Red Ventures is seeking a Security Solutions Architect to join our growing Cyber Security team. In this role, we are looking for someone to join our growing Security team aligned closely with our Infrastructure and Software Engineering teams to help define and implement architectural safeguards to ensure the safety and security of our systems and data.
At the intersection of leadership, strategic design, and implementation, the Security Solutions Architect role is key to Red Ventures’ continued operational success both on-premises and in the cloud (AWS). The Security Solutions Architect would play a role in safeguarding our systems by ensuring that our technology capabilities, infrastructure, and toolsets are held to the strictest security standards. Examples include designing security patterns and implementations related to firewalls, endpoint security, cloud security, vulnerability scanning and more. In addition to recommending ways to improve our security risk posture, you’ll contribute to the direction and strategy of our governance model, policies, and protocols. This will include the effective use of tools, controls, and countermeasures to protect or minimize the effect of unauthorized attempts to gain access to our systems.
Our growing Cyber Security team thinks like hackers would, because they must anticipate the continually evolving tactics, techniques, and procedures (TTPs) hackers will use to try and gain unauthorized access to our systems or negatively impact our business. To be successful, you’ll need to gain a thorough understanding of our systems, identify potential weak points, and recommend ways to improve and update security (while also looking for ways to remove risk-related blockers to business innovation).
The ideal candidate is comfortable being hands-on, and has experience with cloud security; SaaS vendor evaluations and security reviews; data protection (encryption, tokenization); security analytics, forensics and log analysis; web application security and secure coding practices; and web server and proxy hardening. Candidates should also be comfortable writing tools and provisioning new security infrastructures in lab environments for functional and performance testing.
- Staying current with new threats and exploits and assist in adjusting Red Ventures security profile accordingly.
- Designing and building automated and manual security assessment plans of key systems and applications.
- Act as a security liaison, consultant, and solutions architect to multiple independent lines of business.
- Work closely with the on-premises and cloud (AWS) operations team to design, develop, and implement security best practices.
- Directly lead a team of security engineers and analysts while working closely with our other IT, engineering, development, product, and business teams.
- Any other duties specifically related to raising our level of IT security within Red Ventures in an appropriate manner suitable for our culture and business risk.
The best candidate has 8+ years of extensive and detailed knowledge and experience in all aspects of cloud, network and system security at an engineering level.
Specific requirements include:
- 4+ years working with, or strong familiarity with, one or more IT Standards such as SSAE SOC2, ISO 27001, PCI, HIPAA/HITECH, NIST, CSA/CCM and similar.
- Experience and expertise in security tools like, IPS/IDS, Vulnerability management tools, DLP, CASB, IAM, DB monitoring and PAM solutions.
- Ability to understand information security and network risks. Bonus points if you have working experience (or strong knowledge) of Cloud environments or DevOps security compliance.
- Strong software design skills, preferably with recent server-side experience, preferably in C#, Golang, PHP, or Node.
- Expertise in working with all the standard diagnostic and security tools in Linux such as nmap, psad, tcpdump, syslog, iptables, ipvs, tripwire and similar.
- Experience implementing, tuning and monitoring NextGen firewalls.
- Expert in deploying and using scanning and penetration tools for vulnerability testing such as Nessus, nmap, AppScan and similar. Intimate knowledge of how to manually perform attacks such as SQL Injection, Cross-Site Scripting and other attacks as listed by the OWASP.
- Experience supporting, implementing and enforcing PCI requirements. Must have detailed knowledge of various technologies and techniques to meet PCI requirements.
About Red Ventures:
Red Ventures is a multi-billion-dollar portfolio of digital companies that specialize in bringing consumers and brands together. Through bespoke technology, integrated digital commerce and sales, distinguished partnerships, data science and original content from the company’s proprietary brands and marketplaces, Red Ventures provides better end-to-end consumer experiences throughout the buying cycle. Headquartered in the Charlotte metro area, Red Ventures has more than 3,600 employees globally in offices across the US, UK and Brazil.