The Security Infrastructure Engineer plays a critical role in safeguarding our company's digital assets against cyber threats. They ensure compliance with security regulations and standards while providing guidance to our development teams on secure coding practices. Additionally, they collaborate with various departments to assess our security posture, identify vulnerabilities, and implement measures to enhance our defenses. Their expertise in security operations and risk management helps us proactively address potential threats, making them invaluable guardians of our digital infrastructure.
Job Description
Strong understanding of common vulnerabilities in web and enterprise applications.
Advocate and enforce cybersecurity best practices and share insights throughout the organization.
Advise developers on secure coding practices. Assist in the design and implementation of DevSecOps procedures.
Consult with project teams to ensure the compliance with company obligations.
Analyze current code to identify security weaknesses and develop opportunities for improvements.
Assist in the development of infrastructure solutions at both the application and organization service levels.
Consult with server, networking and endpoint management teams on hardening practices.
Run vulnerability management meetings and workshops as needed to ensure identified vulnerabilities are remediated in a timely fashion.
Assist with hunts, translating them into iterative processes.
Creating policies and procedures as needed.
Mentor fellow security team members.
Documentation and Training: Create documentation, guidelines, and training materials for security processes, procedures, and best practices to educate stakeholders and promote security awareness.
Qualifications and Skills
Extensive experience (10+ years) in application design and development.
Extensive experience (5+ years) in application security.
Strong understanding of security principles, cryptographic protocols, and authentication mechanisms.
Excellent communication and interpersonal skills with the ability to collaborate effectively with cross-functional teams.
Solid understanding of regulatory compliance requirements and data privacy laws.
Experience with Application Security Systems such as DAST, SAST and Open Source tools.
Experience with GitHub and other development tools.
Strong problem-solving skills and the ability to analyze complex issues and recommend effective solutions.
Ability to develop and adapt API integrated solutions and automate processes.
Deep understanding of networking and network segmentation.
Experience with vulnerability management platforms such as Tenable or Qualys.
Strong problem-solving skills and the ability to analyze complex issues and recommend effective solutions.
Ability to develop and adapt API integrated solutions using access management tools.
Deep familiarity with LDAP, SAML, XACML, OAuth, & SCIM required.
Knowledge of cloud security concepts and experience with cloud platforms (e.g., Azure, AWS) is a plus.
Familiarity with CIS hardening standards is a plus.
Additional Job Information/Anticipated
Pay Range
Pay Range: $150k to $180k. Base pay offered may vary depending on various factors including but not limited to job related knowledge, skills, and job specific/overall experience.
Benefits
Sonesta recognizes that benefits play a vital role in helping ensure the health and financial security of employees and their families. We offer a variety of benefits to our employees including:
Medical, Dental and Vision Insurance
Health Savings Account with Company Match
401(k) Retirement Plan with Company Match
Paid Vacation and Sick Days
Sonesta Hotel Discounts
Educational Assistance
Paid Parental Leave
Company Paid Life Insurance
Company Paid Short Term and Long Term Disability Insurance
Various Employee Perks and Discounts
Upon submitting your application, please ensure you complete a full application in addition to attaching a resume. Incomplete applications received will not be considered.