Information Security Engineer
Vertafore is a leading technology company whose innovative software solution are advancing the insurance industry. Our suite of products provides solutions to our customers that help them better manage their business, boost their productivity and efficiencies, and lower costs while strengthening relationships.
Our mission is to move InsurTech forward by putting people at the heart of the industry. We are leading the way with product innovation, technology partnerships, and focusing on customer success.
Our fast-paced and collaborative environment inspires us to create, think, and challenge each other in ways that make our solutions and our teams better.
We are headquartered in Denver, Colorado, with offices across the U.S., Canada, and India.
JOB DESCRIPTION
As a member of the Vertafore Privacy and Compliance team, you will be responsible for architecture review, roles, and access review, driving the methodology and execution of offensive penetration testing activities.
Core Requirements and Responsibilities:
As a member of the Privacy and Compliance team, you will be responsible for architecture review, roles and access review, driving the methodology and execution of offensive penetration testing activities.
· Monitor computer networks for security issues and respond accordingly, including:
· Creating/Managing firewall rules
· Managing anti-virus endpoint tools
· Performing event correlation analysis on potential threats identified through our SIEM
· Configuring/Managing log management
· Configuring/Managing file integrity monitoring
· Performing vulnerability scans and remediation of identified risks
· The methodology & analysis of identifying compromised servers
· Performing rule tuning in our SIEM for improved detection capabilities
· Interact with customers by phone, chat, or trouble ticket on any customer facing security issues
· Investigate, document, and assess security breaches and other cyber security incidents
· Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs
· Identify and fix detected vulnerabilities to maintain a high-security standard
· Work with other technology teams and customers to perform tests and uncover network or other vulnerabilities
· May be relied upon as a technical point of contact during Escalated Events relating to security
· Review, investigate and respond to any external "abuse" complaints coming from our IP space
· Develop best practices for IT security
· Research security enhancements and make recommendations to management
· Handle escalated internal or customer security issues from support or another operations team
· Takes part in any security-oriented projects or critical initiatives
· Stay up to date on information technology & security news, trends, and standards
· Deliver an exceptional customer experience every day
· Flourishes in cooperative work environments
· Excellent communication and client-facing skills
· Self-motivated and takes initiative to enhance or improve processes, procedures, and solutions.
· Mentor teammates less familiar with AWS services and architectures
Knowledge, Skills and Abilities (certifications preferred):
· CCNA, CCNP, CompTIA Security+, CCNA-Security, CISSP
· AWS certifications (SAP/DEP)
· AWS Specialty certifications
· Various security appliance working knowledge e.g., Checkpoint, Imperva, IDS/IPS
· AWS Certified Solutions Architect – Professional, AWS Certified Security, AWS Certified Advanced Networking, AWS Certified SysOps Administrator
· AWAE, OSCP, OSCE, OSEE certifications
· Network, Database, System administration experience and certifications
Qualifications:
· Bachelor's degree preferred or 3-5 years of quivalent experience in CCNA, CCNP, CompTIA Security+, CCNA-Security, CISSP, etc.
· Must have excellent customer-focused problem solving and communication skills
· Proven track record of success working cross functional.
· Minimum of 5 - 10 years of real-world experience with AWS application architectures including:
o Deep, progressive experience with AWS security concepts, including IAM, STS, and AWS specific security controls and security architecture design patterns.
o Experience with serverless design concepts and supporting services including S3, SQS, SNS, CloudFront, DynamoDB, Lambda and, API Gateway.
· Familiarity with DevOps engineering concepts, infrastructure automation, pipelines, version control, and deployment strategies are also a plus.
· Proficiency with a variety of programming languages JavaScript, Java, Python, Go etc.
· An ability to validate that an environment meets security objectives through offensive security techniques, including:
o Experience with web application and API penetration testing methods and tools
o Experience with XSS, CSRF, IDOR, AuthN/AuthZ, and Confused Deputy attacks
o Practical knowledge of cryptographic concepts
Is this role not an exact fit for you? Keep an eye on our Careers Page for other positions!