InfoSec Operations / Cloud Security Manager
Gloo provides a personal growth platform that enables service providers, our “Champions,” to exchange better insights, resources, and technology to serve their people. Our company name reflects the trusted bond between people that serves as the foundation for growth, and everything we build strengthens that bond. We’re leveraging the same exponential tech that’s driving success in other industries and making it available through personal growth resources such as custom assessments, growth plans, and more. As one of Boulder’s most innovative and growing tech companies, Gloo needs more talented professionals who are driven to make a positive impact.
The Opportunity:
As a member of the Trust team responsible for supporting the company’s data privacy and security compliance objectives, you bring significant security, compliance and AWS.
You would work closely with our General Counsel and be responsible for developing both policy and controls that deliver to the organization’s cybersecurity goals. Day to day you will represent Trust by being an individual contributor responsible for control design, operation, and monitoring. You may work with cross-functional teams as well as our managed security service providers.
Ensuring that we are obtaining the return we expect on our security investments is the foundation of your success. You bring depth with enterprise grade processes and creativity for what is possible to the group. We are embarking on an effort to build a high performing governance program that keeps our customers and company safe. You have a formal degree, advance competency in NIST CSF as well as other commonly used frameworks, and bring a vast array of knowledge with respect to how controls can be implemented, operated, and audited. If that sounds like fun, join us and contribute to technology that is truly transforming lives.
The Team:
Our Trust Team, which includes our Security team, is passionate about assuring that our infrastructure builds the trust that underpins relationships and personal growth. Our team is personable, innovative, and aspirational. The culture of our team is extremely important to us. We want you to be engaged in your projects, we want you to be an innovative self-starter, we want you to voice your ideas, and we want you to be proud of what you accomplish.
What You’ll Be Doing:
- You will be responsible for developing an internal NIST CSF scorecard, performing against related KPIs by building, implementing, operationalizing and maintaining the following sorts of controls:
- Risk management-
- Risk register
- Security by design, application security and secure development
- Technical security standards, tooling, training that enable developer productivity
- Security toolchain knowledge
- SIEM and SOC
- Vendor management
- Vulnerability management
- Network Security
- VPN
- SSO
- Secure Endpoints (Engineering Workstations)
- Encryption- Monitoring
- Web Application Firewall
- Cloud controls
- Automated Access and Compliance controls-
- Deployment and Maintenance of our AWS Baseline
- Evaluating new AWS services for DevSecOps use cases
What We Are Looking For
- BS in Computer Science or Engineering
- At least 7 years of experience working on enterprise-grade security programs – network, data, and web experience highly desirable
- Advanced certification such as CISSP, CISM, AWS Security Professional Strong Understanding of Core Security Principles
- Strong understanding of key cloud tools - AWS CLI, Cloudformation, BashExperience with AWS
- An articulate communicator – you are able to translate your ideas into understandable presentations and documentation
- Passion for delivering creative and lean observability solutions
- Commitment to producing detailed documentation
- Willingness to obtain AWS Cloud Certifications
The Perks/Benefits
- Compensation and bonus commensurate with experience
- Plenty of time off to keep you balanced
- Medical with HSA contribution
- A dynamic, talented team, dedicated to changing the world and building an incredible business
- Remote Flexibility
- Headquartered in downtown Boulder on Pearl Street, steps from coffee shops and blocks from hiking trails
Compensation: $130,000 - $180,000 DOE
Applications welcomed from those who are US Citizens or hold a Green Card.