The Security Ops & Engineering job family is responsible for the operation and engineering of technologies that deliver Security services. General areas of responsibility include enforcing authorized access to BillGO’s IT infrastructure, applications, and services, in addition to prevention, detection, and response to Security threats. Positions in Information Security are responsible for designing, operating, and monitoring systems which ensure the integrity and security of BillGO’s systems and data.

The Senior Security Engineer role is a member of the Security Operations & Engineering Team, whose mission it is to operate various platforms that deliver Security Services and to engineer new and enhanced solutions incorporating new and/or existing Security platforms. These responsibilities include stewardship of all technologies delivering/supporting Cloud Security, Endpoint Security, Data Security, and other Security platforms, including monitoring, operating, restoring, integrating, and extending these technologies, in a manner that achieves our business goals and meets compliance and regulatory objectives.

This position requires strong partnership with IT, Security, business, and third-party stakeholders, to ensure that BillGO can execute its business plans.

The Senior Security Engineer is a unique position that requires a broad technical background. Key factors for this position are not only technical aptitude, but also being a problem solver, continuous learner, self-starter, and great collaborator. The ideal candidate will have experience working – and thriving! - in a fast-paced environment.

RESPONSIBILITIES

Security Operations and Engineering (80%)

• Ensure that Security technical platforms and Services are always available.
• Ensure that appropriate maintenance, monitoring, automation, and response procedures are in place, to meet Security and availability objectives.
• Respond to operational alerts, in a manner appropriate for level of severity (this could require responding outside normal business hours).
• Support Security investigations as appropriate.
• Provide subject matter expertise and technical stewardship across a broad range of technical platforms and service offerings.
• Conduct operations with excellence, in a quality manner, in accordance with our change control and other documented processes.
• Gather, analyze, and report on Service KPIs.
• Partner with IT stakeholders to engineer, implement, and enhance technical platforms and related Service Offerings on an ongoing basis.
• Develop engineering patterns that facilitate the re-use of Services in a safe, efficient, and compliant manner.
• Create/maintain diagrams of Security platforms and integrations.
• Serve as a technical resource on various initiatives.
• Advocate for new/enhanced Security Services on behalf of all stakeholders.
• Hold technical debt to minimum possible.
• Contribute requirements to technology selection process.
• Develop/maintain Security-related governance (standards and procedures) in alignment with overall Security objectives, governance, risk, and compliance/GRC.
• Participate in testing and QA processes as required, to ensure that Service Offerings perform as expected.
• Partner with business and technical consumers of Security Service Offerings, to ensure that requirements are being met, future needs understood, and supporting roadmaps are developed to anticipate those needs.
• Learn and attend training related to monitoring, ongoing support, routine engineering, and operation of new and existing Security platforms and services

Leadership (20%)

Own and drive the best-possible outcomes for your space.

• Maintain awareness and commitment to company goals/targets.
• Serve as situational team lead, for any incident response, return-to-service, or other troubleshooting events, driving issues to resolution and communicating timely status.
• Establish and maintain good working relationships with all Security Ops & Engineering customers and other Security, IT, 3rd-party, client, and business stakeholders.
• Drive enterprise adoption and re-use of Security Services and engineering patterns.
• Provide expert advice, coaching, and counseling within discipline/functional area.
• Mentor Security peers and others, including training on new administrative functions, sharing best practices, and cultivating ideas and subsequent business cases.

Additional Job Duties and Responsibilities

• Adhere to all policies, rules, regulations, and procedures
• Perform other duties or functions as requested by management
• Participate in “on-call” rotation as a technical and functional expert

Prior Experience

• Minimum of Six (6) years combined experience operating in a Security Operations and Engineering role.

Technical and Professional Skills

• Must have direct operational ownership and experience managing Security systems/platforms/solutions (eg. Cloud security, Anti-malware, Endpoint Detection, DLP, IAM, and/or related).
• Must have experience configuring, integrating, troubleshooting, and returning these platforms to service.
• Experience with modern Endpoint Security and Endpoint Detection and Response/EDR solutions (eg. CrowdStrike, Cybereason, Sophos).
• Experience with operating/configuring security aspects/components of Cloud infrastructure (eg. Conditional Access policies, DLP, Key mgmt, Cloud Watch, Security monitoring, OS hardening, and/or related).
• Experience developing strategies to monitor technical platforms, to gauge operational health characteristics.
• Experience developing KPIs, to gauge performance and other operational characteristics, such as Service utilization over time, overall volumes, time to complete transactions, capacity/headroom, and related metrics.
• Experience diagramming technical platforms, including existing architecture, interactions with other systems, and/or proposed modifications to same (LucidChart and/or Visio preferred).
• Experience scripting (Python and PowerShell preferred), especially in its application to Cloud Service Providers (eg. Amazon AWS, Microsoft Azure, and Google Cloud Platform/GCP).
• Must be self-motivated, proactive, creative, and efficient at identifying, understanding, and proposing solutions to environmental issues/challenges.
• Must be able to organize and prioritize work and manage to deadlines.
• Ability to collaborate with, lead, and motivate individuals within and across teams.
• Excellent written, oral, instructional, presentation, and interpersonal skills.
• Identifies solutions to problems through application of analytical skills to data.
• Ability to work with all levels of the organization, from front-line developers to senior leadership.
• Demonstrates strong leadership qualities that can be used to guide a project.
• Demonstrated understanding of Security Controls and their tie to Governance, Risk, and Compliance.
• Experience with Windows and Linux operating systems.
• Ability to efficiently operate computers, tablets, and mobile devices.
• Certifications not required, but SSCP (Systems Security Certified Practitioner) or CISSP (Certified Information Systems Security Professional) are desirable.
• Working experience with Microsoft Office software, primarily Outlook, Word, Excel, and PowerPoint.