Information Security Engineer

Information Technology Chicago, Illinois


Who we are: Founded in 2001, Vivid Seats (NASDAQ: SEAT) is a leading online ticket marketplace committed to becoming the ultimate partner for connecting fans to the live events, artists, and teams they love. We believe in the power of experiences and are fiercely dedicated to building products that inspire human connections. Named as one of Built In Chicago’s top 10 places to work in 2021, we believe that our People are our greatest competitive advantage. To support our People, we have built a company culture that empowers our employees to embrace challenges, encourages unity through collaboration, and seeks to constantly evolve by leveraging data and inspiring innovation.

The Opportunity: As an InfoSec Engineer, you’ll be responsible for working with the platform engineering and service desk teams to ensure that security controls are functioning as expected in cloud and local IT architecture. This role supports security controls such as networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security information and event management, encryption, proxies, cloud-based security control services, awareness training and phishing campaigns, physical badge access systems.

This role will also be responsible for the detection, response and remediation of cyber related attacks. This role must have experience in the area of incident response and will participate in incident response activities. This role supports the integration of new technologies from a logging and incident response perspective and will work with a managed security service provider (MSSP) to respond to alerts, onboard new event sources and alerting use cases.

This is a hands-on technical position best suited for a professional with security operations experience and a background collaborating with multiple groups (project, business, architecture, and operational teams) across an organization.

How your role contributes to the success of Vivid Seats:

  • Deploy and support internal security controls and network architectures.
  • Respond to Information Security related support and operations tickets.
  • Serve as primary investigator of security alerts and be prepared to isolate and remediate incidents pursuant to established procedures.
  • Take lead on incident response operations and development of standard operating procedures, run books and related templates.
  • Provide training to the Vivid Seats community, fostering a security positive culture.
  • Establish standard, repeatable practices to maintain a security program based on a well-defined security framework.
  • Tackle some of the most difficult challenges securing an e-commerce marketplace by effectively embedding prudent security practices and features that maximize value and protect sensitive data.
  • Support control audits.
  • Ensure compliance with society, regulatory and industry standards for application security.

How your role expectations will progress as an Engineer in the first 30, 60, and 180 days:

30 days in:

  • Complete new hire orientation, gaining the resources you need to be successful.
  • Learn how ticket marketplaces operate and how you’ll contribute to providing great experiences for our customers.
  • Acclimate to team and company norms, business objectives and Vivid Seats values.
  • Develop basic understanding of applications, tech stack and development process.
  • Understand our existing security practices, frameworks and tools.

90 days in:

  • Enhance our approaches, methods or technologies associated with our security controls environment.
  • Support security controls and respond to alerts.
  • Partner with platform engineering and service desk teams to understand operating environment and to start to drive security posture improvement.
  • Build, maintain and leverage internal and external relationships to achieve progress and advance security objectives.
  • Support and assist in developing ongoing roadmap for security related projects.

180 days in:

  • Design and implement process improvements that positively impacts the team and our overall security posture.
  • Improve security in core systems and applications managed by the security team.
  • Continuously evaluate the organization’s existing security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
  • Assist with developing and reporting on InfoSec related metrics.

What You’ll Bring:

  • 3+ years of combined experience in information security engineering, operations and technology.
  • Extensive knowledge of current and emerging IT security technologies and techniques covering all levels of cloud and local IT architecture.
  • Security operations experience including alert review and incident response.
  • Knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
  • Vulnerability management experience across multiple operating systems, databases, and applications, remediating issues with technical staff.
  • Experience in TCP/IP networking, firewalls and virtual private networks (VPN).
  • Understanding of current encryption standards and implementation procedures.
  • Ability to weigh business risks and enforce appropriate security measures.
  • Ability to work both independently and collaboratively with peers, across teams and with management.
  • Experience with incident management and threat remediation including threat analysis, isolation, identification, and eradication.
  • Familiarity with attack frameworks like MITRE or Kill chain.
  • Ability to handle multiple tasks and projects simultaneously.
  • Knowledge and experience with control frameworks such as ISO, NIST CSF, and PCI.
  • Passion for technology and information security.
  • A. or B.S. in Computer Science, Information Management, or relevant field
  • Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP).

Our Commitment:
We are an equal opportunity employer that values the critical importance of a diverse workforce and sense of belonging. Many of our roles have flexible requirements and we encourage you to apply regardless of whether you meet every qualification.

Vivid Seats provides competitive compensation; bonus incentives; FLEX PTO; mental health days; medical, dental, and vision insurance; 401K matching; monthly credits and discounts for attending live events; remote work and snack allowances; and a variety of additional workplace perks.