Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
About the Position
Our Enterprise Security team is hyper-focused on supporting implementation and administration of information security policies, practices, procedures, and technologies in order to ensure the protection of networks, systems, applications, and data. The Security Operations Engineer will be work to identify and safeguard our organization from intrusion, security threats, security weaknesses, software bugs, and exploits. In addition, this role will also be involved in the day-to-day security operations which may include responding to real-time security events and recommending corrective actions. The Security Operations Engineer also has the opportunity to create new tooling and automation to support other operational efforts.
Traveling to an off-site event may be happen on an annual basis but this can be a fully remote position anywhere in the U.S.
Roles and Responsibilities
- Perform security log aggregations of systems such as, and not limited to: IPS/IDS alerts, Malware alerts, Change Detection, security system health alerts, exploit attempt alerts, etc
- Engage with Contrast’s product security team to seek out and remediate internal vulnerabilities
- Support audit, compliance, and regulatory functions, including and not limited to: Data Security Standard (DSS), Sarbanes-Oxley (SOX), emerging state and Federal privacy laws, and general security auditing
- Participate in the organization’s incident response team and its initiatives
- Process emerging threats, such as evaluating externally found CVEs and risks
- Provide tier-3 support for reported incidents and escalation of security findings review
- Ability to perform vulnerability and penetration testing assessments
- Support and drive the security evaluation of third party software and tools
- 3+ years of experience in industry security operations centers or equivalent experience
- Basic understanding of development - Java or .NET is a plus
- Excellent scripting skills (Python, Perl, etc)
- Understanding of the OWASP Top 10 and SANS/CWE Top 25
- Experience with ethical hacking and vulnerability management reporting
- Knowledge of cloud hosting environments (AWS, Azure, GCP, OCI, etc)
- A clear understanding of a variety of network and application attacks
- Knowledge of TCP/IP: must be able to demonstrate technical understanding of all layers of the TCP/IP stack, including familiarity with major application-layer protocols such as HTTP, HTTPS, FTP, SFTP, FTPS, SMTP, DNS, etc.; must be able to read and understand a packet trace; must be able to read and interpret network access control lists
- Strong communication skills
- You ask questions, let others know when you need help, and tell others what you need
- Experience with threat modeling and attack forensics
- Background in Computer Science, Information Security, related field, or equivalent experience
What We Offer
- Competitive Compensation
- Medical, dental, and vision benefits
- 401(k) plan
- Flexible paid time off
We are changing the world of software security. Do it with us.
We believe in what we do and are passionate about helping our customers secure their business.
If you’re looking for a challenge and want to enjoy where you work, you’ll love Contrast Security.
Contrast Security is committed to a diverse and inclusive workplace. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations.
By submitting your application, you are providing Personal Information about yourself (cover letter, resume, email address, etc.) and hereby give your consent for Contrast Security, Inc. and/or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. If you are a resident of the European Economic Area or are applying for a position in the European Economic Area, Contrast’s Privacy Statement
reflects our policies around compliance with the General Data Protection Regulation (“GDPR”) and your rights respective to GDPR
as a California resident, you are entitled to certain rights under CCPA: The California Consumer Privacy Act of 2018 (“CCPA”) will go into effect on January 1, 2020. Under CCPA, businesses must be overtly transparent about the personal information they collect, use, and store on California residents. CCPA also gives employees, applicants, independent contractors, emergency contacts and dependents (“CA Employee”) new rights to privacy.
We do not accept resumes from agencies, headhunters, or other suppliers who have not signed a formal agreement with us.
* We could support remote work in most states except CO.