Security Engineer at DAT Freight & Analytics (Remote)
DAT is an award-winning employer of choice and a next-generation SaaS technology company that has been at the leading edge of innovation in transportation supply chain logistics for 44 years. We continue to transform the industry year over year, by deploying a suite of software solutions to millions of customers every day - customers who depend on DAT for the most relevant data and most accurate insights to help them make smarter business decisions and run their companies more profitably. We operate the largest marketplace of its kind in North America, with 227 million freight posts in 2021, and a database of $126 billion of annual global shipment market transaction data. We have co-headquarters in Portland, OR and Denver, CO, and additional offices in MO, TX, and Bangalore, India. For additional information, see www.DAT.com/company.
DAT is looking for an Information Security Engineer to join our team in Beaverton, OR; Denver, CO; or Remote.
This fully remote, work from home opportunity, is open to applicants who are full time residents of the following states: AK, AL, AR, AZ, CA, CO, CT, DC, FL, GA, HI, ID, IL, IN, KS, KY, LA, MA, ME, MT, MO, NC, ND, NE, NH, NJ, NM, NY, OK, OR, PA, RI, TN, TX, UT, VA, VT, WA, WI, WV.
We’re looking for an Information Security Engineer and Analyst for our Corporate IT Department. You will work as part of a team of experienced Engineers and Administrators reporting directly to the Senior Director of Technology Operations. You will help drive development, implementation, and monitoring of security policies, procedures, and governance. This includes (but not limited to) monitoring of server and firewall logs, scrutinizing network traffic, working with our MDR vendor, and troubleshooting. You will also analyze and resolve security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required.
What You’ll Do
- Work with operations and engineering staff to determine, recommend, and procure appropriate software, hardware, and tools that are required to secure the DAT computing environment.
- Work with vendors and engineering to design, perform, and/or oversee vulnerability management scans and penetration testing of systems in order to identify system vulnerabilities. Contribute to the creation, delivery, and enforcement of information security plans, policies, principles, baselines, and standards
- Plan, recommend and implement awareness training of the workforce on information security standards, policies and best practices
- Investigate, analyze and participate incident response team with resolution of security incidents
- Work with operations, product teams and vendors to ensure monitoring of server logs, firewall logs, intrusion detection logs, and network traffic (wired & wireless) for unusual or suspicious activity, interpret and make recommendations for resolution
- Assess need for any reconfiguration needed for security in platforms and systems and drive the implementation of new standards across the organization as required
- Partner with the application and functional teams to facilitate and assist with the integration of security testing as part of the SDLC
- Measure, track and report the security risk, vulnerability, and remediation status
- Work with our internal communications team, to manage internal security campaigns, including presentations and the creation of collateral to support the effort.
- Aid in leading large scale security and compliance initiatives, including vendor selection and implementation of practices.
- As a change agent, able to lead others through influence and understanding.
The Skills and Experience You’ll Bring
- Highly self-motivated and directed
- Strong organizational skills and excellent attention to detail
- Degree in Computer Science or related field, or equivalent experience
- 5 years of information security work experience in deployment or governance
- General hands-on knowledge of firewalls, intrusion detection systems, endpoint protection, anti-virus software, data encryption, DLP, NAC, SEIM and other industry-standard techniques and practices
- Technical knowledge of network, server, and endpoint platform operating systems
- Technical knowledge of identity management and security technologies including Active Directory, Group Policy, ADFS, and Authentication protocols including Kerberos
- Prior experience managing and maintaining information related to PCI or SOX audits
- Knowledge of applicable practices and laws relating to data privacy and protection including CCPA and GDPR
- Ability to effectively prioritize and execute tasks in a fast-paced environment
- Knowledge security practices in cloud environments
- Knowledge of Authentication best practices while using Oauth and SAML providers.
- Knowledge of Checkpoint Firewalls
- Experience with SD-WAN technologies
- Knowledge of MDR/EDR Solutions
- Strong knowledge of the TCP/IP suite of protocols including but not limited to ICMP, DHCP, DNS, HTTP(S), and FTP
- CISSP - Certified Information Systems Security Professional
- CEH – Certified Ethical Hacker (CEH)
- CISM – Certified Information Security Manager (CISM)
- ISSAP – Information Systems Security Architecture Professional (ISSAP)
- ISSEP – Information Systems Security Engineering Professional (ISSEP)
DAT embraces the value of a diverse workforce, and believes it is a core strength of our company that we encourage those values in every DAT employee, at every level of our organization, regardless of tenure or rank. We provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)