Security Engineer

About Procare

Our mission is to simplify childcare operations and create meaningful connections by providing technology, expertise, and unparalleled service.

Procare Solutions is the #1 name in childcare software – used by more than 35,000 childcare businesses across the country. For over 30 years, childcare professionals have looked to Procare to provide real-time information for making critical decisions, maintaining compliance with local and state regulations, and adhering to business best practices.

We make childcare management run smoothly, so that our customers can spend more time focusing on the kiddos, not back office administrative duties.

A little about the role…

The Security Engineer will report to the Director of Security and Compliance as part of the Corporate Security team. This is a matrixed position that will be aligned with the Infrastructure and Cloud teams on prioritization and implementation of InfoSec initiatives across the Procare organization. The Security Engineer will develop strategies to respond to and protect against security breaches and vulnerabilities. This role will help to document security standards, Industry best practices, lead deployment of security enhancements, and automation improvements. They will be responsible for educating the workforce on information security through training and security awareness programs.

The Security Engineer shall verify corporate and cloud security controls and drive implementing strategies to ensure that Procare’s applications and platform are compliant with security compliance and standards such as PCI-DSS, SOC2, HIPAA, FERPA, NIST CSF. Additionally, this position will provide security engineering support during system review, design, and development to introduce security early in the SDLC across Procare’s platform.

The successful candidate will bring a strong passion for information security and use prior experience, insights, and knowledge to help contribute to Procare’s Information Security objectives.

What You Will Do

• Perform hands on operational support of vulnerability management systems and applications
• Perform security assessments of corporate and testing environments
• Hands on implementation of security controls including preventative threat detection and employee training
• Develop guidelines for implementation and review of security configurations for an AWS based SaaS environment
• Conduct audits of IAM settings for Corporate and production environments
• Manage multiple monthly and Quarterly security meetings with development and operations teams
• Participate in Security Steering and guild groups
• Develop proactive security monitoring and alerting capabilities
• Build security automation into infrastructure deployment and CI/CD pipelines
• Perform manual and automated compliance, vulnerability, and penetration testing
• Constantly improve policies and procedures such as security incident management while gaining buy-in across the department and organization
• Coordinate and lead routine vulnerability scanning and remediation oversight on Procare’s systems
• Contribute to strategic security initiatives to improve capabilities through automation, process enhancement, and infrastructure engineering
• Identify improvement opportunities and provide recommendations for best practice process improvements and process automation
• Develop, facilitate, and maintain the Information Security Policy, Methods & Procedures, Technical Standards, Technical Best Practices, and general process documentation
• Create and maintain CIS Benchmarks for hardware and Operating Systems
• Update monthly security metrics for distribution to the leadership team and board members
• Provide operational support, ensuring systems and devices are online and available which may include 24x7 on-call support as needed

Requirements

Our Ideal Candidate Will Have

• BA/BS degree or higher and 5+ years of experience in cybersecurity or combination of education and relevant experience
• Current hold one or more CISSP, CISA, CRISC certifications
• Demonstrated knowledge of OWASP Top 10, CISA, HITRUST, NIST and other security frameworks
• Experience with application testing tools like BurpSuite
• Hands on experience with AWS, Linux, Kubernetes and Docker
• At least 2 years’ experience in securing AWS environments
• Experience with implementation of the AWS well architected framework with an emphasis on the security pillar
• Experience with AWS Security Hub, GuardDuty & CloudTrail
• A strong background in SecDevOps with familiarity with CI/CD and related concepts
• Strong verbal and written communication skills; ability to drive discussions and influence decision making; strong presentation and reporting skills
• Participation in more than one full SOC2 and/or PCI-DSS audit cycle preferred
• Experience with GRC solutions and proper compliance evidence collection methods
• Experience in Agile development methodologies using JIRA is highly desirable
• Network design and software engineering backgrounds are a plus
• Prior experience with security tools such as Qualys, CrowdStrike Falcon, Nessus, Kali, is a plus
• Ability to excel in a rapidly changing environment

Benefits

Why Procare?

• Excellent comprehensive benefits packages including: medical, dental, & vision plans- choose the plan best for you
• HSA option with employer contributions of $50/month
• Vacation time, holidays, sick days, volunteer & personal days
• Paid Parental Leave
• 401K Plan with employer match and immediate vesting
• Medical, Dependent Care, and Transportation FSA Plans
• Company paid Short and Long-Term disability and Life Insurance
• RTD EcoPass for all Denver employees
• Tuition Reimbursement up to $2,000/year and continued Professional Development
• Free access to our Employee Assistance Program with 24/7 live support
• Casual workplace environment
• Some meals provided
• Voluntary Pet Insurance
• Prime downtown location close to restaurants and entertainment
• Promote from within- excellent career pathing

Salary

$95k-$120k DOE

Location

This position is based in our Denver, CO office, Medford OR office, or remote. We are currently in a flexible hybrid in-office/remote working model based on local COVID-19 health regulations and business needs.