Information Security Engineer

About the Role

As the Information Security Engineer, you will have the functional responsibility for designing and implementing security solutions based on the approved security policy. You will leverage security products and technologies to automate and improve protections on Brivo’s systems and information.

In this role you will also be expected to:

• Plan, design, build, and integrate tools and systems used to protect information across devices, applications, and infrastructure.
• Maintain security systems, logs, and alerting configuration to identify incidents and initiate incident response processes in an on-call rotation.
• Collaborate with engineering and product management teams to proactively define and scope security requirements for new technologies, products, and features.
• Ability to deliver offensive attacks against sanctioned corporate infrastructure.
• Commit to continuous learning and improvement of development and quality strategies.
• Respond to incidents in an on-call rotation.
• Maintain current knowledge of security best practices and emerging threats and technologies.

About You

• Experience working in information security or other relevant work experience related to responsibilities above.
• Excellent written and verbal communication skills and the ability to communicate security and risk-related concepts to technical and nontechnical audiences at both the executive and working level.
• The ability to think critically and innovatively about the security solutions that can keep sensitive information safe while still allowing a business to flourish.
• Familiarity with the following:
  • Security policy auditing and enforcement
  • Security technologies including firewalls, scanners, IDS/IPS, SIEM, DLP, WAF, etc.
  • Container and serverless hosting, orchestration tooling, and security
  • Secure development best practices including build pipeline security integrations
  • SSL certificate and key management best practices
  • Exposure to cloud hosted environments (e.g. AWS, GCP, Azure)
  • Cloud security shared responsibility model and technologies
  • Familiar with configuration management tools (e.g. Chef, Ansible) and Infrastructure as Code software (e.g. Terraform, CloudFormation)
  • Scripting in either Python, Ruby, or Bash
  • Open source tools for assessing software, hardware, infrastructure and protocol vulnerabilities

Preferred Skills

• Information security or information systems related Bachelor's degree
• Security, cloud, networking, or system certifications such as: AWS Certified Security, CCSP, CASP+, Cloud+, Linux+, Network+, Pentest+, CCNA, CISSP, OCSP, etc.