Information Security Engineer

5 days ago

Boston, United States Shorelight Full time

Information Security Engineer

Boston, Massachusetts

About Us

Shorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top–ranked, nonprofit American universities to build innovative programs and high–touch, technology–driven services that help talented students thrive and become global citizens.

Job Overview

The Information Security Engineer will validate that Shorelight's services, applications, and websites are secured against the latest threats. This role conducts security reviews, develops threat models, evolves the security assurance process, and creates metrics to demonstrate the team's performance. The Information Security Engineer manages the development and implementation of security standards and controls to ensure the organization's products are secure.

The Information Security Engineer is a problem solver with outstanding oral and written communication skills and a proven ability to outline security risks at all levels of the organization to both technical and non–technical individuals. He/She/They is an energetic team player who thrives in a fast–paced, high–tech environment and has high–level customer service skills. The ability to adjust quickly to shifting priorities, make decisions with limited information, and use good judgment to escalate risks and concerns to the leadership level is essential. The Information Security Engineer will influence and motivate participants in cross–team projects to engage on Security initiatives, so the proven ability to build partnerships and collaborate with key stakeholders is critical.

Essential Functions

Information Security

  1. Develop and maintain cloud security controls and best practices
  2. Deploy security automation and develop tools to secure the cloud
  3. Maintain an internal security library that outlines security controls and identifies common security flaws
  4. Conduct vulnerability assessments and mitigate and patch based on findings
  5. Develop automated security testing to ensure secure coding best practices are being used
  6. Prepare critical and regular security releases
  7. Setup tools and sensors to detect various attacks and exploitation techniques targeted towards cloud platforms and applications running within them
  8. Create and conduct risk evaluations for new processes, products, and services
  9. Develop, facilitate, and distribute security training modules corresponding security materials

Engineering

  1. Maintain Docker container and Kubernetes security, including pod–security and network security policies
  2. Support the DevOps and Engineering teams in developing infrastructure–as–code using Terraform, CloudFormation, CI/CD, GitHub, etc.
  3. Manage security across various Amazon Web Services (AWS) tools/products such as VPCs, Flowlog, CloudTrail, S3, Route53, Elb, CloudFront, and WAF
  4. Partner closely with Engineering and Product teams to suggest improvements that increase application security

Security

  1. Comply with Shorelight Written Information Security Policy, and all other Shorelight Information Security Policies and Procedures.
  2. Take responsibility for any Shorelight assets assigned to you.
  3. Promptly report any security events, incidents, or weaknesses to Shorelight Security.

Minimum Qualifications

  1. 7+ years of formalized information security experience
  2. Bachelor's degree or equivalent years' experience
  3. CISSP Information Security certification
  4. Experience managing security vendors and managed–services providers
  5. Strong understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
  6. Working familiarity with Cyber Security, Cloud Platform Security, Risk Assessment, Network Security, IAM, Data Security, and Data Governance
  7. Ability to occasionally provide weekend and after–hours support

Preferred Qualifications

  1. Bachelor's degree in Information Security, Computer Science or related field
  2. Strong background in technical engineering and architecture, such as infrastructure/cloud engineering or software development
  3. Information Security certifications in SANS GIAC, CISA, etc.
  4. Experience with OWASP, static/dynamic analysis, and common exploit tools and methods
  5. Development experience
  6. Prior experience managing and growing a team

Application Process

To apply for this position, please visit the Shorelight Careers page to submit an application with a resume and cover letter.

Background Check Required Education, Criminal, Identity

Shorelight is an Equal Opportunity Employer.

#J-18808-Ljbffr

  • Information Security Engineer

    5 days ago

    Boston, United States Shorelight Full time

    Information Security EngineerBoston, MassachusettsAbout UsShorelight is reinventing the international education experience for students worldwide. Based in Boston, the company works directly with top-ranked, nonprofit American universities to build innovative programs and high-touch, technology-driven services that help talented students thrive and become...

  • Information Security Engineer

    5 days ago

    Boston, United States WHOOP Full time

    At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.WHOOP is seeking an Information Security Engineer to join our team, reporting to our Lead Security Engineer. In this role you will design, implement, administer, and monitor security...

  • Information Security Engineer

    5 days ago

    Boston, United States WHOOP Full time

    At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives.WHOOP is seeking an Information Security Engineer to join our team, reporting to our Lead Security Engineer. In this role you will design, implement, administer, and monitor security...

  • Information Security Engineer

    6 days ago

    Boston, United States WHOOP Full time

    At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. WHOOP is seeking an Information Security Engineer to join our team, reporting to our Lead Security Engineer. In this role you will design, implement, administer, and monitor security...

  • Information Security Engineer

    6 days ago

    Boston, United States BOSTON TRUST WALDEN COMPANY Full time

    Job Description Job Description Boston Trust Walden Company Overview __ Boston Trust Walden Company is an independent, employee-owned firm that provides investment management services to institutional investors and private wealth clients. The firm manages approximately $16 billion in client assets. Boston Trust Walden distinguishes itself in several key...

  • Information Security Engineer

    2 weeks ago

    Boston, United States BOSTON TRUST WALDEN COMPANY Full time

    Job DescriptionJob DescriptionBoston Trust Walden Company Overview Boston Trust Walden Company is an independent, employee-owned firm that provides investment management services to institutional investors and private wealth clients. The firm manages approximately $16 billion in client assets.Boston Trust Walden distinguishes itself in several key ways,...

  • Senior Security Engineer

    2 weeks ago

    Boston, United States Aqua Security Full time

    Aqua Security is a global leader in cloud-native security, safeguarding software infrastructure from development to production. As a rapidly growing player in the cloud-native security space, we champion innovation, collaboration, and growth. We're seeking a talented Security Engineer to join our elite Security team and enhance our vulnerability management...

  • Splunk Security Engineer

    3 weeks ago

    Boston, Massachusetts, United States GuidePoint Security Full time

    At GuidePoint Security, we are seeking a highly skilled Splunk Security Engineer to join our team. As a Splunk Security Engineer, you will be responsible for driving complex security-focused deployments of Splunk while working side by side with our customers to solve their unique problems across a variety of use cases.Key Responsibilities:Drive complex...

  • Information System Security Engineer

    24 hours ago

    Boston, United States Avint LLC Full time

    Avint LLC is seeking a motivated, career, and customer-oriented Information System Security Engineer to join our team in the Hanscom Air Force Base area. The person in this position shall ensure that all system and application deliverables meet the requirements of DoD and Air Force Cybersecurity policies and directives. The activities within this position...

  • Information Security Manager

    1 month ago

    Boston, United States firstPRO, Inc Full time

    firstPRO is now accepting resumes for a Information Security Risk Manager role in Boston, MA. This is a direct hire role and onsite 5x per month.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Maintain the credit union’s Information Security Program, including awareness, adherence, and...

  • Information Security Manager

    1 month ago

    boston, United States firstPRO, Inc Full time

    firstPRO is now accepting resumes for a Information Security Risk Manager role in Boston, MA. This is a direct hire role and onsite 5x per month.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Maintain the credit union’s Information Security Program, including awareness, adherence, and...

  • Information Security Manager

    1 month ago

    Boston, United States firstPRO, Inc Full time

    firstPRO is now accepting resumes for a Information Security Risk Manager role in Boston, MA. This is a direct hire role and onsite 5x per month.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Maintain the credit union’s Information Security Program, including awareness, adherence, and...

  • Information Security Manager

    3 weeks ago

    boston, United States firstPRO, Inc Full time

    firstPRO is now accepting resumes for a Information Security Risk Manager role in Boston, MA. This is a direct hire role and onsite 5x per month.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Maintain the credit union’s Information Security Program, including awareness, adherence, and...

  • Information Security Compliance Manager

    4 weeks ago

    Boston, Massachusetts, United States Boston Consulting Group Full time

    Job SummaryWe are seeking a highly skilled Information Security Specialist to join our team at Boston Consulting Group. The successful candidate will be responsible for managing security compliance for our software and data offerings in alignment with AICPA's SOC 1 and SOC 2 framework and ISO 27001 standards.Key ResponsibilitiesManage security compliance for...

  • Senior Cloud Security Specialist

    3 weeks ago

    Boston, Massachusetts, United States Aqua Security Full time

    Cloud Native Security EngineerAqua Security is a global leader in cloud-native security, safeguarding software infrastructure from development to production. As a rapidly growing player in the cloud-native security space, we champion innovation, collaboration, and growth.We're seeking a talented Security Engineer to join our elite Security team and enhance...

  • Security Engineer, Security

    5 days ago

    Boston, United States Amazon Full time

    Security Engineer, Business Information Risk At Audible, we believe stories have the power to transform lives. It's why we work with some of the world's leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire...

  • Information Security Engineer || Boston MA

    6 days ago

    Boston, United States Inficare Full time

    Job Title: Information Security Engineer Location: Boston MA 02135 (Onsite/Hybrid) Duration: 6+ Month Contract (35 hours/week) Job Description: Looking for someone in the Northeast who can be in the office to train initially (several weeks minimum); Once trained, flexibility to work remote Skills: Requirements: BA or BS degree in Computer Science,...

  • Senior Cloud Security Specialist

    3 weeks ago

    Boston, Massachusetts, United States Aqua Security Full time

    Aqua Security is a global leader in cloud-native security, safeguarding software infrastructure from development to production.We're seeking a talented Security Engineer to enhance our vulnerability management and compliance operations.This role offers the opportunity to manage vulnerabilities, conduct security scans, and oversee the security...

  • Information Security Specialist

    4 months ago

    Boston, United States Boston Consulting Group Full time

    WHAT YOU'LL DO The right candidate is responsible for managing security compliance for BCG’s software and data offerings in alignment with AICPA’s SOC 1 and SOC 2 framework and ISO 27001 standards. The right candidate must be able to demonstrate understanding of the fundamental security compliance frameworks, understand security and compliance audit...

  • Information Security Specialist

    4 months ago

    Boston, United States Boston Consulting Group Full time

    WHAT YOU'LL DO The right candidate is responsible for managing security compliance for BCG’s software and data offerings in alignment with AICPA’s SOC 1 and SOC 2 framework and ISO 27001 standards. The right candidate must be able to demonstrate understanding of the fundamental security compliance frameworks, understand security and compliance audit...