Sr. Information Security Engineer - Techops 🔥
We work in a fun, collaborative environment that is diverse, adventurous, and open-minded. We look for proactive, accountable people focused on continuous learning and growth to push themselves and our businesses forward. Check us out .
As the Sr. Information Security Engineer, you will help us improve our information security, privacy, compliance, and risk management practices.
A big vision calls for a big job. As we grow, our need for a Sr. Information Security Engineer grows with us.
You’ll Report To: SVP, Technical Operations
A typical day as a Sr. Information Security Engineer might include:
- Architecting, installing, managing, and troubleshooting technical security controls such as Firewalls, Intrusion Detection Systems, Security Information Event Monitoring systems, vulnerability scanners, Malware solutions, Anti-Virus, Authentication systems, Virtual Private Networks, File Integrity Monitors, and/or other network security devices.
- Researching, evaluating, testing, recommending, communicating and implementing new security software or devices. Present written findings and recommendations as necessary.
- Maintaining on call duties / scheduling as required for Investigation and Incident Response and as directed by the Director of Information Security.
- Performing continual vulnerability, threat and risk assessments on all application environments using both automated analysis tools and manual procedures.
- Continuously researching new threat vectors, vulnerabilities, exploits, etc., determine how they apply to Leaf Group, design and document proposed risk treatment controls.
- Making all reasonable efforts to safeguard the network against unauthorized infiltration, modification, destruction, or disclosure.
- Analyzing risk of existing network and system architectures and their security policies, document risks and propose risk treatment plans.
- Evaluate operating practices and component level diagrams to determine if controls and security measures are adequate.
- Participate in enhancing the Information Security Program by developing new and / or proposing updates to technical control standards supporting the various Demand Media platforms and environments.
- Assisting software engineers with implementing best secure code development practices, vulnerability testing in development and testing as well as in production.
- Providing technical security support to the Network Engineering, Systems Engineering, Network Operations Center and Corporate IT teams.
- Independently leading projects, coordinating efforts with all team members, ensuring proper communication to management as well as the overall success of the project through to completion.
- Fostering and maintaining amicable relationships with security vendors and partnerships.
- Minimum of 3 years of related work experience implementing network infrastructure and at least 6 years focused on operational security
- Expert-level knowledge and experience managing network and security devices such as; firewalls, IDS / IPS, SIEM's, AV, Malware devices, VPN's, vulnerability scanning tools, etc.
- Extensive investigation and incident response experience analyzing networking technology including TCP/IP, Routers, Switching, VLANs, LANs, WANs and Wireless systems, Windows and Linux servers.
- Familiarity with network architectures and technologies, Windows Active Directory, Windows-Linux server, desktop operating systems, database and application architecture, etc.
- Expertise in either Windows or Linux helpful
- Must have IT Security auditing experience throughout work history conducting device configuration and security policy reviews, penetration testing, vulnerability assessments including web application vulnerabilities, network architecture assessments, system security assessments, general security posture and risk assessments, etc.
- Must have experience with SOX and PCI compliance control frameworks
- ISO 27001, COBIT, Safe Harbor, Privacy and Breach and Disclosure law favorable
- Project management skills including requirements analysis, project scoping, problem solving, status reporting, technical analysis, and meeting tight deadlines.
- A desire to participate in creating the workplace you want to be a part of.
- We're casual and informal but we work hard and work responsibly. Personal accountability goes a long way. We believe we are the change.
- CISSP, CISA, or other industry certifications
- Professional memberships with ISACA, ISSA, IRCA
About us:Leaf Group is among the 2022 & 2019 Built In LA Best Places To Work Among Comparably's 2021 Best Companies for Company Culture, Company Perks & Benefits, Company Compensation, Best CEO for Diversity, and Best CEO for WomeneHow is the 2019 & 2020 People's Choice and official Webby Winner for Social Video/How To-DIY OnlyInYourState is ranked the #3 Travel and Information Site (ComScore)Well+Good is the 2019 People's Choice winner of the Webby’s Award for Best Lifestyle BrandLeaf Group is among TalentDesk’s 2019 Best Companies To Work ForWell+Good is the 2018 winner of Fast Company’s Most Innovative Company AwardMyPlate is the 2018 winner of the Webby Award for Best DesignWinner of the 2017 Best Company for Diversity award ComparablyWe are a wholly owned subsidiary of Graham Holdings Company (NYSE: GHC), a storied diversified holding company
For full-time permanent roles:Competitive compensation and benefits packages (i.e., Medical, Dental, Vision, FSA, 401K)Gender neutral family leavePaid-to-play vacation rewardsDiscretionary unlimited vacation timeEmployee discounts for Saatchi Art, Society6, and Deny Designs
Process:Step 1: A video/phone call with a member from our Hiring Team. In this call, we will cover the basics of the role and our company, and discuss a high level overview of your past experiences, goals, and interest in this role.Step 2: A call with your potential manager or someone from the hiring team to dive deeper into your experiences and goals.Step 3: If applicable, short assessment to help us see your skill sets as they relate to the role we have. We will review this in Step 1.Step 4: Depending on the role, interviews with key stakeholders from the role (could be 1 or up to 3) who will dive further into the role with you and answer any questions you may have.
Leaf Group is a diverse, equitable, and inclusive workplace that reflects our customers and the world we live in. We encourage people from all backgrounds, ages, abilities, and experiences to apply for our roles. Leaf Group is an equal opportunity employer. We do not discriminate based on race, color, ancestry, religion, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender, gender identity or expression, pregnancy or caregiver status, veteran status, or any other legally protected status.
Agency Disclosure: If the Leaf Group Talent Acquisition department, or any current company employee, receives an unsolicited resume from a third party recruiting agency and Leaf Group does not have a signed Agency Agreement active, Leaf Group will not be deemed liable to pay a placement fee. The unsolicited resume will be considered a gift and can be considered for our recruitment efforts.