Principal Information Security Engineer

Vonage is a global cloud communications leader that helps businesses accelerate their digital transformation through our fully programmable Unified Communications and Contact Center Applications. Our Technology Mission: We leverage technology and best practices to provide world-class business application and user support across Vonage’s global organization. We partner with the business to understand their current and future needs, define, develop, deliver and maintain business systems, data management/storage, network systems and desktop support. We integrate business requirements with technology alternatives, taking into consideration business criticality, timing and cost implications. We apply creativity and state-of-the-art technical understanding to ensure our systems provide business, team and individual value. Why this role matters The Vonage Information Security organization drives Security, Privacy, Trust, and Compliance by design and is seeking a Senior Security Engineer expert who would report directly to the Chief Information Security Officer of Vonage. In this role the expert individual will have deep and broad technical experience in a) designing a defense-in-depth security architecture, b) helping assess and implement appropriate security, privacy, and compliance constructs and controls, and c) helping develop strong security monitoring, alerting, and response mechanisms. As a senior security engineer, the candidate is expected to understand modern cyber threats and to champion world-class security best practices to effectively counter these threats. Where you will work Hybrid: You will have home based days, but will be required to commute to the office as and when necessary (To be agreed with your line manager). The address of the office you will be commuting to is 23 Main Street, Holmdel, NJ 07733. What you will do Lead system and application architecture security reviews and identify and help implement robust security architectural constructs. Partner with senior engineering/IT/security leaders to develop and strategically implement and maintain a world-class security posture across a variety of communication products and services. Champion the continuous improvement of security monitoring, detection, and prevention capabilities. This includes vendor technology evaluations, and the subsequent operational deployment of selected security tools. Key areas include network security, container security, host-based intrusion detection systems, cloud security tools, web application firewalls, database security monitoring systems and data classification tools, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs, to name a few. What you will bring Required A BS/MS in Computer Science, Computer Engineering, Information Security, Mathematics or other related degrees. A passion for Information Security. Demonstrated track record of significant security contributions. Ability to function independently and partner strategically and effectively with cross-functional leaders across a modern software/technology company. Demonstrated record of continuous learning – new technologies and best practices. Knowledge of cloud computing systems - AWS knowledge is a must, Google Cloud highly desired. Experience implementing an IaC based security strategy. Knowledge of Secure SDLC (SSDLC) processes and tools in support of a shift-left software security philosophy. Experience in working with Application and API software development teams in defining specific product security requirements and operating within a robust security architecture blueprint. Understanding of Kubernetes/container ecosystems. Demonstrated understanding of general Unix/Linux systems administration (Or similar, e.g. Ubuntu, Solaris, etc.). Knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec etc.). Foundational cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, etc.). Knowledge of Security incident response processes. Knowledge and understanding of MITRE ATT&CK vectors and tools as well as the best practices for securing systems and networks. Must be fluent in English and have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff. Candidates must be self-motivated, have strong collaborative skills, and willing to work with and learn enterprise technologies and be comfortable working in a matrixed organization. Information Security and Cloud Certifications (CISSP, CISM, CompTIA, etc.). AWS Cloud Certifications (AWS Architect, AWS Security Engineer, etc.). Experience in Threat Hunting Processes and Tools. Prior hands-on software development experience. How you will benefit Medical, Vision, and Dental Coverage. Health Savings Account (HSA). Income Protection. Maternity & Paternity Leave. 401(k) Contributions: Pre-Tax, Roth, or After-Tax Roth Options. Unlimited Discretionary Time Off. Three Paid Volunteer Days a Year. Tuition Reimbursement. Voluntary Legal Plan. Optum Employee Assistance Program. Discount on Auto, Home & Pet Insurance. Note: The purpose of this profile is to provide a general summary of essential responsibilities for the position and is not meant as an exhaustive list. Assignments may differ for individuals within the same role based on business conditions, departmental need or geographic location. About the company Vonage is a publicly held business cloud communications provider. #J-18808-Ljbffr