Manager, Information Security Engineering
At Shutterfly, we’re all about people — bringing them together, making them feel welcome, and connecting them to experiences. We make our customers’ memories last a lifetime by capturing, preserving, and sharing them through photography and personalized products. Through our family of brands, trend setting products, cutting edge technology, and best in class customer service, we help our customers, and each other, share life’s joy.
This is an exciting time to join Shutterfly’s Information Security team. In this position you will be an integral part of a developing enterprise Information Security Program. Your focus will be on managing a team of engineers and facilitating the development and management of information security tools within the Shutterfly organization. You will coordinate across the organization to understand, categorize and prioritize security risks, leading to clear security risk mitigation strategies. As Manager of the Information Security Engineering team, you will be a key liaison for the company’s security engineer’s requests and requirements.
Your primary duties and responsibilities will include:
- Manage a team of information security engineers and help coordinate and prioritize multiple projects through the entire project lifecycle.
- Spend approximately 30-40% of time on information security project technical work
- Mentor and coach engineers to be effective information security resources
- Provide formal employee performance evaluations on a regular basis
- Work closely with the Information Security Operations team and participate in the Information Security Incident Response process
- Manage an evolving Information Security Engineering program by regularly reviewing the organization’s existing capabilities as well as emerging technologies in order to ensure the needs of the organization are met, yet continue to evolve
- Work with other Information Security Managers and Architects to perform strategic planning for security initiatives, identification of coverage gaps, development of remediation plans, and implementation of appropriate security controls/tools/processes
- Drive the development of automation within security, monitoring, reporting, and ticketing platforms
- Design, implement and support cloud-based security solutions for both public and private cloud infrastructures
- Develop, implement, and maintain repeatable processes and detailed documentation for the Information Security Engineering team to ensure consistency across people, processes, and technologies used by the team
- Bachelor of Science in CIS/MIS or related field or equivalent experience/training
- 2-3 years of management experience
- Experience managing teams that develop and implement security tools and architecture with a distributed computing environment
- 7-10 years working in Information Security
- Strong working knowledge using Splunk/Splunk Enterprise Security
- Experience with a broad array of security tools and architectural frameworks
- Strong working knowledge of cloud computing technologies and secure implementations within Amazon AWS, Microsoft Azure, Google Cloud
- Familiarity with security software products and tools used in distributed computing environments.
- Strong working knowledge of various systems technologies, architecture fundamentals, next-generation technology
- Hands-on experience designing and implementing security controls in an enterprise
- Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem with a can-do attitude
- Excellent written and verbal communication skills and ability to interface with all levels of business and executive leadership
- Familiarity with management of applied IT security technologies and tools such as two-factor authentication, enterprise PKI, email encryption, data loss prevention (DLP) technologies, network access control, intrusion detection/prevention systems, centralized endpoint protection, etc.
- Proficient in one or more scripting languages (Python, Powershell, etc).
- Strong working knowledge of infrastructure automation technologies such as Jenkins, Github, Terraform, etc.
- Knowledge of Microsoft Windows, Active Directory, Internet and Cloud security, Linux/Unix, network security technologies, and third-party security tools
- Working knowledge of current penetration testing and vulnerability assessment tools and techniques for hosts, applications, web applications, and network devices
- Understanding of information security concepts, protocols, "industry best practices" strategies, architectural frameworks and controls (CIS 20, NIST, etc.)
- Ability to clearly and thoroughly communicate identified gaps and provide business justification for additional people, processes, or technologies.
- Degree or certificate in Management, Information Security, Information Systems, Computer Science preferred
- CISSP, CISSP-ISSAP, CISSP-ISSMP, CISM, GIAC (GCIH/GCIA/GREM/GCFA.GNFA), OSCP/OSCE or other relevant security certifications highly desired
- Hands-on experience with various security tools and technologies such as SIEM, SAST and DAST tools, Kali Linux, Metasploit, IAM, Nessus, DAM, Wireshark, tcpdump, etc.
** This position is eligible for remote work which may be performed anywhere in the United States except for within the state of Colorado.