Who: Tune
Position: Lead Security Engineer
Where: Seattle
What: We are looking for a seasoned Lead Security Engineer to help guide and implement Information Security best practices. This role is responsible for ensuring our internal and external security controls, approach and implementations are world-class while balancing the need for rapid innovation at a Global Scale.
Responsibilities:
Providing guidance over the general activities and concerns of the organization’s security function including: governance, policy, control design, general operational effectiveness and internal controls.
Implements initiatives from the Information Security Strategy.
Expand security logging, monitoring, and alerting systems, and maintain security records in support of auditing requirements.
Work closely with our Chief Privacy Officer and the legal team to ensure that we are meeting our contractual and regulatory obligations involving data security.
Evangelize security awareness, “security first” thinking and secure coding practices through training and coaching of IT staff, software developers, and end users.
Identifying and evaluating business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
Provide input into security investment decisions and strategies.
Performing technical audits & risk assessments around:
Disaster Recovery
Infrastructure
Emerging technologies
Secure systems development
Vendor security
IT regulatory compliance
Requirements:
5+ years experience in Information Security.
BA or BS Management Information Systems, Computer Science, or Engineering.
Expertise in all aspects of security disciplines: information security, industrial security, cyber-risk and vulnerability assessments, threat analysis, incident response, threat modeling, security intelligence, business continuity, disaster recovery, forensic investigations, and a successful track record mitigating risks and security threats with solutions that are cost effective, compliant, flexible, and as transparent as possible.
Demonstrated ability to perform penetration & vulnerability scans, interpret results and drive appropriate remediation steps.
Systems and security engineering experience, including requirements analysis and system architecture design.
Experience with applying security engineering throughout the system engineering lifecycle, including security architecture, software security, intrusion detection, and defensive countermeasures.
Obtained or demonstrates an active pursuit of one or more of the following certifications:
Information Systems Security Professional (CISSP).
Certified Information Security Manager (CISM).
Certified Information Systems Auditor (CISA).
Certified Risk Information System Control (CRISC) certifications, or other related certifications.
Demonstrates proven success in a technical role that emphasizes the following: IT Risk Management, Information Security and/or Technical Privacy.
Demonstrates an understanding of comprehensive security programs, including technologies and tools, architectures and network and application design, and policies / business aspects of risk.
Demonstrates expertise with performing IT Risk & Security assessments, developing information security strategies, and recommending security solutions to assist businesses with the assessment and improvement of their security infrastructure.
Demonstrates expertise with assessing and recommending enterprise security solutions in adherence with industry and regulatory security standards.
Demonstrate a strong understanding of the IT security landscape, including emerging risks and security solutions.
Demonstrates an ability to work in a collaborative environment and influence others.
Able to construct and assess high-level and detailed security programs translating business needs and regulatory requirements into cost effective and risk appropriate controls.
Able to assess information security programs including organizational design and key process/procedures.
Analysis, development and implementation of security policies, standards and guidelines.
Demonstrates extensive knowledge of information security standards: ISO, NIST, etc.