Senior Security Engineer

About DAT

DATis an award-winning employer of choice and a next-generation SaaS technology company that has been at the leading edge of innovation in transportation supply chain logistics for 45 years. We continue to transform the industry year over year, by deploying a suite of software solutions to millions of customers every day - customers who depend on DAT for the most relevant data and most accurate insights to help them make smarter business decisions and run their companies more profitably. We operate the largest marketplace of its kind in North America, with 400 million freights posted in 2022, and a database of $150 billion of annual global shipment market transaction data. Our headquarters are in Denver, CO, and Beaverton, OR, with additional offices in Missouri, and Bangalore, India. For additional information, see www.DAT.com/company.

Job Application Deadline: 11/29/2024

The Opportunity

DAT is looking for a Senior Security Engineer to join our security team This position will work remotely in Seattle.

The Senior Security Engineer is responsible for developing, implementing, and maintaining advanced security measures to protect DAT's information systems. This role involves hands-on technical work and strategic oversight to ensure that security policies and procedures are in place and effective. The Senior Security Engineer will collaborate with various teams including but not limited to IT, Product, Engineering, Development, and external vendors to ensure security is integrated into the design of systems and applications. The position requires a deep understanding of security technologies and the ability to stay ahead of emerging threats.

What You'll Do

• Design, implement, and manage security systems and protocols across the organization
• Develop and maintain security architecture standards and processes for enterprise systems
• Work closely with the architecture and development teams to ensure security is integrated into infrastructure and applications
• Conduct regular security assessments, including vulnerability scans and penetration testing
• Analyze security risks and partner with the risk & controls department to develop mitigation strategies
• Monitor and respond to security incidents, ensuring quick resolution and minimizing damage.Oversee daily security operations, including monitoring, logging, and incident response
• Establish and maintain security tools such as firewalls, intrusion detection/prevention systems, and SIEM solutions
• Manage and update security policies, procedures, and best practices based on evolving threats
• Lead the incident response team in investigating and responding to security breaches
• Perform root cause analysis and implement preventive measures to reduce future risks
• Prepare post-incident reports for executive leadership and suggest action plans for improvement
• Ensure compliance with industry standards and regulations (e.g., ISO 27001, NIST, GDPR, PCI-DSS)
• Participate in internal and external security audits and testing, coordinating remediation of findings
• Stay current on emerging security laws and regulations and ensure organizational compliance
• Serve as a security subject matter expert (SME) in cross-functional projects
• Collaborate with IT, DevOps, and product teams to integrate security into development lifecycles (DevSecOps)
• Stay informed of the latest cybersecurity trends, tools, and threats
• Recommend and implement new security solutions as appropriate to ensure protection against emerging risks
• Analyze, gather, and communicate key security metrics to measure the effectiveness and overall health of the information security program.
• Develop dashboards and reports to provide actionable insights to stakeholders, helping guide strategic decisions and continuous improvement of security measures.
• Participate in security conferences, certifications, and continuing education
• Occasional travel for conferences or collaboration with distributed teams
• May require availability outside of normal business hours during major security incidents
  

The Skills and Experience You'll Bring

• Minimum of a Bachelor's Degree in Computer Science or related fields or equivalent experience
• Applicable industry certifications (e.g., CISSP, Sec+, CISM, SANS GIAC)
• Minimum of 6 years of experience in Information Security or related fields, with at least 2 years in a senior or lead role
• Ability to work closely with cross-functional teams including Engineering & Development, IT, and Product Management
• Ability to work collaboratively with senior management across multiple departments
• Ability to work effectively in a fast-paced, project-oriented environment
• Ability to prioritize and execute tasks while being able to communicate any risks/issues/blockers that would impact original timelines
• Ability to handle sensitive and confidential information
• Strong analytical, problem-solving and decision-making skills
• Strong verbal and written communication skills
• Experience with threat modeling
• Experience with evaluating, selecting, implementing and maintaining security tools (Firewalls, IDS/IPS, EDR, EPP, SIEM, WAF)
• Experience with agile methodology and working with a ticketing system
• Knowledge of security frameworks and standards
• Familiarity with vulnerability assessment tools such as Nessus, Burp Suite Pro, etc.
• Familiarity with cloud security (e.g., AWS, Azure, GCP) and DevSecOps principles
  

Bonus Skills

• Knowledge of the supply chain, logistics, or transportation specific markets, and its related instruments
• Prior experience
• Proficiency in programming languages like C++, Java, Python, etc.
  

Why DAT?
DAT is an award winning employer of choice.

For starters, we have a hybrid work environment, but we also know what makes a great workplace. We have a time-tested and resolute set of operating values predicated on integrity, mutual respect, open communication, and executing with excellence. These values inform our strategic vision as much as any one of our products does. We've been an employer of choice in the Portland metropolitan area for four decades, and within one year of opening our Denver office, DAT was #26 on Built In Colorado's 100 Best Places to Work In Colorado.

• Medical, Dental, Vision, Life, and AD&D insurance
• Parental Leave
• Up to 20 days of paid time off starting in year one
• An additional 10 holidays of paid time off per calendar year
• 401k matching (immediately vested)
• Employee Stock Purchase Plan
• Short- and Long-term disability sick leave
• Flexible Spending Accounts
• Health Savings Accounts
• Tuition Reimbursement Program
• Employee Assistance Program
• Additional programs - Employee Referral, Internal Recognition, and Wellness
• Free TriMet transit pass (Beaverton Office)
• Competitive salary and benefits package
• Work on impactful projects in a cutting-edge environment
• Collaborative and supportive team culture
• Opportunity to make a real difference in the trucking industry
• Employee Resource Groups
  

This position is not eligible for Visa sponsorship.

For Colorado-based candidates, in compliance with Colorado's Equal Pay for Equal Work Act, theminimum salary for this role is $120,000.00 + benefits. The maximum compensation for this role can vary significantly depending on your job-related skills and experience. DAT considers factors such as scope and responsibilities of the position, candidate's work experience, education and training, core skills, internal equity, and market and business elements when extending an offer.

DAT embraces the value of a diverse workforce, and believes it is a core strength of our company that we encourage those values in every DAT employee, at every level of our organization, regardless of tenure or rank. We provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

#LI-RF1