ParallelDesk
Login

Information Security Engineer

Sonatype is the software supply chain management company. We're on a mission to change how the world innovates by making software development easier. From running the world's largest repository of Java open source components (Maven Central) to inventing componentized software development, and then software supply chain management, to creating the only solution that stops malicious open-source malware in its tracks, we're constantly leading the industry while helping thousands of customers manage open source every day.Already used by 15 million developers, we have lofty goals for our technology to be in the hands of every engineering team. And, we need you to do that. Join us!Learn more at www.sonatype.com.The Information Security Engineer will secure the technical and operational aspects of Information Security for the organization, products and services; this person is essential to ensuring the ongoing protection of Sonatype’s critical role in the software supply chain. The role requires a strong understanding of Cloud security and experience with industry standard secure software development practices in order to contribute to the safe operation of cloud native solutions. This includes monitoring and vulnerability management practices, incident response, reporting, and guide security improvements. As part of the Information Security team, you will be an Information Security stakeholder and collaborate with technical teams and third-party vendors to integrate security controls and compliance proofing into our products, platforms, and processes.\nPrimary job duties:Perform vulnerability scans and internal penetration testing, review output, provide initial analysis and remediationPerform information security incident response and issue resolution as neededProtect digital assets from unauthorized access, mitigate risks before a data breach occurs and provide security to ensure critical information is thoroughly protectedImplement, configure and upgrade security tools and systemsEvaluate, integrate and configure security toolingCollaborate with technical teams, product managers and third partiesRespond to cyber security alerts from a variety of systems throughout the enterprise.Security event handling including InfoSec tickets, investigate log alerts & other security events via monitoring tools, event to incident conversion, etc.Perform technical risk assessments for software, products & services used anywhere inside Sonatype (OEMs, tools, algorithms, libraries etc.)Identify flaws within the organization's infrastructure and making risk-based recommendations.We are looking for 3 or more years of experience within the following areas:Cloud, networking or security operations rolesIncident management/handling and response methods/escalationVulnerability management & scanning toolsCommon security frameworks and protection methodsTechnical risk assessment methodsDevSecOps processesCloud and infrastructure securityAdditional skills of interest to us:Be conversant in web application security, ex: OWASP top 10Be familiar with the principles of security architectureHave experience in Disaster Recovery / Business Continuity planning and executionHave experience with threat modeling frameworks and related industry toolsHave performed penetration tests and/or security reviews of infrastructure Have deployed vulnerability scans, either automated or bespoke.Hold any of the following SANS Certifications: GSEC, GCIH, GCLD, GCID, GMONHold any (ISC)² Certifications such as: CISSP, CC, SSCP, CCSP, CAP, CSSLPThings that we are proud of:Fast Company Top 50 Companies for Innovators 2018, 2019, and 20202019 Best Places to Work Washington Post and Washingtonian2019 Wealthfront Top Career Launch CompanyEY Entrepreneur of the Year 2019Diversity & Inclusion Working GroupsParental Leave PolicyPaid Volunteer Time Off (VTO)\n#LI-RB1At Sonatype, we value diversity and inclusivity. We offer perks such as parental leave, diversity, and inclusion working groups, and flexible working practices to allow our employees to show up as their whole selves. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. If you have a disability or special need that requires accommodation, please do not hesitate to let us know.#LI-Remote

Job Type
Full Time
Salary
N/A
Experience
N/A
Posted
10 days ago

Similar Jobs from Partners

More Jobs

Senior Software Engineer (Java)

Civica / indore
17 hours ago

Apply

Senior Technical Support Analyst - P774FT-35

Civica / Vadodara
17 hours ago

Apply

Associate Editor

Slate / Brooklyn, New York
10 days ago

Apply

Assistant Project Manager / Superintendent

The Boland Group / Chattanooga
10 days ago

Apply

Assistant Project Manager / Superintendent

The Boland Group / Chattanooga
10 days ago

Apply

ParallelDesk News

Stellenmarkt des Kölner Studierendenwerks - Deine Stadt. Dein Job.

Srini | 21 December 2022

How do I make an HTTP request in Javascript?

Paralleldesk | 20 December 2022

Remote Jobs a Brief

Srini | 19 December 2022

US Green Card Immigration

Srini | 19 December 2022

Covid Conspiracy

Srini | 19 December 2022