SecOps Engineer - Location Flexible - remote

Posted 3 years ago

COVID 19 UPDATE:

We have leaned into the current health crisis with the development of new features like Volusion Curbside. Since March, we have hired more than a dozen new Volusioneers with no signs of slowing down. We are actively interviewing for key roles in order to keep up with our product roadmap goals. During these unprecedented times Volusion continues to provide stability and growth opportunities to our employees and merchants alike.

We are doing our part to flatten the curve so for the time being all interviews will be conducted virtually. As a company ALL employees are currently working remotely.

Location Flexible:

If “Location Flexible”is listed in the job title of a role, the role can be located in any of the states where Volusion is authorized to do business. Please work with your recruiter to understand any location constraints of a particular role and to communicate your location preferences.

The rundown:

The SecOps Engineer is a key member of the team responsible for the security of Volusion’s technical and application infrastructure. The focus of the team is to ensure that the network, infrastructure, systems, and application environment are architected and implemented to industry level security standards. This includes defining and implementing security updates and software patches for our in-house applications as well as assessing the security, risk, recovery, policies/procedures, and compliance activities to protect the confidentiality and integrity of customer, employee and business critical information in compliance with organizational policies and standards. This position performs regular vulnerability scanning and risk analysis, including internal and external penetration testing. The SecOps Engineer will work closely with all business units across the organization to improve the overall security posture of the Corporate and Customer facing environments.

You will:

  • Conduct on-going risk assessments of IT vulnerabilities, and recommend/oversee appropriate corrective actions
  • Perform internal and external security penetration tests, including conducting hands-on security evaluations, threat modeling, and penetration testing of networks and infrastructure
  • Research emerging products, services, protocols, and standards in support of security improvements and risk mitigation efforts. Provide recommendation to management on researched items.
  • Provide a significant contribution to the development of technical security policy and/or standards in order to guide operating practices within various information security subject areas. For example, PCI, operating system security, use of encryption, network security, etc.
  • Engineer and maintain security solutions to protect a variety of users, applications, platforms and computing environments, including the development and maintenance of security testing and vulnerability assessment tools, methodologies, and processes
  • Identify and resolve complex issues and develop innovative solutions to achieve business and technology goals while maintaining appropriate security
  • Promote awareness and education in business units regarding security best practices and methodologies that support and achieve business objectives in a secure manner
  • Deliver strategic advice and guidance in the design and implementation of security reviews and detailing system and environmental security vulnerabilities in a clear and concise manner
  • Mitigate security exposures through the development of risk-based business recommendations
  • Conduct quarterly PCI Scan tests, and work with PCI QSA to conduct annual PCI Audit

We are looking for someone with:

  • 4+ years of information technology experience
  • Information Security Certifications such as CISSP/SSCP, GIAC, Security+ or CEH are desirable but not a deal breaker
  • Strong working knowledge of risk &vulnerability assessment methodologies and security architectures/approaches relating to SaaS
  • Experience with JavaScript/TypeScript
  • Experience implementing /managing Splunk and/or Nexpose highly desirable
  • Experience with securing GCP environments highly desirable
  • Bachelor’s degree in Computer Science or Engineering from a four-year college or university;or equivalent training, education, and/or work experience

Who is also the embodiment of our culture code (we hope you are nodding in agreement as you flip through it!):

  • Humble: Have humility and be respectful;no egos allowed.
  • Effective: Get stuff done!
  • Adaptable: Willing to fill any role, anytime. Going above/beyond the call of duty.
  • Transparent: Open and honest to self and others.
  • Founders: Think big, go fast and solve for the customer.

Benefits &Perks:

  • Competitive Compensation Packages
  • 401(k) with Company Matching
  • Medical, Dental, Vision, and Voluntary Life Insurance
  • Paid Parental Leave
  • Flexible Paid Time Off
  • Two Volunteer Days Off
  • Birthday Off
  • Remote Work Flexibility
  • Professional Development Opportunities for Career and Skills Advancement
  • Work from Home Tips
  • Robust Peer Recognition Program
  • Virtual Events: Trivia, Monthly Bingo, Scavenger Hunts, Back to School Day
  • Virtual Wellness Lunch &Learns
  • Giving Back to the Community Initiatives: Created signs for Healthcare Heroes and Easy Tiger Bread Drive
  • Quarterly Virtual Team Building events