Key skills
Information SecuritySecurity ArchitectureVulnerability ManagementAWS ServicesISO 27001NIST StandardsRisk ManagementCISSPCISACISMCCSPTechnical Security DesignCryptographySoft SkillsAWSSalesNetwork Security
About this role
Coursera is one of the largest online learning platforms in the world, with a mission to provide universal access to world-class learning. As a Senior Security Engineer, you will design, build, and scale systems and processes to protect the company's and users' data while collaborating with cross-functional teams to embed security principles into the infrastructure.
Responsibilities:
- Implement and manage the Information Security Program including security incident response, vulnerability management, data protection, and risk management
- Plan and execute vulnerability assessments of our products and services associated with cloud infrastructure
- Lead Cybersecurity Incident Response Team (CIRT): triage, respond to and investigate security incidents affecting platform and services
- Working with Sales, lead the response to customer questionnaires dealing with our security and data protection policies. Review Information Security and privacy related requirements in contracts and provide input to Legal Team
- Lead regulatory readiness assessments and development of appropriate compliance strategies (SOX, SOC2, FERPA, ISO27001, NIST, etc.)
- Documenting and maintaining security policies, standards, guidelines, processes and procedures, and other related documents, as requested, and representing the Security Team during internal and external audits
- Perform technical security assessments, architecture and design reviews of Coursera’s products, applications, services and cloud infrastructure
- Provide security expertise and guidance to all Coursera engineering and business teams
- Develop technical solutions to help mitigate security vulnerabilities
- Establishing and coordinating remediation and mitigation for identified security risks
- Ensuring technical security controls are in place, maintained and audited on a periodic basis
Requirements:
- 10+ years' of working experience in an Information Security and Compliance role
- Have solid knowledge of ISO 27001, NIST and other information security standards and have practical experience implementing these standards
- Solid foundation and good technical knowledge of security engineering, computer and network security, authentication, security protocols and cryptography
- 5+ years experience in security architecture and technical security designs for cloud systems infrastructure and corporate networks and systems
- 5+ years of AWS foundation services related to computing, networking, storage, content delivery, administration and security, deployment and management, instrumentation and automation technologies
- 5+ years of vulnerability assessments and risk management experience
- Certifications such as: CISSP, CISA, CISM, CCSP, AWS Architect or Certified Security is a plus