Security Engineer II
Connecting the world to wellness
MINDBODY emerged from the simple idea that small business owners deserve the time to focus on what matters most: their customers. Our software has transformed that vision into the world's leading wellness services marketplace, linking hundreds of thousands of passionate health, wellness and beauty professionals to the millions of clients they serve.
MINDBODY is looking for an addition to our Cybersecurity team. To join this team, you’ll need to have a passion for security, and love hands-on network administration/automation. As a Security Engineer, you’ll monitor a variety of network and host-based logs in order to quickly categorize and triage incoming incidents. The Security Engineer will work closely with Development/Engineering, DBA, and Information Systems teams to create and maintain the safest operating environment for our employees and users. Strong network expertise with a security mindset is critical to success in this role.
You know how to secure the people, networks, and cloud applications used in a modern enterprise environment and you have at least 4 years of experience working in Information Technology with a focus on security. In this role, you will manage cyber risk through various programs, including: vulnerability management, network security, Next-Gen firewall management, secure cloud access, privileged access management, security awareness, endpoint security, and compliance management.
MINIMUM QUALIFICATIONS AND REQUIREMENTS:
- BS degree in Computer Science, Engineering, Cybersecurity, or equivalent practical experience.
- Experience coding in one or more: Python, C/C++/C#, Java, Powershell.
- 2-3 years of experience in IT, Engineering, or similar field.
- CISSP Associate, OSCP, or similar industry certification.
- Requires knowledge of security issues, techniques and implications across the most common computing platforms.
- Experience with vulnerability management, configuration compliance software, and SEIMs.
- Strong communication skills.
- An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
- An understanding of organization mission, values and goals and consistent application of this knowledge.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- An ability to effectively influence others to modify their opinions, plans or behaviors.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
- Researches, designs, and implements information security solutions for organization systems and products that comply with all applicable security policies and standards.
- Contribute to the development, implementation, and maintenance of enterprise security policies, standards, and processes that help identify and mitigate security risk.
- Contribute to the development of security metrics. Track, analyze, and report security metrics and propose countermeasures to address security trends that are not in line with the desired risk profile.
- Manage the investigation and troubleshooting of security issues to determine root cause and drive solutions.
- Management/Review of systems security configurations.
- Perform probes of the network, applications, and devices to determine if security vulnerabilities exist and/or if security and access control policies have been violated.
- Monitor/tune policies and alert configurations for a wide variety of security systems and products.
- Act as a consultant and ambassador of the Security Team to internal customers and departments.
- Act as a mentor and trainer to Interns and other technicians who show an interest in bringing better security practices to their own departments.
- Assist in performing penetration tests to demonstrate risk.
- Assist with managing Anti-Virus/Malware Systems.
- Assist with managing next-gen firewall and IDS systems.
- Security incident response in coordination with other teams across the company and/or externally as required.
- Participate in a 24/7 on-call rotation.