Information Security Engineer
KIBO | Information Technology | Dallas, TX
Information Security Engineer
Who We Are: Kibo. We provide industry leading eCommerce, distributed order management, and mobile point-of-sale solutions to retailers and branded manufacturers. Our cloud-based commerce suite enables customers to meet consumer demands anywhere, any time, and on any device. We have US offices in Texas and California and international offices in London.
Who You Are: An experienced Information Security Manager who can use communication, planning and organizational skills to manage various security operations and activities including knowledge and skill with networks, cloud, PCI / SOC audits, monitoring, vulnerability management and penetration testing.
Why You Should Apply: This position offers you the opportunity to work with a high paced organization on their industry leading eCommerce solutions. This role offers amazing growth potential for individuals looking to take their career to the next level.
The Information Security Engineer will be a key member of a growing Information Security team responsible for responding and dealing with vulnerabilities and preventing intrusions. This role works closely with application development and development operations groups across Kibo to ensure new and existing technical solutions are implemented in a manner that preserve the confidentiality, integrity and availability of customer data and Kibo intellectual property.
This individual will be a subject matter expert in the domain of information security as it relates to servers/workstations, networks, web applications, processes and regulatory compliance. They will be working proactively to design and implement security tools, controls and measures to ensure safety across our organization and products. In addition, they will assist in driving adoption of the information security program and necessary compliance and control objectives throughout the organization. Success in this role requires a good understanding of networking protocols, information security best practices, ability to understand and communicate risk, organization, planning, good communication and writing skills.
- Develop and manage a vulnerability management program.
- Point of escalation for discovered vulnerabilities within infrastructure and to provide recommendations for improvement, which can be client impacting.
- Coordination of PEN tests with outside vendors.
- Working knowledge of Internet Protocols, Networking, TCP/IP, AWS, and SaaS applications
- Ability to read and understand system, OS and application log files
- Experience with various technologies (IDS, IPS, VPN, WAF, DLP, Anti-Virus, Anti-Malware, SEIM, Vulnerability Scanners, Web Proxies, Firewall, MFA, key management) in a heterogeneous computing environment that spans physical and virtual data centers.
- Enhance the security posture of internal infrastructure and client-facing systems.
- Perform risk assessments, vulnerability management, penetration testing and patch management for Unix/Linux, Mac, Windows systems and web applications.
- Work closely with DevOps and Software Engineering to proactively identify and fix security flaws and vulnerabilities.
- Detect, investigate and recover from security incidents as well as assisting with incident response plans and root cause analysis.
- Analyze potential impact of new threats and exploits and communicate risks to relevant business units.
- Five or more years of technical experience in the information security field, systems / network engineering, preferably in an environment certified and compliant with a globally recognized Security Framework / Information Security Management System (NIST, ISO27001, SSAE 16 / SOC, PCI)
- Working knowledge of security and operations within Amazon (EC2, S3, IAM, VPC, Route53) a plus.
- Advanced knowledge of information systems security concepts and technologies; network architecture; general database concepts; document management; hardware and software troubleshooting and security tools.
- Demonstrated experience with systems auditing and monitoring to ensure compliance with security policies and standards.
- Advanced knowledge and experience with Unix/Linux, Mac and Windows operating systems and OS hardening.
- Experience automating the administration of systems through scripting and APIs a plus.
- Working knowledge of one or more programming languages a plus (Java, Python, PowerShell, Ruby, Bash, PHP, Perl, Java, .Net) a plus.
- Ability to work extremely well under pressure while maintaining a professional image and approach.
- Exceptional information analysis abilities; ability to perform independent analysis and distill relevant findings and root cause.
- Strong analytical writing skills to articulate complex ideas clearly and effectively; experience creating and presenting documentation and management reports.
- Team player with proven ability to work effectively with other business units, IT management and staff, vendors, and consultants.
- Strong communication skills and ability to work with minimal supervision.
- University Degree or equivalent.
- CISSP, CCSP, CISA, CISM certification(s) are preferred but not required.
This Job Description indicates the general nature and level of work expected of the incumbent(s). It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent(s) may be asked to perform other duties in addition to those described above.
Kibo Commerce Ltd. is an Equal Opportunity Employer and does not unlawfully discriminate on the basis of any status or condition protected by any applicable laws.