Security Engineer, you will be at the forefront of fortifying our infrastructure against evolving security threats and ensuring the confidentiality, integrity, and availability of our critical systems. Extensive analytical, technical, and administrative capability combined with passion for security is what we are looking for.

Duties/Responsibilities:

Security Strategy and Architecture:

• Work closely with the CISO to develop and maintain a comprehensive security strategy that aligns with organizational goals and risk tolerance.

• Review and implement security architecture for both Cloud and on-premises environments.

• Conduct security assessments to identify vulnerabilities and propose remediation measures.

Threat Detection and Incident Response:

• Implement advanced security monitoring and threat detection solutions to promptly identify security incidents.

• Lead incident response efforts, investigating and mitigating security breaches and cyber-attacks.

• Develop and maintain incident response plans and conduct periodic drills for the security team.

• Maintain rules on an Elastic stack SIEM to ensure threats are logged and real time notifications of threats are sent to appropriate parties.

• Maintain and mature our Threat and Vulnerability Management process.

Cloud Security:

• Establish and enforce security controls specific to a major cloud provider (i.e., Azure), ensuring data protection and compliance.

• Monitor and analyze cloud security logs and reports, taking proactive measures to address potential risks.

Infrastructure Security:

• Harden and secure Windows and Linux-based VMs in both cloud and on-premises environments.

• Implement security measures for Kubernetes clusters and containerized applications.

• Regularly audit infrastructure security and manage patching and updates.

Identity and Access Management (IAM):

• Design and maintain IAM solutions to control access privileges and permissions.

• Oversee access control mechanisms and ensure adherence to the principle of least privilege.

Security Compliance Auditing:

• Collaborate with internal teams to ensure compliance with relevant security standards, regulations, and policies related to the criminal justice domain.

• Conduct security audits, vulnerability assessments, and penetration testing as needed.

Security Awareness and Training:

• Conduct security training sessions for technical teams to promote a security-conscious culture.

• Stay up to date with the latest security trends, vulnerabilities, and best practices.

\#LI-PROMOTE

Skills/Abilities:

• Proven experience as a Security Engineer in a data sensitive industry.

• In-depth knowledge of Cloud security, including IAM, VNet, Security Center (specific Azure Policies is a plus).

• Experience securing Windows and Linux-based VMs (proficiency in Kubernetes is a plus).

• Familiarity with security compliance frameworks such as NIST, ISO 27001, and CJIS.

• Hands-on experience with security tools and technologies, such as SIEM, TVM, IDS/IPS, and firewalls.

• Excellent problem-solving skills and the ability to think strategically about security issues.

• Effective communication and leadership skills, with the ability to collaborate across teams.

• High level of analytical and problem-solving abilities.

Education and Experience:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).

• Security and Industry certifications are a plus

• Azure experience is not required but is a plus.

Physical Requirements (With or without reasonable accommodation):

• Sitting: Over 70 %

*** All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.