Staff Information Security Engineer

Technology Glendale, California Austin, Texas


Description

About LegalZoom:

We believe that everyone should have access to professional legal advice. So, we’ve built a trusted and accessible technology-based platform to reduce barriers and help empower millions of people to grow their business, care for their families, protect their ideas and more. From Estate Planning to Business Formations to IP, we’ve helped more than four million customers, providing the protection and peace of mind they need. To date, we’ve grown to become the leading provider of online legal solutions for families and small businesses, and we’re committed to making our services even more valuable and easier to use than ever before. Join us!

Overview:

The Staff Information Security Engineer plays a vital role in the general business operations of LegalZoom. This position requires the ability to provide technical leadership and positive individual contributions in the design of enterprise security solutions in a complex on-premise and hybrid cloud environment. 

This individual should be comfortable working in an organized and structured environment, continually provide knowledge and feedback to other team members, be willing to learn from others, and assist in developing and following Information Security support processes and procedures. Candidate should be a results-driven and detail-oriented individual possessing strong interpersonal skills with a strong focus on customer service. This individual should possess the ability to multitask in a fast-paced environment, adjust to changing priorities and different personalities, and be a good team player.

You will:

  • Thorough documentation of all aspects of the LZ Information Security program.
  • Design, oversee, and perform comprehensive risk/vulnerability systems assessments of hybrid cloud infrastructure to identify vulnerabilities, including providing reporting on assessment results as well as risk mitigation and remediation recommendations and plans
  • Keep current with emerging security trends, issues, and alerts
  • Communicate known security risks and solutions to mitigate risks to business and technology partners as needed
  • Serve as a security expert on application development, database design, network and/or platform projects, helping project teams comply with enterprise and technology security policies and industry best practices
  • Through a deep understanding of the business requirements, identify the appropriate security requirements for each project
  • Analyze application security needs based on the sensitivity or proprietary nature of the data and work with the appropriate teams to develop and execute new or existing security technologies or processes to support the business strategy
  • Participate in network architecture reviews and develop detailed security engineering design and deployment plans
  • Responsible for the configuration of security controls to ensure the safety of information systems assets and to protect from unauthorized access or intentional destruction
  • Assist in projects related to compliance and the implementation and maintenance of all information security programs, processes and technologies
  • Assess and document the need for all security configurations or re-configurations and work with appropriate teams to execute them as required
  • Assume the subject matter expert (SME) role in the management, investigation, and response to suspected and actual information security breaches or system failures
  • Using data collected from a variety of tools, provide forensic analysis of security events
  • Analyze security incidents to determine root cause and identify process or system changes to prevent reoccurrence
  • Recommend and schedule fixes, security patches, disaster recovery procedures and other required measures in the event of a security breach
  • Personal accountability for project timelines and milestones

You have:

  • CISSP required and verified
  • Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
  • Experience and direct knowledge of designing security infrastructure in a complex hybrid cloud environment
  • 5+ year’s experience installing, monitoring and maintaining information security solutions
  • Demonstrated understanding of security related technologies and practices, including authentication and authorization systems, endpoint protection, encryption, segmentation strategies, vulnerability management, secure remote access, and firewalls
  • Strong/diverse technical background in enterprise networking, firewall, storage options, server infrastructure, operating systems, database technologies, and desktop operating systems and security
  • Experience with PCI Compliance and NIST 800-53 and CSF
  • Experience with auditing and hardening AWS infrastructure
  • Experience with service-oriented architecture and web services security desired
  • Scripting skills (e.g., Python, PowerShell, shell scripting)
  • Any of the following a plus: CISA, OSCP, CSSLP, CHFI, CCSP, GCIH, GCIA, PMP, ITIL v3.
  • Bachelor’s degree in Computer Science, MIS or Technology Forensics or related technical field.

Join us in making a difference as we build our future and help ensure access to professional legal advice to all! LegalZoom is an equal opportunity employer, dedicated to diversity, equality, and inclusion, and provides equal employment opportunities to all employees and applicants for employment.  LegalZoom prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.