Senior AppSec Engineer optimizing application security controls in Flutter's development ecosystem. Managing SAST/SCA tools and conducting vulnerability analyses in a hybrid work environment.
About the role
- Senior IT Security Engineer at Foley, evolving enterprise security program for SaaS offerings and compliance standards. Collaborating with teams to ensure system, data, and user protection.
Responsibilities
- Design, implement, and manage comprehensive security solutions including SIEM, DLP, EDR, DNS filtering, and encryption across cloud and on-prem environments.
- Administer firewalls, VPNs, and network security infrastructure with a focus on segmentation, least privilege, and Zero Trust principles.
- Lead vulnerability management efforts, including scanning, prioritization, patching, and remediation workflows.
- Oversee and optimize endpoint detection and response (EDR) tools such as Rapid7 and AWS GuardDuty.
- Manage identity and access management (IAM) systems, including SSO, Multi-Factor Authentication (MFA), Microsoft Entra ID (Azure AD), and Active Directory Group Policy.
- Conduct privileged account and user access reviews.
- Partner with IT and DevOps to embed security in CI/CD pipelines and automate controls where possible.
- Contribute to incident response efforts, from detection to root cause analysis and remediation.
- Leverage existing platforms and tools to develop and improve detection, response and containment workflows.
- Respond to real-time monitoring and alert triage for anomalies across SaaS and infrastructure platforms.
- Conduct post-incident reviews and implement proactive controls to prevent recurrence.
- Contribute to disaster recovery and business continuity planning and exercises.
- Serve as the technical lead for the security team, mentoring junior engineers and driving cross-functional security initiatives.
- Partner with Infrastructure, Engineering, and Compliance to integrate security into all stages of system design and delivery.
- Represent Foley in discussions with auditors, vendors, and internal stakeholders on all matters related to cybersecurity and compliance.
- Advocate for security awareness and education across the organization.
- Manage vendor security reviews using ticketing and vendor management solutions.
- Evaluate new tools, vendors, and partners through a security-by-design lens.
- Collaborate with the Compliance department in support of both internal and external audit efforts, including SOC 2 engagements and PCI-DSS internal audits.
Requirements
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
- CISSP, SSCP, or equivalent certifications (completed or in progress).
- 5+ years of experience in IT security engineering, with strong exposure to cloud and hybrid environments.
- Proven experience with:
- Microsoft Entra ID (Azure AD), Active Directory, and Group Policy Management
- Single Sign-On (SSO) and Identity Federation (SAML, OIDC, OAuth 2.0)
- AWS security architecture, IAM roles, and network security groups
- Endpoint and network security tools, EDR, SIEM, SOAR, and vulnerability scanner
- Familiarity with cloud access security solutions is a plus.
- Familiarity with containerization or serverless workload solutions, such as Kubernetes, is a plus.
Benefits
- medical, dental, and vision coverage
- 401(k) with company match
- paid time off and holidays
- wellness programs
- employee assistance program
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Senior Lead Information Security Office Consultant at Capital One, consulting on initiatives to enhance Information Security. Collaborating with technology teams to manage cyber security risks and ensure data protection.
Stage QSE en sécurité pour réviser le Document Unique d’Évaluation des Risques Professionnels. Accompagnement du Responsable QSE sur divers projets structurants.
Senior Security Data Scientist developing innovative AI solutions for security challenges at Desjardins Group. Collaborating on data analysis and monitoring initiatives to enhance security posture.
Cybersecurity Manager leading corporate - level cybersecurity strategy in hybrid DoW and commercial sectors. Responsible for securing space systems and managing risk across various platforms.
Program Security Officer overseeing security operations for T2S Solutions supporting classified satellite and mission operations. Managing compliance with DoD and Intelligence Community security requirements, enabling effective operations.
On Call Security Officer ensuring campus safety at Whitman College by patrolling and managing emergency situations. Temporary role requiring flexibility for night and weekend shifts.
Cyber Security Engineer at TechSeed, working on security solutions within connected ecosystems in Göteborg. Collaborating with clients on secure development frameworks and practices.
Senior Cyber Security Consultant at TechSeed focusing on tailored security strategies and risk management. Collaborating with clients to ensure security compliance and best practices in cyber security.
Director of Cybersecurity leading Brixmor's comprehensive cybersecurity strategy and managing high - performing teams. Overseeing cyber risk management and compliance in real estate and retail sectors.