Security Operations Engineer

Recollective is looking for a Security Operation Specialist to join their team full time. The Security Operation Specialist will be a part of a team that is responsible for designing, developing, and operating the infrastructure and applications.

Background

Recollective is an online community-based research platform on which businesses can engage customers, employees, or others to identify new insights to improve and accelerate business execution. Delivered as a cloud-based service, Recollective was first released in late 2011. Since then, Recollective has been implemented by many of the world's leading marketing research agencies and consumer brands.

Recollective is offered in a range of configurations and languages to meet the needs of professional researchers at market research agencies and large enterprises, as well as those of non-professional researchers at small and medium-sized businesses. On Recollective, businesses can easily engage stakeholders in structured or unstructured activities within their own private community supported by familiar social features. Information may be collected, socialized and analyzed via computer desktop or mobile device and incorporates text, images, audio, video, files, and rich media exercises.

Overview

The Security Operation Specialist will be a part of a team that is responsible for designing, developing, and operating the infrastructure and applications. The ideal candidate will be in charge of troubleshooting problems, identifying resolutions, and assessing situations in real time. You will be in charge of the management of all cloud based deployments across geographies. The responsibilities of a Security Operation Specialist have a lot of moving parts and responsibilities. We are not asking you to have ALL these skills but are looking for someone who is willing to learn and improve our product to achieve excellence.

Key responsibilities

  • You will be the primary contact for all IT infrastructure and IT security related areas.
  • Maintenance and monitoring of existing AWS cloud environment, across multiple regions; this includes the evaluation, documentation and maintenance of all security related areas, including backups and disaster recovery.
  • Create, implement and maintain a comprehensive collection of security policies, processes, procedures and training material. Including but not limited to IT security, DR/BCP and privacy standards such as GDPR.
  • Implement the determined systems required for security and event monitoring.
  • Implement and maintain office security and related policies.
  • Coordinate external security resources such as security experts, security auditors and penetration testing specialists.
  • Assist with vendor and customer security assessments and audits.
  • Work with teams within the organization, including but not limited to Development and Engineering teams, to incorporate security as part of their regular processes, such as OWASP training.
  • Participate in team's on-call rotation & respond to any security incidents.

Knowledge and experience

  • Minimum of 5 years cumulative hands-on experience in infrastructure engineering and/or development roles
  • Experience with AWS infrastructure and security measures as they relate to EC2, VPC & Security Groups, etc.
  • Assist in designing and implementing security policies and practices on Cloud environments including AWS and GCP
  • Expert-level knowledge in one or more specific technical areas, such as development, network/cloud security, malware detection/analysis, threat intelligence, cryptography, vulnerability management, incident response, forensics, social engineering, or hacking techniques.
  • Background in Linux/Unix administration.
  • Designing, implementing, and managing endpoint security controls and best practices.
  • Solid understanding of IT security industry standards (i.e. ISO-27001; SOC).
  • Experience with established and/or emerging compliance programs (i.e. GDPR)
  • A deep understanding of software (OWASP) and infrastructure (CIS) security fundamentals
  • Familiarity with CSA (Cloud Security Alliance) standards and practices
  • Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concern
  • Monitor and report on the implementation of intrusion detection, firewall policies and malware software
  • Experience within a 24x7 production environment, preferably across multiple data centres and 3rd party cloud environments

Required skills and experience

  • Experience setting up and performing regular penetration tests and vulnerability scans.
  • Experience with MySQL database administration
  • Programming experience in Java and JavaScript
  • Experience reviewing architecture and code from a security perspective
  • Experience with Gradle, Jenkins and other build deployments automation tools
  • Professional certifications in the security, privacy, risk management and audit areas

Apply now

Qualified applicants are invited to submit a resume with a cover letter outlining how your skills and experience meet the above requirements.

E-mail your resume and cover letter to careers@recollective.com. Clearly specify the position name in the subject of your e-mail.