Who we are looking for State Street seeks to recruit a Cyber Fusion Advanced Threat Analyst to support the transformation from a legacy Security Operations Model to a pro-active intelligence driven Fusion model that better protects State Street, its customers and partners from ever evolving and sophisticated global threat actors. The Cyber Fusion Advanced Threat Analyst will be part of a high performing Advanced Threat team focused on threat hunting, incident response and investigations, collaboration, intelligence sharing and development of detection capabilities. This position will report directly to the Manager of the Advanced Threat Team, as part of the Global Cyber Security Organization. What you will be responsible for Collaboration with Cyber Threat Intelligence, Cyber Defense Center, and Offensive Security to conduct tactical and strategic threat hunting efforts that are pertinent to State Street, its subsidiaries and affiliates Leading incident response efforts for complex investigations involving Cyber Security threats. Performing digital forensics investigations related to Cyber Security threats. Working cross-functionally with team members to support and drive a collaborative team environment Assisting with the identification of logs sources that are valuable to threat hunting and detection Assist with the onboarding and tuning of log sources to provide better effectiveness Collaboration with the Cyber Architecture and Engineering team to assist with the design, implementation, and administration of various security technologies which relate to threat hunting, threat detection, and the overall Cyber Fusion Center Work closely with counterparts in IT and across the Cyber Fusion Center to align technical solutions with business needs. Ensure the effective management and delivery of cyber fusion services Support development and implementation of Cyber Fusion Center strategies aligned to key State Street risk and business needs Support the design and implementation of Cyber Fusion Center operating models, identifying, evaluating, and providing solutions via a threat and intelligence-based approach Build and nurture positive working relationships with the intention to exceed client expectations Reports to: Cyber Fusion Advanced Threat Manager What we value These skills will help you succeed in this role 5-10 years of experience in relevant Cyber Security roles such as Threat Hunting, Incident Response, SOC, Digital Investigations Experience with compromised system analysis Extensive knowledge of Advanced Persistent Threat (APT) groups and Tactics, Techniques, and Procedures used by APT groups Knowledge of the MITRE ATT&CK framework and its usage for improving threat detection and prevention capabilities Hands-on experience with Endpoint Detection & Response (EDR), and Security Information and Event Management (SIEM) tools Ability to communicate with and appropriately influence all levels of management Excellent interpersonal, communication (written and verbal), and presentation skills Excellent problem-solving abilities and organizational/time management skills. Strong attention to detail and worth ethic. Ability to work independently as well as collaboratively. Intellectually curious and willing to invest time in researching areas outside current knowledge base/skill set. Education & Preferred Qualifications Bachelor of Science in Computer Science, Information Security, Engineering or equivalent experience Relevant Industry Certifications (such as OSCP, OSCE, GREM, GCFA, GNFA, etc.) Additional requirements Previous experience in banking industry a plus Are you the right candidate? Yes! We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don't necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit. Why this role is important to us Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We're driving the company's digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation. We offer a collaborative environment where technology skills and innovation are valued in a global organization. We're looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company. Join us if you want to grow your technical skills, solve real problems and make your mark on our industry. About State Street What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients. Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You'll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential. Inclusion, Diversity and Social Responsibility. We truly believe our employees' diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you. State Street is an equal opportunity and affirmative action employer. Salary Range: $110,000 - $185,000 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
04/05/2024
Full time
Who we are looking for State Street seeks to recruit a Cyber Fusion Advanced Threat Analyst to support the transformation from a legacy Security Operations Model to a pro-active intelligence driven Fusion model that better protects State Street, its customers and partners from ever evolving and sophisticated global threat actors. The Cyber Fusion Advanced Threat Analyst will be part of a high performing Advanced Threat team focused on threat hunting, incident response and investigations, collaboration, intelligence sharing and development of detection capabilities. This position will report directly to the Manager of the Advanced Threat Team, as part of the Global Cyber Security Organization. What you will be responsible for Collaboration with Cyber Threat Intelligence, Cyber Defense Center, and Offensive Security to conduct tactical and strategic threat hunting efforts that are pertinent to State Street, its subsidiaries and affiliates Leading incident response efforts for complex investigations involving Cyber Security threats. Performing digital forensics investigations related to Cyber Security threats. Working cross-functionally with team members to support and drive a collaborative team environment Assisting with the identification of logs sources that are valuable to threat hunting and detection Assist with the onboarding and tuning of log sources to provide better effectiveness Collaboration with the Cyber Architecture and Engineering team to assist with the design, implementation, and administration of various security technologies which relate to threat hunting, threat detection, and the overall Cyber Fusion Center Work closely with counterparts in IT and across the Cyber Fusion Center to align technical solutions with business needs. Ensure the effective management and delivery of cyber fusion services Support development and implementation of Cyber Fusion Center strategies aligned to key State Street risk and business needs Support the design and implementation of Cyber Fusion Center operating models, identifying, evaluating, and providing solutions via a threat and intelligence-based approach Build and nurture positive working relationships with the intention to exceed client expectations Reports to: Cyber Fusion Advanced Threat Manager What we value These skills will help you succeed in this role 5-10 years of experience in relevant Cyber Security roles such as Threat Hunting, Incident Response, SOC, Digital Investigations Experience with compromised system analysis Extensive knowledge of Advanced Persistent Threat (APT) groups and Tactics, Techniques, and Procedures used by APT groups Knowledge of the MITRE ATT&CK framework and its usage for improving threat detection and prevention capabilities Hands-on experience with Endpoint Detection & Response (EDR), and Security Information and Event Management (SIEM) tools Ability to communicate with and appropriately influence all levels of management Excellent interpersonal, communication (written and verbal), and presentation skills Excellent problem-solving abilities and organizational/time management skills. Strong attention to detail and worth ethic. Ability to work independently as well as collaboratively. Intellectually curious and willing to invest time in researching areas outside current knowledge base/skill set. Education & Preferred Qualifications Bachelor of Science in Computer Science, Information Security, Engineering or equivalent experience Relevant Industry Certifications (such as OSCP, OSCE, GREM, GCFA, GNFA, etc.) Additional requirements Previous experience in banking industry a plus Are you the right candidate? Yes! We truly believe in the power that comes from the diverse backgrounds and experiences our employees bring with them. Although each vacancy details what we are looking for, we don't necessarily need you to fulfil all of them when applying. If you like change and innovation, seek to see the bigger picture, make data driven decisions and are a good team player, you could be a great fit. Why this role is important to us Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We're driving the company's digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation. We offer a collaborative environment where technology skills and innovation are valued in a global organization. We're looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company. Join us if you want to grow your technical skills, solve real problems and make your mark on our industry. About State Street What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation, we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients. Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary by location, but you may expect generous medical care, insurance and savings plans, among other perks. You'll have access to flexible Work Programs to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential. Inclusion, Diversity and Social Responsibility. We truly believe our employees' diverse backgrounds, experiences and perspectives are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift programs and access to employee networks that help you stay connected to what matters to you. State Street is an equal opportunity and affirmative action employer. Salary Range: $110,000 - $185,000 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Who we are looking for The DevOps Secrets Engineer will work in the corporate information security organization.They will analyze, develop, and build processes and technology, to ensure timely delivery of secrets/key management services. The Secrets engineer will be expected to build a multi-cloud infrastructure that manages application secrets and keys in alignment with corporate security policies. What you will be responsible for As Secrets Platform Owner Cloud Architect you will be responsible for : • Delivery of the Cloud based secrets and key management technologies, policies, automation, integration, software and systems patching. • Lead projects to develop and deliver new security features and expand coverage to new use cases and achieve cost efficiencies through standardization. • Lead and conduct proof of concepts that validate the quality, efficiency and performance of secrets management solutions. • Contribute to secrets infrastructure design, including provisioning, distribution, scaling access policies, SSH key management, API key management, and reporting. • Design, configure, and maintain secrets solutions for storage, machine auth, infrastructure components, cloud native product, applications, databases, cloud services (SaaS). • Integrate the secrets infrastructure with various technologies such as Service Now, Kubernetes, SailPoint or other top IDM solutions • Provide security consultation on internal projects focusing on business needs and how data is transmitted internally and externally. • Authoring and maintaining documentation procedures, inventories, and diagrams for secrets solutions and processes. • Monitors and responds to capacity and performance needs of the secrets infrastructure. • Provides regular reports to leadership regarding security, capacity, usage, and licensing • Provide leadership in reducing privileged access and accelerating least privileged access What we value These skills will help you succeed in this role • Bachelor's Degree in Information Technology, Computer Science or other related fields • Industry certifications in cyber or identity security attesting to broad knowledge of security best practices and design. • 2-5 years administering and maintaining secrets solutions such as Conjure, HashiCorp Vault, Azure keystore, AWS secrets manager, AWS KMS • Work history in delivering mission critical security services to large company in multi-cloud and globally distributed environment. • Experience workin g with SIEM integration (Splunk) and UBA/Threat Analytics. • Background working in a large IT organization with responsibility for supporting the technology and processes in the cyber security domain and controls program, preferably in a financial services organization • Experience with server hardening and advanced designing secure platforms. • Understanding of zero trust security and cloud native machine authentication . • Experience with Service Life Cycle or Agile Frameworks • Good verbal and written communication skills • Advanced research, analytical, and problem-solving skills • Effective in leading resources to deliver large goals and objectives • Practical skills presenting findings, conclusions, alternatives, and information clearly and concisely • Experience in developing automated solutions and processes using Ansible, Puppet, Python, BASH for UNIX/Linux. • Strong knowledge of modern cloud compute automated provisioning DevOps Pipelines using technologies such as : Terraform, Harness, YAML, Jenkins, JFrog, Sonar, VeraCode, Lamda Additional requirements Why this role is important to us Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We're driving the company's digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation. We offer a collaborative environment where technology skills and innovation are valued in a global organization. We're looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company. Join us if you want to grow your technical skills, solve real problems and make your mark on our industry. About State Street What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients. Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You'll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential. Inclusion, Diversity and Social Responsibility. We truly believe our employees' diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you. State Street is an equal opportunity and affirmative action employer. Discover more at Salary Range: $140,000 - $222,500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
04/04/2024
Full time
Who we are looking for The DevOps Secrets Engineer will work in the corporate information security organization.They will analyze, develop, and build processes and technology, to ensure timely delivery of secrets/key management services. The Secrets engineer will be expected to build a multi-cloud infrastructure that manages application secrets and keys in alignment with corporate security policies. What you will be responsible for As Secrets Platform Owner Cloud Architect you will be responsible for : • Delivery of the Cloud based secrets and key management technologies, policies, automation, integration, software and systems patching. • Lead projects to develop and deliver new security features and expand coverage to new use cases and achieve cost efficiencies through standardization. • Lead and conduct proof of concepts that validate the quality, efficiency and performance of secrets management solutions. • Contribute to secrets infrastructure design, including provisioning, distribution, scaling access policies, SSH key management, API key management, and reporting. • Design, configure, and maintain secrets solutions for storage, machine auth, infrastructure components, cloud native product, applications, databases, cloud services (SaaS). • Integrate the secrets infrastructure with various technologies such as Service Now, Kubernetes, SailPoint or other top IDM solutions • Provide security consultation on internal projects focusing on business needs and how data is transmitted internally and externally. • Authoring and maintaining documentation procedures, inventories, and diagrams for secrets solutions and processes. • Monitors and responds to capacity and performance needs of the secrets infrastructure. • Provides regular reports to leadership regarding security, capacity, usage, and licensing • Provide leadership in reducing privileged access and accelerating least privileged access What we value These skills will help you succeed in this role • Bachelor's Degree in Information Technology, Computer Science or other related fields • Industry certifications in cyber or identity security attesting to broad knowledge of security best practices and design. • 2-5 years administering and maintaining secrets solutions such as Conjure, HashiCorp Vault, Azure keystore, AWS secrets manager, AWS KMS • Work history in delivering mission critical security services to large company in multi-cloud and globally distributed environment. • Experience workin g with SIEM integration (Splunk) and UBA/Threat Analytics. • Background working in a large IT organization with responsibility for supporting the technology and processes in the cyber security domain and controls program, preferably in a financial services organization • Experience with server hardening and advanced designing secure platforms. • Understanding of zero trust security and cloud native machine authentication . • Experience with Service Life Cycle or Agile Frameworks • Good verbal and written communication skills • Advanced research, analytical, and problem-solving skills • Effective in leading resources to deliver large goals and objectives • Practical skills presenting findings, conclusions, alternatives, and information clearly and concisely • Experience in developing automated solutions and processes using Ansible, Puppet, Python, BASH for UNIX/Linux. • Strong knowledge of modern cloud compute automated provisioning DevOps Pipelines using technologies such as : Terraform, Harness, YAML, Jenkins, JFrog, Sonar, VeraCode, Lamda Additional requirements Why this role is important to us Our technology function, Global Technology Services (GTS), is vital to State Street and is the key enabler for our business to deliver data and insights to our clients. We're driving the company's digital transformation and expanding business capabilities using industry best practices and advanced technologies such as cloud, artificial intelligence and robotics process automation. We offer a collaborative environment where technology skills and innovation are valued in a global organization. We're looking for top technical talent to join our team and deliver creative technology solutions that help us become an end-to-end, next-generation financial services company. Join us if you want to grow your technical skills, solve real problems and make your mark on our industry. About State Street What we do. State Street is one of the largest custodian banks, asset managers and asset intelligence companies in the world. From technology to product innovation we're making our mark on the financial services industry. For more than two centuries, we've been helping our clients safeguard and steward the investments of millions of people. We provide investment servicing, data & analytics, investment research & trading and investment management to institutional clients. Work, Live and Grow. We make all efforts to create a great work environment. Our benefits packages are competitive and comprehensive. Details vary in locations, but you may expect generous medical care, insurance and savings plans among other perks. You'll have access to flexible Work Program to help you match your needs. And our wealth of development programs and educational support will help you reach your full potential. Inclusion, Diversity and Social Responsibility. We truly believe our employees' diverse backgrounds, experiences and perspective are a powerful contributor to creating an inclusive environment where everyone can thrive and reach their maximum potential while adding value to both our organization and our clients. We warmly welcome the candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Another fundamental value at State Street is active engagement with our communities around the world, both as a partner and a leader. You will have tools to help balance your professional and personal life, paid volunteer days, matching gift program and access to employee networks that help you stay connected to what matters to you. State Street is an equal opportunity and affirmative action employer. Discover more at Salary Range: $140,000 - $222,500 Annual The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
CoStar Realty Information, Inc
Washington, Washington DC
Senior Cloud Security Engineer Job Description DevSecOps Senior Cloud Security Engineer CoStar Group, Inc. (NASDAQ - CSGP) ( ) is commercial real estate's leading provider of information and analytic services. Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availabilities. Headquartered in Washington, DC, CoStar maintains offices throughout the U.S. and around the world with a staff of approximately 4,300 worldwide, including the industry's largest professional research organization. OVERVIEW Identify and implement security improvements across private and public clouds utilized in the delivery of CoStar's customer facing products and corporate applications. Implement secure practices, defense in-depth and monitoring and event response tool sets to handle growing threats in the cloud. Work closely with DevOps, DBAs, Systems, and Network engineers to refine and enforce security practices. BASIC QUALIFICATIONS Bachelors in Computer Science or related Field Relevant experience areas (deep expertise required in at least 3): Engineering cloud security guard rails in AWS, Azure, or Google Cloud Platform Cloud Security Posture Management (CSPM) tools - Security Monkey, CloudCheckr, Prisma Cloud, Cloud Conformity, AWS GuardDuty, AWS Config, DivvyCloud, etc. Infrastructure as Code (IaC) - Ansible, Terraform, Chef, AWS Cloudformation, SaltStack, Puppet. Scripting languages such as PowerShell, Python, GoLang, Ruby, etc. Container and Kubernetes - Securing container images at rest, build, and runtime. Cloud WAF - Akamai Kona, AWS WAF, Arbor, Prolexic, or similar tools. Logging and SIEM Technologies - Cloud Native solutions such as CloudTrail, Cloudwatch, and VPC Flow logs. Other packaged SIEMs such as ElasticSearch, IBM QRadar, Azure Sentinel, Splunk, etc. Key Management - Privileged account management solutions in the cloud for key management, service account and secrets management, rotation and event response, including tools such as Secret Server (Thycotic), Vault (HashiCorp), Cloud KMS, or similar tool set. Experience in a development and operations role, implementing security through code development and infrastructure code reviews, establishing security ecosystems utilizing APIs and event driven security response. Previous participation in bug-hunting, pen tests, vulnerability assessments Cloud access security broker (CASB) or similar experience securing SaaS offerings such as O365, GoogleApps, and other cloud vendors. PREFERRED QUALIFCATIONS AND SKILLS Optional, but very relevant certifications: AWSCSA, OSCP, SANS/GIAC, CISSP, CISA, CISM, CEH, CCNA, CCNP, MCSE, MCP, MCTS, Security+, MCITP Operational Responsibilities: Position requires participation in a 24x7 on-call rotation and off hour's maintenance windows OVERVIEW OF COMPANY: Founded in 1987, CoStar Group is the leading provider of commercial real estate information, analytics, and online marketplaces. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availability. Behind some of the most well-known brands in the industry, CoStar Group includes CoStar, the largest provider of CRE research and real-time data; LoopNet, the most heavily trafficked mobile and online real estate marketplace; Apartments.com, the premier rental home resource for renters, property managers and owners; STR, the leading provider of performance benchmarking and comparative analytics to the hotel industry; BizBuySell, the largest online marketplace for businesses-for-sales; and Lands of America, the leading operator of online marketplaces for rural real estate. Headquartered in Washington, DC, CoStar Group maintains offices throughout the U.S. and in Europe, Canada, and Asia with a staff of over 4,300 worldwide. WHATS IN IT FOR YOU: Working at CoStar Group means you'll enjoy a culture of collaboration and innovation that attracts the best and brightest across a broad range of disciplines. In addition to generous compensation and performance-based incentives, you'll be supported in both your professional and academic growth with internal training, tuition reimbursement, and an inter-office exchange program. Our benefits package includes (but is not limited to): Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug Life, legal, and supplementary insurance Commuter and parking benefits 401(K) retirement plan with matching contributions Employee stock purchase plan Paid time off Tuition reimbursement On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes, as well as Segways and bikes available for use during the day Complimentary gourmet coffee, tea, hot chocolate, prepared foods, fresh fruit, and other healthy snacks Be part of a team of professionals enjoying the opportunity to learn, do, and grow in a rewarding atmosphere. But don't just take our word for it -- see why our team chose to work at and stay at CoStar Group: We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar is not able to provide visa sponsorship for this position. CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing - provided by Dice
01/29/2021
Full time
Senior Cloud Security Engineer Job Description DevSecOps Senior Cloud Security Engineer CoStar Group, Inc. (NASDAQ - CSGP) ( ) is commercial real estate's leading provider of information and analytic services. Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availabilities. Headquartered in Washington, DC, CoStar maintains offices throughout the U.S. and around the world with a staff of approximately 4,300 worldwide, including the industry's largest professional research organization. OVERVIEW Identify and implement security improvements across private and public clouds utilized in the delivery of CoStar's customer facing products and corporate applications. Implement secure practices, defense in-depth and monitoring and event response tool sets to handle growing threats in the cloud. Work closely with DevOps, DBAs, Systems, and Network engineers to refine and enforce security practices. BASIC QUALIFICATIONS Bachelors in Computer Science or related Field Relevant experience areas (deep expertise required in at least 3): Engineering cloud security guard rails in AWS, Azure, or Google Cloud Platform Cloud Security Posture Management (CSPM) tools - Security Monkey, CloudCheckr, Prisma Cloud, Cloud Conformity, AWS GuardDuty, AWS Config, DivvyCloud, etc. Infrastructure as Code (IaC) - Ansible, Terraform, Chef, AWS Cloudformation, SaltStack, Puppet. Scripting languages such as PowerShell, Python, GoLang, Ruby, etc. Container and Kubernetes - Securing container images at rest, build, and runtime. Cloud WAF - Akamai Kona, AWS WAF, Arbor, Prolexic, or similar tools. Logging and SIEM Technologies - Cloud Native solutions such as CloudTrail, Cloudwatch, and VPC Flow logs. Other packaged SIEMs such as ElasticSearch, IBM QRadar, Azure Sentinel, Splunk, etc. Key Management - Privileged account management solutions in the cloud for key management, service account and secrets management, rotation and event response, including tools such as Secret Server (Thycotic), Vault (HashiCorp), Cloud KMS, or similar tool set. Experience in a development and operations role, implementing security through code development and infrastructure code reviews, establishing security ecosystems utilizing APIs and event driven security response. Previous participation in bug-hunting, pen tests, vulnerability assessments Cloud access security broker (CASB) or similar experience securing SaaS offerings such as O365, GoogleApps, and other cloud vendors. PREFERRED QUALIFCATIONS AND SKILLS Optional, but very relevant certifications: AWSCSA, OSCP, SANS/GIAC, CISSP, CISA, CISM, CEH, CCNA, CCNP, MCSE, MCP, MCTS, Security+, MCITP Operational Responsibilities: Position requires participation in a 24x7 on-call rotation and off hour's maintenance windows OVERVIEW OF COMPANY: Founded in 1987, CoStar Group is the leading provider of commercial real estate information, analytics, and online marketplaces. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availability. Behind some of the most well-known brands in the industry, CoStar Group includes CoStar, the largest provider of CRE research and real-time data; LoopNet, the most heavily trafficked mobile and online real estate marketplace; Apartments.com, the premier rental home resource for renters, property managers and owners; STR, the leading provider of performance benchmarking and comparative analytics to the hotel industry; BizBuySell, the largest online marketplace for businesses-for-sales; and Lands of America, the leading operator of online marketplaces for rural real estate. Headquartered in Washington, DC, CoStar Group maintains offices throughout the U.S. and in Europe, Canada, and Asia with a staff of over 4,300 worldwide. WHATS IN IT FOR YOU: Working at CoStar Group means you'll enjoy a culture of collaboration and innovation that attracts the best and brightest across a broad range of disciplines. In addition to generous compensation and performance-based incentives, you'll be supported in both your professional and academic growth with internal training, tuition reimbursement, and an inter-office exchange program. Our benefits package includes (but is not limited to): Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug Life, legal, and supplementary insurance Commuter and parking benefits 401(K) retirement plan with matching contributions Employee stock purchase plan Paid time off Tuition reimbursement On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes, as well as Segways and bikes available for use during the day Complimentary gourmet coffee, tea, hot chocolate, prepared foods, fresh fruit, and other healthy snacks Be part of a team of professionals enjoying the opportunity to learn, do, and grow in a rewarding atmosphere. But don't just take our word for it -- see why our team chose to work at and stay at CoStar Group: We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar is not able to provide visa sponsorship for this position. CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing - provided by Dice
*Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position serves in a personnel and progam manager role, subject matter expert, and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is preferred Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Those containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG is required Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
01/28/2021
Full time
*Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position serves in a personnel and progam manager role, subject matter expert, and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is preferred Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Those containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG is required Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position serves in a personnel and progam manager role, subject matter expert, and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is preferred Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Those containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG is required Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
01/28/2021
Full time
*Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Manager. Candidate is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position serves in a personnel and progam manager role, subject matter expert, and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC tool management. Responsibilities: Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services. Policy management: Lead in the creation and maintenance of security policies, standards, processes and guidelines. Evaluate exception requests and make approval recommendations to management. Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs. Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients. Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting. Governance: Analyze and stay current with regulations that impact information security/privacy program. Qualifications: Bachelor's degree is preferred Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Seven (7) + years of direct experience (Information Security/Governance) is required. Four (4) + years of Information Security experience required. Those containing hands on technical experience are preferred. Four (4) + years of management experience required. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG is required Strong knowledge of risk management principles and practices is required. Technical writing experience is required. Business Intelligence/Analytics (Qlik, Tableau) is preferred. Prior IT Security experience in the legal industry experience is preferred. Experience with instructional content, educational writing, and technical writing strongly preferred. Three (3) + years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity. Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Ability to communicate an effective security awareness message throughout the organization. Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181. Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Strong knowledge of Access/Identity Management technologies. Strong knowledge of BI/Analytics tools. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.