Job Description
The Senior Security Engineer is responsible for identifying and mitigating security risks within the corporate network, performing security audits and tests, managing security solutions, and ensuring compliance with industry standards to protect the company's infrastructure and applications.
Key Responsibilities
- Identify, monitor, and maintain the company's security posture in collaboration with Engineering.
- Perform security audits, penetration tests, and physical security reviews.
- Select, deploy, and manage security solutions and enhancements.
- Develop and maintain threat models for cloud environments and train engineering teams on attacker risk-driven design.
- Provide expertise on secure SDLC practices, including design, development, testing, and runtime security.
- Partner with infrastructure and application teams to minimize security and privacy risks.
- Maintain and update the Incident Response Program and security policies.
- Recommend security practices and actions to ensure compliance with regulatory requirements.
- Respond to client and partner security questionnaires.
Requirements
- The Senior Security Engineer must have a B.A. or B.S. or higher level degree in Computer Science or a similar engineering program with strong academic performance.
- The candidate must have at least 8 years of information security experience.
- The candidate must possess one or more of the following information security certifications: CISSP, CISA, CEH, OSCP, or other relevant security certifications.
- The candidate must have experience performing security reviews of application designs, source code, and deployments.
- The candidate must have knowledge of and stay up to date on the latest security advisories, alerts, and vulnerabilities.
- The candidate must have strong verbal and written communication skills suitable for a highly collaborative environment.
- The candidate must demonstrate rigorous attention to detail and a focus on the quality of deliverables.
- The candidate must be familiar with AWS services such as EC2, ECS, WAF, VPC configuration, and IAM rules.
- The candidate must have familiarity with infrastructure as code tools such as Terraform or CloudFormation.
- The candidate must be comfortable with Python programming and able to read Java when necessary.
- The candidate must have the ability to perform security audits, including application and infrastructure penetration tests, physical security reviews, and social engineering tests.
- The candidate must be able to develop and maintain threat models for cloud environments and train engineering teams in attacker risk-driven design skills.
- The candidate must have experience developing and maintaining security policies, procedures, and security documents, and keep them updated according to industry compliance requirements.
- The candidate must have the ability to determine, monitor, and maintain the organization’s security posture in collaboration with Engineering.
- The candidate must be capable of performing security assessments such as vulnerability scanning, intrusion detection, SIEM analysis, database monitoring, and file integrity monitoring.
- The candidate must have experience overseeing and managing the deployment, integration, and configuration of security solutions and enhancements.
- The candidate must have experience developing and maintaining threat models for cloud environments.
- The candidate must have experience providing deep expertise to engineering teams on SDLC practices including secure design, secure development, secure testing, and security runtime for software and firmware development.
- The candidate must have the ability to actively partner with infrastructure, application, and other stakeholders to ensure deployed solutions minimize security and privacy risks.
- The candidate must have the ability to maintain an incident response program.
- The candidate must be able to recommend actions and practices to management to ensure compliance with security and regulatory requirements.
- The candidate must be able to suggest actions to mitigate risks impacting the security of existing IT and information management activities.
- The candidate must have the ability to craft responses to client and partner security questionnaires.
Benefits & Perks
Competitive pay
Subsidized medical plan options
HSA with generous company contribution
401(k) with employer match
Paid holidays
Paid wellness time
Paid vacation increasing with tenure
Paid maternity and bonding leave
Company-paid disability insurance
Company-paid life insurance
FSA benefits
Well-being resources and activities
Casual dress work environment
Ready to Apply?
Join Alarm.com and make an impact in renewable energy
Stay Updated on Sustainability Jobs
Get the latest renewable energy jobs and career tips delivered to your inbox.
Job Alerts
Get notified about new sustainability jobs
More jobs at Alarm.com
Staff Device Engineer
Alarm.com
NEW
Boston
Full Time
2d
$165k-185k
Senior Software Engineering Manager
Alarm.com
Boston
Full Time
5d
$190k-210k
Senior Director, Device Engineering
Alarm.com
Tysons
Full Time
5d