Senior Security Engineer

Remote
Full Time
Experienced
Onit, Inc. is looking for a Sr. Security Engineer to join our team to help secure our Enterprise SaaS applications and corporate infrastructure. To be successful in this role, you should have great people and technical skills and a passion for technology. The individual we look for is bright, creative and a problem solver. You must be able to multi-task in a fast-paced environment and be a self-starter with the ability to work independently.

Responsibilities:
  • Support the Onit security function during US Central Time business hours.
  • Manage and conduct vulnerability testing, penetration testing, and client security audits.
  • Implement and manage cloud-native security tools and third-party solutions for threat detection and incident response.
  • Define, maintain, and execute the Incident Response plan, investigating and resolving incident escalations.
  • Perform regular risk assessments and vulnerability scans of cloud infrastructure, ensuring timely remediation.
  • Collaborate with Dev, DevOps, and Infra teams to remediate identified vulnerabilities, discuss security best practices, and assist with security incident response.
  • Analyze EDR alerts and logs to identify potential security incidents, taking appropriate action.
  • Continuously evaluate and implement security tools and practices to enhance the security posture of the Onit environment.
  • Assist with security awareness programs for employees regarding security best practices
  • Assist with the development and updates of Security Policies for SOC2 and ISO27001 compliance.
  • Perform quarterly access reviews
Requirements:
  • Minimum of 5 years of experience in information security, with at least 3 years focused on cloud security for enterprise SaaS applications.
  • Proficient in AWS with a strong understanding of AWS networking/VPC, IAM, Security Groups, EC2, RDS, S3, and containers (EKS/ECS).
  • Extensive hands-on experience investigating security incidents, along with the creation, management, and execution of security runbooks / playbooks.
  • Knowledge of various AWS Native Security tools, security frameworks, and CSPM tools.
  • Experience in security tools such as vulnerability scanners, IDS/IPS, SIEM, firewalls, and endpoint security monitoring.
  • Experience with threat detection and threat intelligence.
  • Proficient in Linux.
  • Application security experience with an understanding of SAST, DAST, SBOMs, and other scans and artifacts to help improve application security posture
  • Familiarity with security frameworks such as NIST and ISO 27001.
  • Strong communication, problem-solving, and collaboration skills.

 Desired:
  • Certifications such as CCSP, AWS Security, OSCP, or equivalent are preferred.
  • Experience with Cloudflare and/or AWS WAF configurations.
  • Experience with AWS Guard Duty and CrowdStrike.
  • Automation experience with one or more of the following: AWS CLI, Bash, Python, Ansible to verify security configurations and automate runbooks is a plus.
  • Experience with Microsoft Entra and Mimecast.
Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Human Check*