Unique opportunity at a growing technology company fundamentally changing the way we access secure services at the convergence of digital, physical, and AI worlds. TruU is seeking a hands-on security operations and compliance Engineer to make sure we keep TruU and its customer’s and our internal data safe, secure and meet our compliance needs. You will have a chance to work with great team of development engineers and cloud operations on day to day basis.

If you have hands on cyber security and compliance experience both on Cloud and on-site deployment, this is the role for you!

Responsibilities

  1. Hands-on responsibilities for
  • implementing and maintaining security and compliance controls.
  • security patch management of end user compute devices and corporate systems/servers in addition to coordination of patches for product servers
  • security operations monitoring, reporting and SIEM
  1. Day to day regular and custom scanning of workstations and cloud resources. Generating reports and identifying patching needs.
  2. Hands on experience with OWASP and other frameworks and testing/scanning tools. Will perform internal penetration testing of TruU Mobile app (iOS and Android), Web and Physical components. Also, will drive external penetration testing team(s).
  3. Participation in Third Party Risk Management review and reporting.
  4. Manage technology operations and ensure continuous operations improvements.
  5. Responsible for product and data related management practices and customer queries that value customer privacy and conform to international standards.

Skills and Experience:

  1. Bachelor's degree in computer science, information systems, math, engineering, or other technical field, or equivalent experience
  2. Five (5) years of experience in vulnerability scanning of workstations and cloud infrastructure with tools like Qualys, Nessus, Inspector etc.
  3. Five (5) years of experience in applying workstation patching on Windows and Macs using SCCM and/or JAMF (or other tools).
  4. Five (5) years of experience in applying server and cloud patching on Windows and Linux machines.
  5. Two (2) years of experience with hands on penetration testing with tools like BURP, Kali Linux etc.
  6. Two (2) years of experience with Internal/Pre Audit of cloud and internal resources and collaboration with external partners to produce various external compliance reports.
  7. Hands on with several of the following: AWS, Windows, macOS, Linux internals including how authentication works under the covers.
  8. Knowledge of the cyber identity industry
  9. Experience with cloud scale distributed architectures and technologies
  10. Experience with security architecture and operations implementation
  11. CISM, CISSP or other Security Certifications preferred.
  12. Auditing and Compliance Certifications such as CISA, PCI-ISA preferred.
  13. Excellent communication skills - written and verbal, technical and non-technical
  14. Ability to create/write and update technical documentation, processes, and procedures
  15. Ability to prioritize workload to meet tight deadlines.