ReverseVission a division of Perseus (an operating group of Constellation Software Inc.) provides reverse mortgage software solutions. The Company offers RV exchange, sales accelerator, database, document composing, live and online source, and other mortgage software solutions. ReverseVision serves the banks and credit unions, brokers and lenders, and borrowers worldwide.
The IT Security Engineer is responsible for proactively maintaining ReverseVision information security systems, processes, and procedures to protect and preserve the confidentiality, integrity, and availability of all data and systems. This position will also drive company-wide support for security programs through the operationalization and documentation of all security-related tasks, working very closely with development & operations teams, product owners, and other groups.
Essential Duties And Responsibilities
- Reviews current corporate policies and helps redefine policies and procedures
- Stays current on IT security trends and news
- Manages security monitoring and threat detection systems for cloud environments
- Proactively updates and maintains tools for monitoring and support
- Supports cloud compliance/certification activities and participates in security audits/reviews.
- Provides consulting and influences other teams to mature cloud/DevOps security.
- Serves as a security expert and provides technical leadership to other staff members.
- Conducts security reviews of web applications, services, integrations, and APIs
- Pinpoints methods and attack surfaces attackers use to exploit weaknesses and logic flaws
- Conducts Cloud & Network infrastructure reviews, Systems infrastructure, Application configurations, and Software Code reviews.
- Reviews, maintains and enhances current scanning and testing tools
- Verifies security vulnerabilities identified by automated tools
- Performs manual testing to supplement results of automated scanning and testing tools
- Documents identified security vulnerabilities and related matters in a clear, concise and timely manner
- Meet with the operations and application teams to review and explain identified security vulnerabilities and possible remediation
- Resolves issues and provides statuses that which may impact testing
- Applies fixes and remediation for detected vulnerabilities to maintain a high-security standard
- Organizes/facilitates retest of infrastructure, system, and application updates or deployed remediation logic to verify resolution of security vulnerabilities
- Maintains electronic or trail of testing activity for audit purposes
- Maintains confidentiality of authentication credentials, sensitive application information, and test results before, during, and after completing testing and/or retesting
- Investigates potential security breaches and other cybersecurity incidents
- Works with DevOps and QA Teams to perform tests and uncover potential network/systems/application vulnerabilities
- Strong understanding of security controls/services in public cloud environments (Azure)
- Experience on a Security Operations or DevSecOps team, or experience responding to security incidents autonomously utilizing excellent coding skills.
- Strong understanding of cloud container and Kubernetes networking and network security.
- Proficiency in programming and scripting languages such as Powershell Scripting, BASH, REST APIs, JSON, and XML
- Experience with other security solutions, such as Azure Defender ASE, firewalls, DLP, NAC, IDS/IPS, and vulnerability assessment tools
- Experience implementing SIEM, FIM & DLP solutions in Azure
- Experience in implementing policies for regulatory compliance as well as workflows and reports in Azure Defender
- Experience with security frameworks and standards, including MITRE Telecommunication&CK, OWASP and NIST
- Experience with penetration testing (internal & external) using cloud based tools
- Experience patching systems on a schedule (Linux & Windows)
- Understanding the best practices, control frameworks, and applicable existing and new legal/regulatory requirements (e.g., SEC Regulation S-P, Client cybersecurity recommendations, data privacy and breach notification laws, ISO 27001, NIST CSF and SP 800-53, CIS, CSA CCM, and PCI DSS)
- Experience with SOC1 and SOC2 certification and compliance
- Ability to work within an Agile/Scrum framework and to manage work in Jira.
- Preferred certifications include Azure Certified Security AZ-204/AZ-500
- Ability to implement, administer, and troubleshoot servers (Linux & Windows), network infrastructure devices, firewalls, routers, access control policies, authentication systems, intrusion detection systems, anti-virus software, log management, and content filtering
- Strong understanding of web application security assessment techniques.
- Knowledge of static and dynamic security analysis tools.
- Knowledge of the Security Development Lifecycle (SDLC).
Exciting Benefits We Offer
- Market-leading Salary
- Medical Coverage Self & Dependents
- Parents Medical Coverage
- Provident Fund
- Employee Performance-based bonuses
- Home Internet Subsidy
- Conveyance Allowance
- Profit Sharing Plan [Tenured Employees Only]
- Life Benefit
- Child Care Facility
- Company Provided Lunch/Dinner
- Professional Development Budget
- Recreational area for in-house games
- Sporadic On-shore training opportunities
- Friendly work environment
- Leave Encashment