Job Description

The Information Security and Compliance Specialist is an integral member of Sage Intacct’s security team which has overall information security responsibility for the enterprise.  This position can be described as a very broad-based position and will provide the candidate exposure to many facets of Information Security across product, operations, engineering, and IT. This position requires hands-on experience in security engineering, architecture, administration of security technologies, and experience with data analysis and risk management. This position will require collaboration with Engineering, QA, Operations, Product Management, Support, and other departments to ensure compliance with policies and other activities that impact the confidentiality, integrity, and availability of our application, infrastructure, and business processes. 

Responsibilities:

  • Deployment, administration, and operation of security solutions such as vulnerability scanning and pen testing tools, log aggregation & analysis tools, data loss prevention systems, intrusion prevention devices, and other tools as necessary
  • Maintain up-to-date detailed knowledge of the information security industry, including awareness of new or revised security solutions, improved security processes, and the identification of current and new attacks and threat vectors especially as it relates to Sage Intacct and its customers
  • Provide recommendations and limited administration of security products and services to include firewalls, encryption technologies, patching, certificate management, anti-virus, email security controls, intrusion detection/prevention, identity, and access management, and security scanning and assessment tools
  • Conduct security audits and assessments, analyze results, identify remediation activities and/or compensating controls and track remediation efforts to completion
  • Deployment, administration, and operation of security solutions
  • Respond to the customer or other third-party inquiries
  • Assist in evidence generation, collection, and other activities to support compliance requirements
  • Participate as a member of the Incident Response Team by conducting forensic analysis and troubleshooting to assist in the containment and remediation of security incidents
  • Identify security issues and provide the appropriate resolution or make recommendations to Sr. Management on how to resolve or identify compensating controls related to security findings
  • Performing IDS monitoring and analysis, network traffic analysis, log analysis, prioritization, and differentiation between potential intrusion attempts and false alarms
  • Participate in periodic information systems risk assessments

Requirements:

  • Bachelor’s degree in an information technology discipline or equivalent IT experience required
  • Relevant IT or security certifications including CISSP, CISM, CRISC, CEH or SANS certs are expected
  • Extensive experience (5+ years) in information security operations and/or related IT operational functions
  • Requires demonstrable background in security products and technologies; security engineering/architecture, networking protocols, security analysis, and investigations
  • Hands-on working knowledge of AWS, with specific experience administrating AWS Security related services
  • Demonstrable ability to analyze network packets and log data
  • Experience with Splunk, ElasticSearch, Snort, Tripwire, Wireshark, or other analytics tools a plus
  • Experience with Cisco ASA and Palo Alto Firewalls a plus
  • Programming experience in scripting languages such as Windows PowerShell, Python, Perl, Bash, etc., highly desirable
  • Ability to multitask, prioritize, coordinate, work well under pressure and meet deadlines
  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to both technical and non-technical audiences
  • Must be a critical thinker with strong problem-solving skills and a "can-do” attitude
  • Must have experience with MS Office products with a strong working knowledge of Excel Pivot Tables and Charts
  • Must stay up to date with current vulnerabilities, attacks, and countermeasures
  • Must be able to and willing to work independently with a minimal amount of supervision

Share this job