Guild is a company that believes talent is everywhere and that opportunity should be too. They are seeking a Senior Information Security Engineer to focus on ensuring the protection of Guild’s various cloud resources and environments while maintaining compliance and supporting business objectives.
Responsibilities:
- Identify security issues and risks with Guild’s systems and environments. Develop and execute remediation/mitigation plans that provide long term risk reduction
- Develop and tune security policy within various security tools and platforms (SIEM, CNAPP, EDR, Email Gateway, Vulnerability Management, etc…)
- Maintain SOC-2 compliance and assist with audit/client related requests
- Review and upgrade internal policies and security controls where applicable to Guild’s managed infrastructure
- Leverage CNAPP suite to protect cloud accounts
- Maintain a suite of application security tools that include SAST/DAST/SCAAssist with incident response and investigation activities
- Fulfill regular on-call responsibilities as part of a team rotation
Requirements:
- Thorough understanding of Integrated Development Environment (IDE) and Continuous integration / Continuous Delivery (CI/CD) Pipeline tools and processes
- Expertise with security best practices in hardening and protecting cloud environments, including common frameworks such as CIS Controls, AWS Well-Architected Framework, etc
- Strong understanding of software development methodologies and secure coding practices
- Experience with reviewing source code written in JavaScript, Python, etc
- Expert Python skills
- Expert level knowledge of security concepts and technologies - web application architecture, APIs, Networking, Linux, DevSecOps, etc
- Excellent problem-solving and analytical skills. Strong communication skills, both written and verbal, for collaborating with technical and non-technical teams
- Ability to work independently, prioritize tasks, and manage multiple security projects simultaneously
- An understanding of containers and container orchestration technologies
- Familiarity with common Information Security frameworks and standards (i.e. CIS, NIST, MITRE, ITIL, ISO 270001, etc.)
- AWS Certifications
- Experience with securing AI/ML systems