Senior Security Engineer

📋 Description

• • Join Cision, a global leader in PR, marketing, and social media management technology and intelligence, as a Senior Security Engineer. In this pivotal role, you will be instrumental in safeguarding our innovative products within the dynamic Public Relations software space. You will collaborate closely with a diverse range of stakeholders, including Engineering, DevOps, Product, and IT Operations teams, ensuring that security is embedded into every facet of our operations.
• • If you are a security professional who thrives in a highly collaborative, fast-paced environment and possesses a genuine passion for building robust, secure systems across a wide array of platforms, then Cision is the place for you. We are looking for individuals who approach challenges with a proactive mindset and are dedicated to maintaining the highest standards of security.
• • Your primary responsibility will be to deliver strategic and tactical security guidance for both IT and broader Engineering initiatives. This involves not just identifying risks but also architecting and implementing comprehensive security controls that align with industry-leading frameworks such as NIST, SOC2, ISO27001, FedRAMP, and TISAX. Your expertise will be crucial in ensuring our compliance and security posture meets and exceeds global standards.
• • A key aspect of this role involves a proactive approach to security testing. You will have the opportunity to apply your passion for 'breaking' and subsequently 'fixing' vulnerable web applications. This hands-on experience with exploiting various known vulnerabilities (published CVEs) and utilizing tools like Qualys or Tenable will be vital in identifying and remediating potential weaknesses before they can be exploited by malicious actors.
• • You will be responsible for ensuring that all security, availability, confidentiality, and privacy policies and controls are rigorously adhered to across the organization. This includes staying abreast of the latest threats and vulnerabilities and implementing appropriate countermeasures.
• • Deep technical understanding is essential. You will be expected to demonstrate proficiency in techniques such as dumping and cracking hashes, and performing pass-the-hash attacks. This level of expertise allows for a thorough assessment of authentication and authorization mechanisms.
• • Furthermore, strong communication skills are paramount. You must possess an approachable personality and the ability to clearly articulate complex information security risks and best practices to a diverse audience, including technical and non-technical stakeholders. Educating and influencing others on security matters will be a significant part of your role.
• • You will play a key role in designing and implementing robust public cloud security architectures within environments like AWS, Azure, and/or GCP. This requires a deep understanding of cloud-native security services and best practices.
• • A thorough understanding of Active Directory security is essential, including managing user access, group policies, and mitigating common AD-based threats.
• • You will also need a comprehensive grasp of the Software Development Lifecycle (SDLC) and how to integrate security considerations at each stage, from design and development to testing and deployment.
• • Comfort and proficiency in writing automation scripts using tools such as Terraform, PowerShell, Python, Perl, or Bash are expected. Experience with configuration management tools like Ansible, Chef, and/or Puppet will also be highly valuable for streamlining security operations.
• • You should be comfortable understanding and advising on security implementations for both Windows and Linux operating systems, ensuring their hardening and secure configuration.
• • A deep understanding of .NET software architecture is required, enabling you to effectively assess and secure applications built on this platform.
• • A thorough understanding of fundamental security concepts and technologies is critical. This includes, but is not limited to, Web Application Firewalls (WAF), traditional Firewalls, TLS/SSL protocols, Public Key Infrastructure (PKI), RSA encryption, and general encryption and hashing techniques.
• • While not strictly required, experience in software development itself will be considered a significant bonus, providing a valuable perspective on application security from a developer's viewpoint.
• • At Cision, we believe in empowering every individual to make an impact. Your voice will be heard, your ideas valued, and your unique perspective will fuel our collective success. As part of our global team, you will thrive in an environment that champions curiosity, collaboration, and innovation, all while making meaningful contributions to the brands we accelerate.
• • Join us in shaping the future of communication and building authentic connections that matter. Whether you're solving complex problems or driving bold innovations, your growth is our success, and together, we’ll create the conversations of tomorrow. Empower your impact at Cision. Be seen, be understood, be you.