Responsys Careers



Sr. Information Security Engineer

As our Senior Information Security Engineer, you will hold an influential position building and managing our next generation Security Operations Center (SOC) environment, reporting directly to CISO. You will help us ensure that our SaaS as well as corporate IT systems, networks, database and application infrastructure are designed, implemented, and operated in accordance with application security standards and practices, including ISO 27002.

In this position, you will be responsible for assuring that our SOC infrastructure is designed, implemented, and operated in highly effective manner. This will include designing and building our monitoring environment, ensuring effective management and monitoring of security alerts and logs, and leading security incident response among other things. You will also conduct vulnerability assessment, penetration testing, and audit of software, architecture and vendors.

In this role, you will work with network, systems, database, and application engineers in designing and implementing information security infrastructure components.


Requirements:

Bachelor’s degree with 7+ years of experience including 3 or more years of hands-on experience in designing, implementing and administering security infrastructure in a SaaS/ASP/OnDemand Data Center environment. Specific requirements include:

  • Experience in network and systems security, not only a key understanding of overall concepts, but also the ability to implement policies, processes and develop solutions to information security by working closely with technology owners.
  • Experience administering and deploying network firewalls, such as Cisco PIX, Cisco ACLs, and Cisco FWSM. Juniper/Netscreen experience is a big plus.
  • Experience in secure deployment of network load balancers, such as Cisco CSS and F5 BigIP.
  • In-depth knowledge of hardening OS (Linux, Solaris, Windows), Web Servers (Apache/Tomcat), Databases (Oracle, MySQL) using NIST and OWASP standards
  • Strong scripting experience
  • Experience in implementing and administering enterprise security logging systems (RSA enVision, ArcSight, Splunk, etc.)
  • Understanding of Public Key Infrastructure and encryption.
  • Exposure to some of the following tools: Snort, Nessus, nmap, ntop, snoop, tcpdump, and other Open Source security tools.
  • Familiarity with ISO27002, COBIT, or ITIL
  • Familiarity with managing various compliance programs (SOX, PCI, HIPAA)
  • Certified Information System Security Professional (CISSP) certification, CISM, CISA, CIFI and other vendor specific (Cisco, Oracle, etc) security-related certifications a plus.


Contact:
Gregg Hansen
Sr. Recruiter