CAREERS

As a trusted partner to our client, we are looking for an Information Security Engineer for a full-time role in Portland, OR. This role is with an exciting player in the entertainment business and it is an opportunity to put your mark on the security footprint for the organization.

 

So, what exactly is this Information Security Engineer up to?

• You are the principle Guardian of The Galaxy, safeguarding systems, networks and services.
• However… …security is everyone’s job, and you’ll be IT’s main point of collaboration cross-functionally on all matters of the security type.
• You’ll be responsible for developing new security plans and policies for IT, and again collaborating with others for larger technology security best-practices.
• With the support of the Engineering teams in Technology, you’ll help craft and guide the actual implementation of security practices.
• For all the new and existing security practices you’ll be helping with, hands-on monitoring and maintaining the practice will be essential.

 

But wait, that’s not all! You’ll also be:

• Performing testing of security solutions and impacts of changes in our environments.
• If something goes awry, you’ll be on the front-line for forensic analysis.
• A Subject Matter Expert, and work with more junior resources to help them support the work that you are doing.
• Continuously learning…our world is dynamic and there will always be something new to know.
• Doing anything else that IT management thinks you’d be a help for or be a good opportunity for you.

 

What To Expect From The Job and The Company:

• Your workday will be focused primarily on project work, if that be team projects, or working as a dedicated or embedded resource on another team. When things go “bump” (and they always do) you’ll jump in the mix to help tackle the toughest and most impactful problems when needed. Your activities will generally come from our project management tools or help desk ticketing system, but you may be tapped for Special Assignment by your manager as your expertise is needed.
• This is an organization of sharp techie-types, and they hold one another accountable in working together and across skill sets
• Expect your work to break down something like this: 60% Projects, 30% Administration and Operations, 10% Administrative Overhead. This role will report directly to the VP of IT.

 

Sounds Great? This is what we need from you:

Gotta-haves:

• Direct experience with endpoint protection software, intrusion detection, firewalls and content filtering. Crafting of service policies (WAF) a must.
• Knowledge of and direct experience with risk assessment tools, technologies, and methods. Key measures include experience with SOAR platforms and SIEM tools.
• Experience planning, researching, and developing security policies, standards and procedures. Key measures include experience with IAM, zero trust/least-privileged models, and CORS.
• Professional experience in a system administration role supporting multiple platforms and applications.
• Experience working in a Security Operations Center, including participation in threat hunts and audits.
• Ability to read and use the results of mobile code, malicious code, and endpoint protection software. Key measures include working with APIs, writing SQL/XQL queries, REGEX, and working with encryption and encrypted payloads.

It would be swell if you also had experience in:

• Experience designing secure networks, systems and application architectures.
• Knowledge of disaster recovery, computer forensic tools, technologies and methods.
• Hardware and software solutions from Palo Alto Networks and F5 Networks.
• Endpoint security solutions from Sophos.
• Cloud and SaaS/platform-based security services, such as Cloudflare, and key solutions in Microsoft (Azure, M365) and Amazon Web Services.
• Experience in partnering with vendors and suppliers on security practices as they pertain to both products and internal IT services in an organization.
• PCI compliance auditing and remediation.
• DLP and Data Integrity Monitoring; crafting and implementation of compliance policy.

 

Bonus points if you’ve got any of the following:

• Experience in security relative to serverless and platform-based architectures.
• Professional experience in software development (.NET mainly)
• You have experienced and navigated a major security incident (data breach, malware attack, DDoS). Successful or not.
• Desire to dig-deep into challenges, figure out a plan, and execute that plan.
• Ability to prioritize your time and focus on quality delivery as you make commitments.
• Communication, both written and verbal, that’s clear and speaks to the target audience. There may be opportunity to do trainings for technical and non-technical audiences, and you’ll have a chance to showcase your work on a regular basis to the entire organization.
• Ability and desire to create and update documentation as the need arises.
• Agile Scrum and/or Kanban-based project management frameworks and toolsets experience will go a long way.
• Be an independent as well as a team player as needed; be able to “cross the aisle” and work with other technical and non-technical professionals with an eye for solutions.
• College degree is nice, but not required. Experience is what’s really going to stand out.
• Industry-recognized certifications (CISSP, CEH, Security+, CISA, CISM) will go a long way.

 

A little more info:

• At this point this organization’s IT is 100% remote, and as local conditions evolve, we can explore long-term workplace options (full remote, flex, full-time onsite at the office in Portland, OR).
• Travel to offsite locations and transport of hardware may be required.
• This is a 24x7x365 operation, so you’ll be providing on-call coverage on a rotating basis.
• Schedule will generally be business hours/business days but is subject to change with short notice.
• Work on holidays and weekends on occasion required.

Converge Technology Solutions offers equal opportunity to employees and applicants regardless of race, color, creed, sex, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation or any other consideration made unlawful by federal, state, or local laws. Converge Technology Solutions does not accept unsolicited resumes from third-party vendors associated with fees.