Security Engineer (Cloud/SaaS) Courion

Reporting to the Chief Security Officer, the Security Engineer is an integral part of the Courion team, helping to ensure the security of Courions SaaS IAM solution, CourionLive. The individual will develop security risk assessments to identify the impact of vulnerabilities to the SaaS environment; deploy and operate monitoring technology to identify risks, recommend mitigating controls and assist in the implement of those controls.

We are seeking an intelligent, highly motivated, experienced security engineer who understands and enjoys cutting edge security technology and has a passion for troubleshooting, learning, and sharing knowledge. This engineer will work in a team-oriented, fast-paced, flexible environment with a wide array of responsibilities across the organization. The person is expected to be a team player with good problem solving, organizational and verbal and written communication skills.
Responsibilities:

Developing and implementing strategies for threat analysis and vulnerability assessments
Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
Evaluating and recommending procedures to mitigate risks as revealed by the incident response lifecycle
Monitoring IDS, Firewall, and log correlation tools for potential threats
Performing log analysis and participating in the incident response lifecycle
Helping to audit, prevent, respond, or remediate security incidents
Supporting compliance requirements for security purposes
Evaluating and documenting security events
Evaluating and proposing the implementation of best security practices
Work with Operations team to manage vulnerability and penetration testing process to ensure proper security for organization
Assist in the definition and implementation network security policies and procedures
Interact with clients to understand specific threat context and deliver intelligence information based on focused threat research
Work with vendors to establish and implement latest security technologies to the infrastructure
Generate scripts/applications to automate common tasks
Ability to draft security policies and present policies to corporation
Mentoring/training more junior staff on latest technologies and efficiencies with current technologies
Apply innovation to improve service efficiency and service value
Initiate escalation procedure to counteract potential threats/vulnerabilities

Required Skills/Qualifications:

Bachelor's degree with at least 5 years hands-on experience in IT security and risk management
Demonstrated high-level of proficiency in requirements gathering and analysis
General experience with security audits, compliance, prevention, and procedures related to the following technologies:
Software as a Service (SaaS) / Cloud computing
Relational databases and database security
Cryptography
Network or host based IDS and IPS
Penetration testing
Windows 2003/2008 Server technologies
TCP/IP and other networking principles
High level scripting and programming skills
Security Incident Event Log applications
Excellent presentation and communication skills regarding technical concepts
Strong analytical and problem-solving skills
Understanding of disaster recovery and business continuity planning
Ability to work on multiple projects/tasks at once and operate in a dynamic, fast-paced, team-oriented environment and possess organization skills to balance and prioritize work

Strongly Desired Skills:

Familiarity with ITIL, ISO 27001/27002, COBIT, NIST
CISSP certification or ability to obtain one
Understanding of compliance regulations for data management and privacy such as Sarbanes-Oxley, USA Patriot Act, Gramm-Leach-Bliley Act, MA 201, PCI and HIPAA
Understanding of disaster recovery and business continuity planning
General experience with security audits, compliance, prevention, and procedures related to:
Identity and Access management
Operating system and application virtualization

Location:	1881 Worcester Road Framingham, MA 01701 United States