SPS Commerce is looking to add a Senior Security Engineer to our nimble and mighty security operations and engineering team. In this role you'll have the opportunity to directly influence security best practices and contribute your expertise across the organization. This role will help SPS Commerce each day by leading security investigations, solving complex technical problems for the business, and communicating security best practices in a manner that strengthens our culture and values. This a great opportunity for a seasoned IT security professional to take their career to the next level.
Does this sound like you?
- In another life you would have been an investigator. You're naturally curious, your favorite question is, “why?”, and you can't stop asking it until you've got things figured out.
- You have a passion for technology and nerdery. You've got great ideas and are looking for a place where you'll be encouraged to share them.
- Staying in your lane is not your thing. You feel stifled working in a role with a narrowly defined scope of responsibilities.
- You're self-motivated, value the opportunity to work autonomously, but also feel comfortable leading small groups of people to achieve something important.
We solve retail supply chain problems by cutting through inefficiency with innovation and automation. At SPS we empower retailers, suppliers, distributors, grocers and logistics partners to work better together with our people, our process and our tech products. We have the world's largest retail network, and we don't just lead the industry, we are the industry.
At SPS, we believe every employee makes a difference. We ensure employees have the tools, resources and training to explore new ideas and execute them. Our success comes from playing as a team and always playing to win. Careers don't just grow here, they're made here.
Day to Day
Security Engineers ensure our development and infrastructure practices have security defined, integrated, and implemented in a common-sense manner that reduces risk for the business. Together with the security and broader tech team, security engineers [are awesome &&] ensure that risk-based controls are built, run, and continuously improved so that our customers stay safe.
This is, in part, accomplished by executing the following responsibilities:
- Helping the SOC team review alerts, investigate security events and determine the appropriate actions to protect our environment
- Consistently documenting issues in the incident management system and working to communicate with internal stakeholders in a transparent and risk-informed manner
- Configuring and operating Pretty Cool Tools (PCT) the best they can be and helping to be(come) an expert so that you can pass it on to others
- Analyzing technical documentation and details from a wide variety of systems and environments to deeply understand the root-cause of issues
- Working collaboratively with other technology teams to influence change quickly
- Rolling up your sleeves to build, code, tape, staple, glue, or otherwise construct controls to Get Stuff Done (GSD)
- Identifying opportunities to improve SPS systems or processes and using your diverse background to make pragmatic recommendations, then execute them
- Minimum 5 years of experience with bachelor's degree in related business or technical areas; Master's degree with 3 years of related business or technical areas; or an equivalency of education and work experience
- Equivalent work experiences includes: security engineering/architecture experience and designing and implementing standards, specifications, and procedures
- Experience providing technical security guidance to technical and non-technical audiences
- Experience with regulatory requirements from SOX, HIPAA, and PCI-DSS
- Working knowledge of development operations practices – accountable for driving the integration of security into development operations and existing continuous delivery / continuous improvement business processes
- System configuration and architecture experience
- Strong knowledge of industry accepted information security best practices, standards, and policies such as NIST CSF, OWASP, CIS, STIG, MITRE [email protected], etc
- Proven ability to manage information security service and operation through effective management of resources
- Demonstrated experience and understanding of business security and compliance requirements & ability to translate into well-engineered & integrated business solutions
- Demonstrated ability to take initiative and accountability for achieving results
- Driven to understand & appropriately respond to customers' business needs
- Certifications & Licenses: One or more industry certification - CISSP, CISM, CISA, CCFE, GIAC, CCIE, CCSP, ABCP, MBCP, ISA, PCIP, CEH
- Actively participates and contributes to the security community
EOE including disability/ veteran