Cyber Security Engineer

Alteryx is seeking an experienced Cyber Security Engineer with demonstrated competence and thought leadership capability to contribute toward the success of our Cyber technology initiatives.  The role reports to the Vice President of Information Security and Data Privacy.  The Cyber Security Engineer is a critical role within the Information Security organization focused on identifying and remediating cyber security risks and automating solutions to reduce the organization’s risk landscape. This role will be focused on supporting the existing technologies as it relates to securing the network, its perimeter, as well as the identification and mitigation of advanced threats within the organization.

The Cyber Security Engineer will assist with the security design, implementation and support of security solutions and technologies to help protect the environment from unauthorized access, use, disclosure, destruction, modification, or disruption. The Engineer will analyze system services, operating systems, networks and applications from a cyber security perspective, discovering security issues that appear under existing and new threat scenarios.

Responsibilities include:

• Assist in continuing to mature the Cyber Defense framework, policies and procedures
• Contributor in building out the existing vSOC
• Contributor to the Cyber Incident Response Plan and Playbooks
• Partner with IT to assess, design and deploy Cyber Defense monitoring, prevention and malware technologies
• Performs analysis of events/incidents and provide remediation suggestions to relevant business owners
• Research and document security best practices to proactively identify cyber security gaps including vendor review, new technology evaluations and proof of concept trials
• Assist in the assessment of the current SIEM solutions for internal and external environments
• Collaborate with Engineering teams to build out the DevSecOps approach
• Review vulnerability scans and work with Risk and Compliance, IT and Engineering to prioritize vulnerabilities based on risk and threat intelligence as well as secure compliance
• Assist in monitoring configuration management to ensure IT and Engineering related assets comply with Security standards
• Collaborate with IT and Engineering to ensure compliant inventories and secure baseline images
• Assist in the monitoring and review of Firewall Rule sets/configurations and changes to ensure proper oversite and compliance against security standards
• Analyze penetration/assessment test results and engage with Information Technology and business units to resolve and track identified findings and recommendations

Required Qualifications

• 5+ years of experience in Information Security and Cyber Defense
• Bachelor's degree in Cyber Security, Information Security or equivalent work experience
• 2+ years in securing Cloud Security platforms such as AWS, Microsoft and Google Cloud Solutions
• Experience in IT infrastructure management
• Experience working a cyber breach and breach investigation
• CISSP and or GIAC certifications
• Experience with Continuous Integration and Continuous Delivery practices of DevSecOps
• Confident ability to recognize security events of interest that may require improved detection/alerting capabilities.
• Has mastered the Security Core concepts of Data Center and Cloud Technologies (Inventory Management, Vulnerability Management, Configuration Management and Patch Management)
• An understanding of tiered defense-in-depth security design
• Detailed technical knowledge in security engineering, system and network security, authentication and security protocols, security vulnerabilities and remediation techniques
• Strong experience with Windows and Linux Servers
• Familiar with emerging technologies in the security monitoring, event correlation and alert/detection space

Desired Skills and Experience

• Collaborative with a pleasing personality and strong customer service skills
• CCSP is a definite plus
• Familiarity with common industry best practices (ITIL, SDLC, AGILE)
• Direct and recent working experience with the following compliance programs: ISO 27001, ISO 27018, SSAE18 SOC1 Type 2/SOC2 Type 2, CSA and FISMA/FedRAMP
• Security and IT Metrics knowledge
• Has ability to effectively communicate technical information to non-technical audiences and ability to influence others to comply with policies / conform to standards and best practices
• Mentor to other security professionals and stakeholders