Description

At Shutterfly, we’re all about people — bringing them together, making them feel welcome, and connecting them to experiences. We make our customers’ memories last a lifetime by capturing, preserving, and sharing them through photography and personalized products. Through our family of brands, trend setting products, cutting edge technology, and best in class customer service, we help our customers, and each other, share life’s joy. Supporting a diverse and inclusive workforce is important to Shutterfly not only because it directly reflects our value of Embracing our Differences, but also because it’s the right thing to do for our business and for our people. Learn more about our commitment to Diversity, Equity and Inclusion at Shutterfly DE&I.

Security Operations Engineer  

This is an exciting time for Shutterfly’s Information Security team. In this position you will be an integral part of a developing enterprise Information Security Program. Your focus will be on vulnerability assessments, security technologies and security operations. You will work with both Security Engineering and Security Analysis groups to build tools, processes and  procedures to support the security operations program. As a Security Operations Engineer, you will be involved in critical security projects and day-to-day duties of the information security team as we continue to grow.

 

Your primary duties and responsibilities will include:

  • Conduct automated and manual vulnerability testing on major applications and network infrastructures and work with various teams on remediation and remediation reporting.
  • Develop hardening templates for technology platforms and assist teams in implementing baseline security standards.
  • Assist with internal reviews and assessments.
  • Investigate incidents using SIEM technology, packet captures, reports, data visualization, and pattern analysis.
  • Support Information Security team in all areas of information security.
  • Conduct security research in keeping abreast of latest security issues.

Minimum Qualifications:

  • Associates of Science in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training.
  • 3-6 years working within Information Technology and 1-2 years specifically in Information Security.
  • Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
  • Must have understanding of various logging methods and security event terminology
  • Demonstrated oral/written communications, and client facing skills

 Preferred Qualifications:

  • CompTIA Security+, GIAC Security Essentials Certification (GSEC), or similar security professional certification
  • Scripting and automation experience with at least 1 language (Python, Powershell, etc)
  • Experience conducting vulnerability testing on Windows, UNIX, Solaris and Linux based systems
  • Familiarity with public cloud platforms a plus, i.e. Azure, AWS, Google
  • Experience administering Windows and Linux operating systems
  • Hands on experience with Splunk and Splunk ES
  • Practical experience in deployment and management of applied IT security technologies and tools such as endpoint protection, detection, and response, PIM/PAM, e-mail encryption, data loss prevention (DLP) technologies, next-gen firewalls, network access control, intrusion detection/prevention systems, etc.
  • Familiarity with tools such as nmap, NetStumbler, Burp, Wireshark and Kali Linux

 Additional Qualifications:

  • Experience with internal security assessments/reviews
  • Experience with network (router, switch, firewall configuration) and database (Oracle, SQL) security scanning
  • Experience securing public cloud technologies such as AWS and Azure
  • Understand information security concepts, protocols, and industry best practices
  • Experience with penetration testing tools and methodologies and the ability to conduct light red-teaming exercises 
  • Incident response training and experience