The Division :
ReverseVission a division of Perseus (an operating group of Constellation Software Inc.) provides reverse mortgage software solutions.
The Company offers RV exchange, sales accelerator, database, document composing, live and online source, and other mortgage software solutions.
ReverseVision serves the banks and credit unions, brokers and lenders, and borrowers worldwide.
The position :
The IT Security Engineer is responsible for proactively maintaining ReverseVision information security systems, processes, and procedures to protect and preserve the confidentiality, integrity, and availability of all data and systems.
This position will also drive company-wide support for security programs through the operationalization and documentation of all security-related tasks, working very closely with development & operations teams, product owners, and other groups .
Required Qualifications & Skills :
Strong understanding of security controls / services in public cloud environments (AWS / Azure)
Experience on a Security Operations or DevSecOps team, or experience responding to security incidents
Experience with other security solutions, such as EDR, SASE, firewalls, DLP, NAC, IDS / IPS, and vulnerability assessment tools
Knowledge of security frameworks and standards, including MITRE Att&CK, OWASP, and NIST
Understanding the best practices, control frameworks, and applicable existing and new legal / regulatory requirements (e.
g., SEC Regulation S-P, FINRA cybersecurity recommendations, data privacy and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, and PCI DSS)
Experience with SOC1 and SOC2 certification and compliance
Ability to work within an Agile / Scrum framework and to manage work in Jira.
Preferred certifications include AWS Certified Security Specialty, OSCP, CEH, Sec+, CISSP, CISM, CSSLP, and / or CISA
Strong understanding of web application security assessment techniques.
Knowledge of static and dynamic security analysis tools.
Knowledge of the Security Development Lifecycle (SDLC).
The following duties include, but are not limited to :
Reviews current corporate policies and helps redefine policies and procedures
Stays current on IT security trends and news
Manages security monitoring and threat detection systems for cloud environments
Proactively updates and maintains tools for monitoring and support
Supports cloud compliance / certification activities and participates in security audits / reviews.
Provides consulting and influences other teams to mature cloud / DevOps security.
Serves as a security expert and provides technical leadership to other staff members.
Conducts security reviews of web applications, services, integrations, and APIs
Pinpoints methods and attack surfaces attackers use to exploit weaknesses and logic flaws
Conducts Cloud & Network infrastructure reviews, Systems infrastructure, Application configurations, and Software Code reviews.
Reviews, maintains and enhances current scanning and testing tools
Verifies security vulnerabilities identified by automated tools
Performs manual testing to supplement results of automated scanning and testing tools
Documents identified security vulnerabilities and related matters in a clear, concise and timely manner
Meet with the operations and application teams to review and explain identified security vulnerabilities and possible remediation
Resolves issues and provides statuses that which may impact testing
Applies fixes and remediation for detected vulnerabilities to maintain a high-security standard
Organizes / facilitates retest of infrastructure, system, and application updates or deployed remediation logic to verify resolution of security vulnerabilities
Maintains electronic or trail of testing activity for audit purposes
Maintains confidentiality of authentication credentials, sensitive application information, and test results before, during, and after completing testing and / or retesting
Investigates potential security breaches and other cybersecurity incidents
Works with DevOps and QA Teams to perform tests and uncover potential network / systems / application vulnerabilities
Nice to Have;
Autonomously utilizing excellent coding skills.
Strong understanding of cloud container and Kubernetes networking and network security.
Ability to implement, administer, and troubleshoot servers, network infrastructure devices, firewalls, routers, access control policies, authentication systems, intrusion detection systems, anti-virus software, log management, and content filtering
Exciting Benefits we offer :
Medical Coverage Self & Dependents
Parents Medical Coverage
Employee Performance-based bonuses
Home Internet Subsidy
Profit Sharing Plan Tenured Employees Only
Child Care Facility
Company Provided Lunch / Dinner
Professional Development Budget
Recreational area for in-house games
Sporadic On-shore training opportunities
Friendly work environment