Sr. Information Security Engineer

Who We Are:

At Bandwidth, your music matters when you are part of the BAND.  We celebrate differences and encourage BANDmates to be their authentic selves.  #jointheband

What We Are Looking For:

The mission of the Security Operations team is to build, deploy, and operate information security systems, infrastructure, and tools. The Senior Security Engineer will act as a leader in monitoring, administration, ticketing and support. In addition, mentoring other security team members in operations functions, as well as assisting management in growing and maturing security detection, monitoring and response. As a Senior Security Engineer, you will work closely with not only other Information Security teams but also partner with the IT, development and architecture organizations. You will be part of a talented team of security professionals who demonstrate superb technical competency, delivering mission critical infrastructure and ensuring the highest levels of availability, performance and security across the enterprise.

What You'll Do:

• Provide technical and operational leadership for aspects of security operations, security architecture and security tools administration.
• Serve as an escalation point in incident response scenarios; acting as the incident lead and conducting investigations and forensics as needed.
• Actively engages in the performance of Incident Response activities, including but not limited to, triage, escalation, conducting post-mortem and lessons learned, as well as remediation tracking.
• Displays a strong knowledge and understanding of the utilization of various security tools include SIEM, SOAR, vulnerability scanners, CSPM, and EDR
• Advanced understanding of securing both cloud-based (AWS, GCP) and on-prem workloads including traditional architecture design and containerized environments.
• Identify gaps in current monitoring or operational processes and workflows, and recommend changes or enhancements to improve efficiency through security best practices..
• Provide security consulting on medium to large scale projects for internal clients to ensure conformity with corporate information, security policy and standards
• Drive vulnerability management and remediation efforts - prioritizing issues, implementing mitigations, and designing strategic preventative and compensating controls
• Drives process improvement and control implementation projects in coordination with the other Enterprise teams
• Engages with neighboring Bandwidth technology teams to drive awareness and compliance to security policies and standards
• Participate in security on-call rotation, supporting off-hours general security incidents and production systems.
• Maintain working relationships with business partners to understand business processes, and the impact of implementing security controls in their ability to do business
• Train and mentor team members for security operations, support, and/or administration tasks

What You Need:

Education:  

• Degree in an IT or Information Security discipline or other equivalent combination of education and/or experience that is focused on IT Security and Technology Operations.
• One or more of the following certifications:
  • GIAC Information Security Professional (GISP)
  • Certified Information Systems Security Professional (CISSP)
  • AWS Certified Security Specialty

Experience: 

• 5 or more years of specific Security Operations  experience required.
• 5 or more years SIEM, SOAR and vulnerability management experience, including integrating endpoints
• 3 or more years of incident response ex