Security Engineer

Title: Security Engineer 

Department: Info Sec 

Reports To: Tony Michelotti – Manager, Information Security

FLSA Status: Exempt 

Location: Chicago, IL or Denver, CO

At Prove, Security Engineers handle the digital security for our company and our products. Our Security Engineers are the first line of defense against malicious actors. Their duties include operating and maintaining our cyber security system and our IT security infrastructure, building digital security protocols, and proactively scanning our company’s digital assets for weaknesses and creating robust countermeasures to prevent future incidents.

Additionally this role is responsible for configuring vulnerability and threat intelligence scans, researching the latest threats, conducting risk assessments, coordinating remediation of identified risks, performing penetration testing activities and reporting on compliance.

As a Security Engineer, a portion of your time will be to train fellow Provers on security best practices and advise management on investments to safeguard the company’s computer and network systems.

Key Responsibilities:

As a member of the Information Security team, a Security Engineer will:

• Manage the IAM program including administering and provisioning corporate identities and access.
• Act as a technical lead within a rapidly growing cyber security group and develop team objectives to resolve outstanding risk and identify new areas of exposure.
• Assist in validating and remediating critical findings resulting from Audit/Vulnerability & Threat Management processes.
• Utilize industry-standard toolsets to map and reduce the attack surface of a complex and dynamic architecture.
• Collaborate with Threat Intelligence groups to overlay observations from the global threat landscape with patching and remediation strategy.
• Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
• Triage and escalate high risk and zero day exploits and provide remediation recommendations
• Review opportunities to reduce the risk surface of Prove, ensuring a highly secure target for adversary actors.
• Develop scripts, tools, and methodologies to identify and exploit points of exposure on internal and perimeter applications.
• Implement and direct processes across the vulnerability management lifecycle, including Discovery, Prioritization of Assets, Vulnerability Assessment, Reporting, Remediation, and Verification.
• Assess a system’s ability to defend against, respond to, and recover from cyber and social engineering attacks.
• Hold teams accountable for SLA obligations, which can include escalation of issues in a timely fashion.

Qualifications and Experience:

• Four to Seven (4 - 7) years of related experience, specifically in Engineering/IT Operations, Security Operations, Vulnerability Management, and/or Incident Response.
• Bachelor’s degree in IT, information security, computer science, or a related field and/or related work/military experience.
• Hands on experience with Vulnerability Management tooling, SAST, DAST, SCA, DLP, SIEM and SOAR tooling
• Strong scripting skills (PowerShell, Python, etc.)

• Understanding of a Security Development Life Cycle.
• Knowledge of Incidence Response policy, process, and execution.
• Understanding of PCI DSS, HIPAA, SOC 2 Type 2 and NIST requirements and policies.
• Ability to communicate network, cloud and system security issues to fellow analysts and engineers
• Experience in high-growth /pre-IPO Technology companies
• Strong passion for learning about our products and markets through in-house and external training.
• Promote, maintain and enhance our cultural values of humility, passion, inclusion, and leadership.

This position description should not be considered the final description of the position. The position description is not intended to be an all-inclusive list of duties and standards of the positions. It should be assumed that we would, to some extent, structure responsibilities in accordance with the successful candidate’s capabilities and changing business conditions. Incumbents will follow any other instructions, and perform any other related duties, as assigned by their supervisor.

The anticipated salary range for this role is $110,000 - $120,000, company bonus and stock options. Offered salary will be determined by the applicant’s education, experience, knowledge, skills, geo-location, and abilities, as well as internal equity and alignment with market data.