Key skills
PythonShellAWSGoogle CloudTerraformKubernetesDockerGKEIdentity ManagementRisk ManagementCommunicationPenetration TestingCloud Security
About this role
Bestow is a leading vertical technology platform in the life insurance industry, focused on modernizing and streamlining the insurance process. The Security Operations Engineer II will support the company's information security and privacy risk governance program by executing operational tasks to safeguard customer and company data.
Responsibilities:
- Collaborates with the CSO Team to support the development, maintenance, and implementation of security standards
- Partner with IT to support the secure implementation of access controls and identity management
- Participate in and contribute to initiatives for operating system, Docker images, Kubernetes/GKE and configuration hardening in the public cloud
- Support the execution of vulnerability and patch management programs, including tracking remediation efforts
- Work with engineering teams to communicate remediation steps required for vulnerabilities identified through scans or penetration tests
- Support IT, Legal, Finance, Insurance Operations, External Examiners, and business areas during compliance exams
- Assist with the day-to-day operations of security scanning and web penetration testing tools
- Support the implementation of security monitoring measures to secure the production environment
- Contribute to regular metrics and reporting on the state of the environment
- Identify and surface opportunities to improve security tooling, processes, and best practices
Requirements:
- 3+ years of Information Security Experience
- Working experience with the Google Cloud Platform or AWS
- Hands-on experience with automation and scripting such as Terraform and shell/Python scripts
- Experience supporting or participating in penetration testing of web applications, network devices, and cloud configurations
- A self-starter, comfortable working with cloud infrastructure, software development, and information security risk issues
- Foundational knowledge of information technology and/or software development risk management frameworks and compliance practices
- Familiarity with the NIST CyberSecurity Framework and control testing
- Ability to apply security policies, standards, and guidelines based on best practices and industry frameworks
- Strong interpersonal and communication skills, with the ability to clearly document and convey security findings
- You are passionate about learning and supporting a culture of security awareness and compliance across the organization
- Exposure to audits and some experience with SOC2, HiTrust, or similar audits and certifications is a plus
- Industry security certifications (i.e. CCSP, CCSK, CCSE for cloud security) are a plus