Information Security Engineer

Profile

Leaf Group is looking for an Information Security Engineer to join our team in Santa Monica, CA.

A big vision calls for a big job.  As we grow, our need for an Information Security Engineer grows with us.

Leaf Group is a diversified Internet company that builds platforms to enable communities of creators to reach passionate audiences in large and growing lifestyle categories.  We create amazing experiences that celebrate the best of art, design and technology.  We want people with an intense curiosity, a commitment to high quality service, who embrace the fun of the journey. Come help us disrupt and transform the digital media and art world!

We work in a fun, collaborative environment that is diverse, adventurous, and open-minded. We encourage all of our employees to learn and grow personally and professionally so they can assume greater responsibilities and advance their careers within the department or within one of our operating businesses. Check us out here: https://www.leafgroup.com/brands/

You’ll Report To: Sr. Manager, Program & Risk Assurance

A typical day as a Information Security Engineer might include:

Install, manage and troubleshoot technical security controls such as Firewalls, Intrusion Detection Systems, Security Information Event Monitoring systems, Vulnerability scanners, Malware solutions, Anti-Virus, Authentication systems, Virtual Private Networks, File Integrity Monitors, and/or other network security devices.

Preferred experience with cloud computing infrastructure such as AWS and Google Compute.

Preferred experience with Docker, Kubernetes, or similar production containerized environments.

Ability to present and report findings and security concepts to management and peers.  

Research, evaluate, test, recommend, communicate and implements new security software or devices. Present written findings and recommendations as necessary.

Maintain on call duties / schedule as required for Investigation and Incident Response.

Perform continual vulnerability, threat and risk assessments on all application environments using both automated analysis tools and manual procedures.

Continually research new threat vectors, vulnerabilities, exploits, etc., determine how they apply to Leaf Group, design and document proposed risk treatment controls.

Make all reasonable efforts to safeguard the network against unauthorized infiltration, modification, destruction, or disclosure.

Analyze risk of existing network and system architectures and their security policies, document risks and propose risk treatment plans.

Evaluate operating practices and component level diagrams to determine if controls and security measures are adequate.

Participate in enhancing the Information Security Program by developing new and / or proposing updates to technical control standards supporting the various Leaf Group platforms and environments.

Assist software engineers with implementing best secure code development practices, vulnerability testing in development and testing as well as in production.

Provide technical security support to the Network Engineering, Systems Engineering, Network Operations Center and Corporate IT teams.

Independently lead projects, coordinate efforts with all team members, ensure proper communication to management as well as the overall success of the project through to completion.

Foster and maintain amicable relationships with security vendors and partnerships.

You’ll be successful if you can demonstrate strong analytical thinking and problem solving skills, enjoy being a team player, and possess a strong desire to learn and grow within the organization.

What You Have:

Applicable BS/BA degree (or equivalent work experience)

Minimum of 3/4 years of related work experience implementing network infrastructure and at least 3 years focused on operational security

Expert-level knowledge and experience managing network and security devices such as; firewalls, IDS / IPS, SIEM's, AV, Malware devices, VPN's, vulnerability scanning tools, etc.

Extensive investigation and incident response experience analyzing networking technology including TCP/IP, Routers, Switching, VLANs, LANs, WANs and Wireless systems, Windows and Linux servers.

Familiarity with network architectures and technologies, Windows Active Directory, Windows-Linux server, desktop operating systems, database and application architecture, etc.

Expertise in Linux a plus.

Must have IT Security auditing experience throughout work history conducting device configuration and security policy reviews, penetration testing, vulnerability assessments including web application vulnerabilities, network architecture assessments, system security assessments, general security posture and risk assessments, etc.

Experience with scripting language(s) (e.g. Python, Bash or PowerShell.

Must have experience with SOX and PCI compliance control frameworks

ISO 27001, COBIT, Safe Harbor, Privacy and Breach and Disclosure law favorable

Project management skills including requirements analysis, project scoping, problem solving, status reporting, technical analysis, and meeting tight deadlines.

Desired Qualifications

CISSP, CISA, or other industry certifications

Professional memberships with ISC2, ISACA, ISSA, IRCA

What We Have:

Winner of the 2017 Best Company for Diversity award Comparably

Winner of the 2017 Best Company Los Angeles award Comparably

Cool office environment and culture (if we do say so ourselves at our ice cream socials, Thirsty Thursdays, Free Lunch Fridays, and all of the other fun activities we gather for)

Discounted gym memberships

Paid-to-play vacation rewards

Discretionary unlimited vacation time

Employee discounts for Saatchi Art, Society6, and Deny Designs

401K

Medical, Dental, Vision

Flexible Spending Accounts

Agency Disclosure:

If the Leaf Group Talent Acquisition department, or any current company employee, receives an unsolicited resume from a third party recruiting agency and Leaf Group does not have a signed Agency Agreement active, Leaf Group will not be deemed liable to pay a placement fee. The unsolicited resume will be considered a gift and can be considered for our recruitment efforts.

Company info

Demand Media, Inc.
Website : http://www.demandmedia.com