Red Ventures is seeking a Director of Security Engineering. This is a technical leadership position on our our growing Cyber Security team. In this role, we are looking for someone who will work directly with our CISO and VP of Architecture as well as our Infrastructure and Software Engineering teams to help define and implement architectural safeguards to ensure our data is safe. Our goal is to not only protect our data, but our partner and client data fiercely. Our security team is growing in both size and importance as we continue to grow!
Our Director of Security Engineering will safeguard our systems through ensuring that our technology capabilities, infrastructure and toolset, ranging from firewalls, endpoint security, cloud security, vulnerability scanning and more, are held to the strictest security standards. However, you must also think like a hacker would, because they must anticipate the continually evolving TTP’s hackers will use to try and gain unauthorized access to the computer system or negatively impact our business. To be successful, you’ll need to gain a thorough understanding of our systems, learn who has access and where the weak points are, recommend ways to improve and update security and always look for ways to remove risk-related blockers to business innovation. In addition to recommending ways to improve our security risk posture, you’ll contribute to the direction and strategy of our governance model, policies and protocols. This will include the effective use of tools, controls and countermeasures to protect or minimize the affect of unauthorized attempts to gain access to our systems.
You are "hands-on" security infrastructure and engineering and you can do product evaluations in Cloud security (Encryption and Tokenization), Security Analytics and Forensics, “XYZ as a Service”, Multi Variant Advanced Persistent Threats, Proxy (forward, Reverse, Transparent and Web 2.0), HTTPS/SSL interception/MITM & Data leakage space, etc. You are also comfortable writing tools and setting up new security infrastructures in lab environments for functional and performance testing. Develop requirements/ gap analysis, product research in malware/zero-day threat prevention, proxy, log analysis, Cloud SaaS.
- Daily monitoring and tuning of all IT security systems such as IDS/IPS, anti-virus, firewalls, DDoS and similar.
- Staying current with new threats and exploits and assist in adjusting Red Ventures’ security profile accordingly.
- Building and completing automated and manual penetration testing of key systems and applications.
- Research, testing and deployment of additional security processes and products.
- Any other duties specifically related to raising our level of IT security within Red Ventures in an appropriate manner suitable for our culture and business risk.
- As Functional Lead, you will be a hands-on player and a coach. You will directly lead a team of security engineers and analysts while working closely with our IT, engineering, development, product, and business teams.
The best candidate has 8+ years of extensive and detailed knowledge and experience in all aspects of cloud, network and system security at an engineering level.
Specific requirements include:
- 4+ years working with, or strong familiarity with, one or more IT Standards such as SSAE SOC2, ISO 27001, PCI, HIPAA/HITECH, NIST, CSA/CCM and similar.
- Ability to understand information security and network risks. Bonus points if you have working experience (or strong knowledge) of Cloud environments or DevOps security compliance.
- Strong OOP and software design skills, preferably with recent server side experience, preferably in C#, Golang, PHP, or Node.
- Expertise working with all the standard diagnostic and security tools in Linux such as nmap, psad, tcpdump, syslog, iptables, ipvs, tripwire and similar.
- Experience implementing, tuning and monitoring NextGen firewalls.
- Expert in deploying and using scanning and penetration tools for vulnerability testing such as Nessus, nmap, AppScan and similar. Intimate knowledge of how to manually perform attacks such as SQL Injection, Cross-Site Scripting and other attacks as listed by the OWASP.
- Experience supporting, implementing and enforcing PCI requirements. Must have detailed knowledge of various technologies and techniques to meet PCI requirements.
About Red Ventures:
Red Ventures is a leading digital consumer choice platform based in Charlotte, North Carolina. Through deeply integrated brand partnerships and consumer-facing assets, Red Ventures connects online customers with products and services across high-growth industries including home services, financial services, and healthcare. Founded in 2000, Red Ventures has more than 2,700 employees in offices across the Carolinas, Seattle, Washington, and Sao Paulo, Brazil.