Information Security and Compliance Specialist
The Information Security and Compliance Specialist is an integral member of Sage Intacct’s security team which has overall information security responsibility for the enterprise. This position can be described as a very broad-based position and will provide the candidate exposure to many facets of Information Security across product, operations, engineering, and IT. This position requires hands-on experience in security engineering, architecture, administration of security technologies, and experience with data analysis and risk management. This position will require collaboration with Engineering, QA, Operations, Product Management, Support, and other departments to ensure compliance with policies and other activities that impact the confidentiality, integrity, and availability of our application, infrastructure, and business processes.
- Deployment, administration, and operation of security solutions such as vulnerability scanning and pen testing tools, log aggregation & analysis tools, data loss prevention systems, intrusion prevention devices, and other tools as necessary
- Maintain up-to-date detailed knowledge of the information security industry, including awareness of new or revised security solutions, improved security processes, and the identification of current and new attacks and threat vectors especially as it relates to Sage Intacct and its customers
- Provide recommendations and limited administration of security products and services to include firewalls, encryption technologies, patching, certificate management, anti-virus, email security controls, intrusion detection/prevention, identity, and access management, and security scanning and assessment tools
- Conduct security audits and assessments, analyze results, identify remediation activities and/or compensating controls and track remediation efforts to completion
- Deployment, administration, and operation of security solutions
- Respond to the customer or other third-party inquiries
- Assist in evidence generation, collection, and other activities to support compliance requirements
- Participate as a member of the Incident Response Team by conducting forensic analysis and troubleshooting to assist in the containment and remediation of security incidents
- Identify security issues and provide the appropriate resolution or make recommendations to Sr. Management on how to resolve or identify compensating controls related to security findings
- Performing IDS monitoring and analysis, network traffic analysis, log analysis, prioritization, and differentiation between potential intrusion attempts and false alarms
- Participate in periodic information systems risk assessments
- Bachelor’s degree in an information technology discipline or equivalent IT experience required
- Relevant IT or security certifications including CISSP, CISM, CRISC, CEH or SANS certs are expected
- Extensive experience (5+ years) in information security operations and/or related IT operational functions
- Requires demonstrable background in security products and technologies; security engineering/architecture, networking protocols, security analysis, and investigations
- Hands-on working knowledge of AWS, with specific experience administrating AWS Security related services
- Demonstrable ability to analyze network packets and log data
- Experience with Splunk, ElasticSearch, Snort, Tripwire, Wireshark, or other analytics tools a plus
- Experience with Cisco ASA and Palo Alto Firewalls a plus
- Programming experience in scripting languages such as Windows PowerShell, Python, Perl, Bash, etc., highly desirable
- Ability to multitask, prioritize, coordinate, work well under pressure and meet deadlines
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to both technical and non-technical audiences
- Must be a critical thinker with strong problem-solving skills and a "can-do” attitude
- Must have experience with MS Office products with a strong working knowledge of Excel Pivot Tables and Charts
- Must stay up to date with current vulnerabilities, attacks, and countermeasures
- Must be able to and willing to work independently with a minimal amount of supervision
Recruitment Agency Policy
Sage Intacct does not accept agency resumes. Please do not forward resumes to our jobs alias, employees, or any other company location. Sage Intacct is not responsible for any fees related to unsolicited resumes.
Our HR Privacy Notice discusses the information we collect from applicants and how we use it.
Equal Employment Opportunities
Sage Intacct is an Equal Opportunity Employer committed to providing employees with a work environment free of discrimination and harassment. All employment decisions are based on business needs, job requirements, and individual qualifications, without regard to race, color, religion, or belief; national, social, or ethical origin; age; physical, mental, or sensory disability; sexual orientation; gender identity and/or expression; marital, civil union, or domestic partnership status; past or present military service; HIV status; family medical history or genetic information; family or parental status including pregnancy; or any other status protected by the laws or regulations in the locations where we operate. Sage Intacct will not tolerate discrimination or harassment based on any of these characteristics.
Important E-Verify Information
As an equal opportunity employer, Sage Intacct is committed to a dynamic and diverse workforce. E-Verify Federal law requires Sage Intacct to confirm the identity and employment eligibility of all persons hired to work in the United States. Sage Intacct will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization.
Please read the attached notices, available in English and Spanish, for important information.