Security Operations Lead │ DOU

B2B

Security

remote

About the project:

The client is an American community bank that is building an online banking platform based on Mulesoft and a back office on Salesforce. Our team will focus on developing integrations between various SaaS solutions from the client. The team started a couple of months ago, now they are at the initial stage: investigating the system, setting up the processes, and making all important decisions regarding Mulesoft, Data, DevOps, and Salesforce parts of the system.

The team consists of 15 people now: Mulsoft, Salesforce, DevOps, QA (manual and automation), Data, Business Analysts teams, Solution Architects, Scrum Master, PM, and Security analyst.

There is a part of the team on the client’s side: Mulesoft, DevOps, Data leads, product managers, and product owners. The team is in the European time zone, the client is in the EST time zone.

As for the methodology, we have Scrum on the project: 2-week sprints, daily meetings, retro, and planning ceremonies.

Technology stack on the project and tools: AWS, Azure DevOps, BitBucket, Jira, Confluence, Teams.

The security Analyst at the moment is involved in checking various tools planned to be used on the project for security, also creating security documentation as well as planning security audits in the future, and making security requirements a part of the development process.

Requirements:

5 – 6 years of experience as a Security Analyst/Engineer;
Working knowledge and understanding of Cloud security (AWS), data security, network security, identity, and access management, policy management, and risk management;
A deep understanding of Information Technology (i.e., Active Directory, Firewalls, Routers, Infrastructure, Databases, Logging, Monitoring, Change Management, Segregation of Duties, Cybersecurity, Physical Security, IT operations, Network Security, SIEM, DLP, EDR, Cloud Computing);
Strong knowledge of API security;
Strong knowledge of security hardening public-facing internet services;
Threat hunting knowledge;
Familiarity with PCI and SOC2 Standards and Suites;
Experience with various scripting languages (Bash/PowerShell/Python);
General Information Technology and Computer Networking knowledge preferred;
Ability to set up security processes from scratch;
Demonstrated problem-solving and critical thinking skills;
Strong verbal and written communication skills;
Demonstrate capacity to act in both blue teams and red teams;
Ability to prioritize and work alone;
Valid Security certifications;
Upper-intermediate level of English.

Nice to have:

Experience in penetration testing;
Certification in AWS;
CISSP or CISA certifications are strongly preferred. Other relevant certificates will be considered;
Ethical hacking certifications (CEH, GPEN. CompTIA Pentest+, OSCP);
Code security analysis;
Familiarity with CI/CD pipelines and SCA or SAST security tolls;
Mulesoft/Salesforce experience;
Bachelor’s Degree in information security/information technology/information security assurance.

Responsibilities:

Implement regulatory environment;
Drive the internal and external security audit preparation;
Monitor events and triage alerts across various security platforms;
Monitor security access;
Conduct security assessments through vulnerability testing and risk analysis;
Analyze security breaches to identify the root cause;
Continuously update the company’s incident response and disaster recovery plans;
Verifying the security of third-party vendors;
Maintain the security appliances and services.

About us:

Softjourn is a full-cycle consulting and software development company, with expert product teams experienced in Fintech, Media & Entertainment, with a special emphasis on Ticketing. Headquartered in Silicon Valley, California, with R&D offices in Ukraine, Poland, and Brazil, Softjourn is a global software development company with over 20 years of experience.

Softjourn has been honored as a veteran-friendly business by the Veteran Hub in Ukraine. We are committed to creating a supportive environment for veterans and implementing processes that address their needs. We highly value the unique skills and perspectives that military veterans bring to our company and are dedicated to assisting their transition to civilian life.