Red Ventures is seeking a Security Solutions Architect to join our growing Cyber Security team. In this role, we are looking for someone to join our growing Security team aligned closely with our Infrastructure and Software Engineering teams to help define and implement architectural safeguards to ensure the safety and security of our systems and data.
At the intersection of leadership, strategic design, and implementation, the Security Solutions Architect role is key to Red Ventures’ continued operational success both on-premises and in the cloud (AWS). The Security Solutions Architect would play a role in safeguarding our systems through ensuring that our technology capabilities, infrastructure and toolsets are held to the strictest security standards. Examples include designing security patterns and implementations related to firewalls, endpoint security, cloud security, vulnerability scanning and more. In addition to recommending ways to improve our security risk posture, you’ll contribute to the direction and strategy of our governance model, policies and protocols. This will include the effective use of tools, controls and countermeasures to protect or minimize the effect of unauthorized attempts to gain access to our systems.
Our growing Cyber Security team thinks like hackers would, because they must anticipate the continually evolving tactics, techniques, and procedures (TTPs) hackers will use to try and gain unauthorized access to our systems or negatively impact our business. To be successful, you’ll need to gain a thorough understanding of our systems, identify potential weak points, and recommend ways to improve and update security (while also looking for ways to remove risk-related blockers to business innovation).
The ideal candidate is comfortable being hands-on, and has experience with cloud security; SaaS vendor evaluations and security reviews; data protection (encryption, tokenization); security analytics, forensics and log analysis; web application security and secure coding practices; and web server and proxy hardening. Candidates should also be comfortable writing tools and provisioning new security infrastructures in lab environments for functional and performance testing.
Staying current with new threats and exploits and assist in adjusting Red Ventures security profile accordingly.
Designing and building automated and manual security assessment plans of key systems and applications.
Act as a security liaison, consultant, and solutions architect to multiple independent lines of business.
Work closely with the on-premises and cloud (AWS) operations team to design, develop, and implement security best practices.
Directly lead a team of security engineers and analysts while working closely with our other IT, engineering, development, product, and business teams.
Any other duties specifically related to raising our level of IT security within Red Ventures in an appropriate manner suitable for our culture and business risk.
The best candidate has 8+ years of extensive and detailed knowledge and experience in all aspects of cloud, network and system security at an engineering level.
Specific requirements include:
4+ years working with, or strong familiarity with, one or more IT Standards such as SSAE SOC2, ISO 27001, PCI, HIPAA/HITECH, NIST, CSA/CCM and similar.
Experience and expertise in security tools like, IPS/IDS, Vulnerability management tools, DLP, CASB, IAM, DB monitoring and PAM solutions.
Ability to understand information security and network risks. Bonus points if you have working experience (or strong knowledge) of Cloud environments or DevOps security compliance.
Strong software design skills, preferably with recent server-side experience, preferably in C#, Golang, PHP, or Node.
Expertise working with all the standard diagnostic and security tools in Linux such as nmap, psad, tcpdump, syslog, iptables, ipvs, tripwire and similar.
Experience implementing, tuning and monitoring NextGen firewalls.
Expert in deploying and using scanning and penetration tools for vulnerability testing such as Nessus, nmap, AppScan and similar. Intimate knowledge of how to manually perform attacks such as SQL Injection, Cross-Site Scripting and other attacks as listed by the OWASP.
Experience supporting, implementing and enforcing PCI requirements. Must have detailed knowledge of various technologies and techniques to meet PCI requirements.
Employer will assist with relocation costs.
Red Ventures is a leading digital consumer choice platform. Through deeply integrated brand partnerships and consumer-facing assets, Red Ventures connects online customers with products and services in the home services, financial services, and healthcare industries. We use advanced analytics, data science, and integrated technology to cultivate and customize digital connections between brands and customers. We marry the speed of a start-up, the DNA of a digital agency, the strategic thinking of a consultancy, and the analytical skills of a big data company. Red Ventures is headquartered in Charlotte, NC and has more than 3,500 employees in offices across the US as well as in Brazil and London.