Jobs
>
Denver

    Senior Security Engineer - Denver, United States - Coalfire

    Coalfire
    Coalfire Denver, United States

    1 week ago

    Default job background
    Description
    Coalfire


    Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable programs that improve their security posture and fuel their continued success.

    View company page

    About CoalfireCoalfireis on a mission to make the world a safer place by solving our clients' hardest cybersecurity challenges.

    We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape.

    We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.
    But that's not who we are – that's just what we do.

    We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.

    And we're growing fast.
    We're looking for a Senior Security Engineer to support our Cloud Services team.
    This can be a remote position (must be located in the United States).
    Position SummaryAs Senior Security Engineer (Vulnerability Management

    analyst) at Coalfire within our Cloud Services group, you will be a self-starter, passionate about cloud

    security, and thrive on problem-solving. You will provide operational support of Vulnerability Management processes for clients with regulatory compliance requirements.

    The Cloud Services team is responsible for identifying, assessing, and managing threats, vulnerabilities, and associated risks to clients' information assets and resources.

    You will work within major public clouds and best-of-breed tools, utilizing your technical abilities to monitor vulnerabilities and recommend remediation or resolution.

    What You'll Do


    Join a highly collaborative security operations team delivering vulnerability management services to Cloud Service Providers, and other organizations operating highly regulated environments.

    Review vulnerabilities and data from various sources (e.g., penetration testing, vulnerability scanning) across different technologies and environments to assess the risk level to business assets.

    Conduct recurring and on-demand OS/DB & Web scanning activities for multiple customer environments.

    Build, configure, and manage vulnerability management tools within customer environments, serving as the subject matter expert for vulnerability management queries.

    Assist customers with scanning their FedRamp environment, establishing standards, and managing false positives and exceptions.
    Utilize customer scan data to create a Plan of Action and Milestones (POAM) for regular delivery to customers.

    Communicate with internal management to provide insights into the current risk posed by vulnerabilities in customer environments and proposed remediation strategies.

    This position will be the liaison between the vulnerability management team and various SRE teams and customer teams and must be able to provide technical remediation details or workarounds, help track and identify asset inventory, log work tickets and exceptions and research vulnerability findings.

    Develop and maintain standard operating procedures, training documents, technical documentation, and troubleshooting guidelines for security solutions.
    Configure and troubleshoot scanning devices and resolve agent & authentication issue.
    Implement technical solutions to automate repetitive tasks.
    Provide guidance, instruction, and thought leadership to clients and team members.
    Manage and follow up on tickets and customer requests.
    Workindependently and with vendors' professional services to diagnose and troubleshoot any issues with vulnerability assessmenttools.
    Provide oversight and orchestrate key parties from Coalfire and client teams during escalations with a focus on expedited resolution.
    Provide analysis of Information Security vulnerabilities and determine true or false positive, and work with appropriate teams for remediation.

    Analyze identified vulnerabilities to identify false positives or environmental factors that affect the risk scoring and ensure the POAM is updated to reflect that analysis.

    What You'll Bring

    Previous experience supporting clients from within a managed service organization.
    Experience with ITSM solutions such as Jira and ServiceNow and delivering to SLAs.
    4-6 years of related experience in professional services, vulnerability management, and compliance monitoring.
    Must be skilled in web application testing, API testing, and network testing.
    Prior experience working with Burp Suite Professional, or other similar DAST tools.
    Proficiency in scripting, such as Python and/or PowerShell.
    1-2 years developing playbooks, runbooks, and troubleshooting technical issues.
    Good understanding of Windows and Linux patching.
    Knowledge of vulnerability scoring systems (CVSS/CMSS)
    Experience with building, configuring, and managing vulnerability scanning tools (Nessus/Burp Suite preferred)
    Experience analyzing vulnerabilities and adjusting the risk rating/severity dependent on internal factors.

    Experience defining Operating System Baseline Configuration standards such as the Center for Internet Security (CIS) Critical Security Controls Scanning within various scanning technologies and working with appropriate teams to remediate and report on the results.

    Excellent communication, organizational, and problem-solving skills in a dynamic environment

    Experience working with Internal and External Auditors to ensure that documented controls / policies/ and standards are being adhered to.

    Effective documentation skills, including technical diagrams and written descriptions.
    Ability to work independently and as part of a team with a professional attitude and demeanor.
    Critical thinking, and ability to balance security requirements with mission needs.
    Effective documentation skills, including technical diagrams and written descriptions.
    Ability to work independently and as part of a team with a professional attitude and demeanor.
    Critical thinking, and ability to balance environmental requirements with mission needs.
    BS or above in a related Information Technology field or equivalent combination of education and experience
    Bonus Points

    Previous experience supporting 24x7x365 security operations for a SaaS vendor.
    Certifications in Cloud Vendors, as well as with organizations such as PMP, CISSP, CISM, or CISA
    Familiarity with frameworks such as FedRAMP, FISMA, SOC, ISO, HIPAA, HITRUST, PCI, etc.
    Why You'll Want to Join Us
    At Coalfire, you'll find the support you need to thrive personally and professionally.

    In many cases, we provide a flexible work model that empowers you to choose when and where you'll work most effectively – whether you're at home or an office.

    Regardless of location, you'll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities.

    You'll have opportunities to join employee resource groups, participate in in-person and virtual events, and more.

    And you'll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.

    At Coalfire, equal opportunity and pay equity is integral to the way we do business. A reasonable estimate of the compensation range for this role is $78,000to $135,000 based on national salary

    averages.

    The actual salary offer to the successful candidate will be based on job-related education, geographic location, training, licensure and certifications and other factors.

    You may also be eligible to participate in annual incentive, commission, and/or recognition programs.

    All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

    #LI-REMOTE#LI-JB1
    Explore more InfoSec / Cybersecurity career opportunities


    Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

    #J-18808-Ljbffr
  • Horizon Ventures

    Security Engineer

    2 days ago

    Horizon Ventures Applewood, United States

    This is the work environment: · The position is located in the Applewood zSystem Administration & Processing Services team/workstream. Our task is to provide IBM zServer systems and central storage systems for DATEV. It is part of the IT infrastructure department. · Our activitie ...

  • DaVita

    IT Security Engineer

    3 days ago

    DaVita Denver, United States

    2000 16th Street,Denver,Colorado,80202,United States of America · Description The IT Security Engineer is responsible for evaluating, implementing, and administering enterprise cybersecurity platforms in support of DaVita's IT Security program. This position, as part of a team, w ...

  • Crusoe

    Security Engineer

    2 days ago

    Crusoe Denver, United States

    Job Description · Job DescriptionCrusoe Energy is on a mission to unlock value in stranded energy resources through the power of computation. · Take a look at what we do - · We aim to align the long term interests of the climate with the future of global computing infrastructu ...

  • Omni Inclusive

    Network Security Engineer

    4 days ago

    Omni Inclusive Denver, United States

    Job Description: - Bachelors or equivalent experience; preferred Bachelor's degree in Computer Science · Minimum of 4 years hands-on experience with System, Network, or Security Administration including firewall · Minimum of 3+ years hands-on experience including Certification ...

  • DAT Freight Solutions

    Senior Security Engineer

    3 hours ago

    DAT Freight Solutions Denver, United States

    About DAT · DATis an award-winning employer of choice and a next-generation SaaS technology company that has been at the leading edge of innovation in transportation supply chain logistics for 45 years. We continue to transform the industry year over year, by deploying a suite o ...

  • RingCentral

    Security Application Engineer

    1 day ago

    RingCentral Denver, United States

    Security Application Engineer, DAST Scanning (Belmont CA, Denver CO, Dallas TX) · The RingCentral environment is dynamic, success-driven, team-oriented and committed to providing world class service for its customers. Do you have the ability to thrive in a fast-paced environment ...

  • Energi People

    Physical Security Engineer

    13 hours ago

    Energi People Denver, United States

    Physical Security Engineer · Any of their Data Center locations · $130000+ · Physical Security Engineer - Safeguarding Tomorrow's Technology · Join a leading innovator in the Data Center industry across the United States as our Client expands their team. In a world where digital ...

  • Diversity Resource Staffing Inc

    Security Engineer II

    4 days ago

    Diversity Resource Staffing Inc Denver, United States

    Security Engineer II · About Company: · Company offers the most-trusted app building platform for anyone looking for a better way to work. Company gives businesspeople and IT experts the ability to easily build and integrate apps to track, manage, and automate processes in days ...

  • New Wave Staffing

    Senior Security Engineer

    6 days ago

    New Wave Staffing Denver, United States

    About the Company · Join our dynamic and rapidly growing private wealth and asset management financial institution that places a premium on securing information assets and maintaining the highest standards of cybersecurity. · About the Role · The Information Security Engineer/Arc ...

  • Clarivate Analytics US LLC

    Cyber Security Engineer

    4 days ago

    Clarivate Analytics US LLC Denver, United States

    Clarivate is looking for a Cyber Security Engineer to join our top-class Cybersecurity team. This is a long-term opportunity to provide outstanding FISMA Compliance Support for our contract with the United States Patent and Trademark Office (USPTO). The ideal candidate will ensur ...

  • Fastly

    Staff Security Engineer

    11 hours ago

    Fastly Denver, United States

    Fastly helps people stay better connected with the things they love. Fastly's edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers' applications as close to their end-users as ...

  • Motion Recruitment

    Cloud Security Engineer

    4 days ago

    Motion Recruitment Denver, United States

    We are working with a company that is focused on providing a direct broadcast satellite and American television. Solving companies' business problems and achieving their vision by engaging in software. This company is looking for a Cloud Security Engineer to bring in a team-orien ...

  • ClientSolv

    Senior IT Security Engineer

    2 days ago

    ClientSolv Denver, United States

    Company Description · ClientSolv Technologies is an IT solution firm with over a decade of experience serving Fortune 1000 companies, public sector and small to medium sized companies. ClientSolv Technologies is a woman-owned and operated company that is certified as a WMBE, 8a ...

  • Ping Identity

    Infrastructure Security Engineer

    11 hours ago

    Ping Identity Denver, United States

    About Ping Identity: At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. We call this digital freedom. And it's not just something we provide our customers. It's something that inspires our company. People don't c ...

  • Cologix

    Security Engineer II

    5 days ago

    Cologix Denver, United States

    About our Company: · Based in Denver, Colorado, Cologix is North America's leading network-neutral interconnection and hyperscale edge data center company. Our platform gives customers access to 40+ digital edge and ScalelogixSM hyperscale edge data centers in 11 markets across t ...

  • Diverse Lynx

    Network Security Engineer

    3 hours ago

    Diverse Lynx Denver, United States

    Network Security Engineer · Denver, CO (3-4 Weeks Onsite & Then remote) · Fulltime Position · Infoblox + Palo Alto exp must · JD: · 7+ years of experience · Palo Alto FW's, and Panorama Experience, PCNSE certificate would be added advantage · Allot DDOS · AWS Security Gr ...

  • Coalfire

    Security Engineer, DevSecOps

    1 week ago

    Coalfire Denver, United States

    Security Engineer, DevSecOps | Remote US · Coalfire · Coalfire is the cybersecurity advisor that combines extensive cloud expertise, technology, and innovative approaches to help clients develop scalable programs that improve their security posture and fuel their continued succ ...

  • New Wave Staffing

    Senior Security Engineer

    6 days ago

    New Wave Staffing Denver, United States

    About the Company · Join our dynamic and rapidly growing private wealth and asset management financial institution that places a premium on securing information assets and maintaining the highest standards of cybersecurity. · About the Role · The Information Security Engineer/ ...

  • CG Infinity

    Security Solutions Engineer

    12 hours ago

    CG Infinity Denver, United States

    Job Description · Job DescriptionGet to Know Us: · CG Infinity, Inc. is a software consulting firm that was founded in 1998. We offer solutions that are tailored to the needs of each individual client that we work with instead of offering standard, run-of-the-mill solutions to ev ...

  • CG Infinity

    Security Solutions Engineer

    2 days ago

    CG Infinity Denver, United States

    Job Description · Job DescriptionGet to Know Us: · CG Infinity, Inc. is a software consulting firm that was founded in 1998. We offer solutions that are tailored to the needs of each individual client that we work with instead of offering standard, run-of-the-mill solutions to ev ...