As a Principal Security Engineer,  you will provide strategic direction, leadership and vision to define and implement security solutions and reusable frameworks – aimed at mitigating security threats across the company’s software development lifecycle and architectures deployed across a hybrid cloud environment. The right candidate will rely on a broad skill set across multiple technologies and will have a passion for security.

What you’ll be doing - interesting problems you can help us solve:

• Define and shape the future of DevSecOps at Sovrn
• Working across the engineering teams to implement security by design, with proactive, early reviews and security integration.
• Develop and deploy automation tools and services that enable software developers to easily consume security as a service
• Develop, implement and promote the adoption of security and access policies appropriate to various environments
• Coordinate and conduct security training across the organization

Responsibilities

• Ensuring Sovrn’s systems and data are properly protected
• Technology thought leader, driving direction, you will advocate for best practices, coding standards, and workflows improvements throughout the business
• Works with Engineering and Product teams to deliver solutions designed for secure operation driving towards architectural and implementation consistency across the entire tech stack
• Manage security monitoring and alerting solutions
• Coordinate routine security tests, audits and exercises - both internal and by external third-parties
• Coordination of resolution for security-related incidents
• Researches industry and technical trends, keeps abreast of technologies and potential solutions

Qualifications:

• 3+ years experience in an advanced security position with hands-on doing software and/or reliability engineering work
• Experience growing and leading a team
• Experience with security architecture, threat modeling, secure application development, developing security controls architecture patterns, and creating strategies and roadmaps
• Advanced knowledge in identity and access management, authentication, authorization, encryption, PKI, and security monitoring methodologies and technologies, ethical hacking/penetration testing, secure coding/OWASP top 10
• Experience with developing security controls for cloud native architectures and legacy systems
• Must be able to coordinate and direct multiple teams towards common goals and best practices using excellent communication and leadership skills
• Ability to promote and demonstrate the value of building secure environments
• Quickly establish trust and rapport with key stakeholders

Nice to have

• AWS Certified Solutions Architect – Professional
• CISSP, OSCP or equivalent security accreditation
  

About Sovrn

We spend a great deal of our time online. Whether it’s for information, commerce, or entertainment, each of us has come to depend on what we research, discover, and share. Publishers – those who create and curate content – are what makes the Internet great. Yet these publishers practice their craft largely alone, in siloes – without reference points or insightful understanding about where they sit in the grand scheme of things. To add to the challenge, once a Publisher’s content is in the wild, then the task of building engagement, growing a loyal following and enriching the engagement with that following can sometimes feel like shots in the dark or worse, a black box. Moreover, making money from their craft can be a complex task for any independent publisher who might prioritize generating content first and money second.

Sovrn believes that independent publishers are the Internet's vibrancy. As a partner and advocate to tens of thousands of independent publishers, Sovrn provides tools, technologies and services that help publishers (a) make money; (b) get distribution to grow their audience; and (c) access a massive data commons providing extraordinary insights.

The landscape of content networks, adtech vendors, and the myriad of buy-side / sell-side companies can be a complete maze for any reasonable person to decipher. Sovrn cuts through the noise and simplifies things with a basic, straightforward mission:

Help content creators do more of what they want to do – and less of what they don’t.