Security Engineer

Summary

Join Granicus, a leading GovTech company, as a Security Operations Engineer and contribute to building and maintaining secure technology solutions for government agencies. You will manage and improve existing security tools, run vulnerability scans, work with compliance colleagues, and ensure the confidentiality, integrity, and availability of information assets. This role involves collaborating with cross-functional teams, reviewing proposed changes for security issues, and participating in an on-call rotation for incident support. Granicus is a remote-first company with a global workforce, offering a transparent, inclusive, and safe work environment with various employee resource groups, opportunities to interact with the CEO, and dedicated communities focused on wellness and other interests.

Requirements

• Responsible for Granicus information security by appropriately preserving the Confidentiality, Integrity, and Availability (CIA) of Granicus information assets in accordance with the company's information security program
• Responsible for ensuring the data privacy of our employees and customers, their data, as well as taking all required privacy training in a timely manner, in accordance with company policies

Responsibilities

• Manage and improve the operations of existing security tools, including Vulnerability Management, Threat Intelligence, end Endpoint Detection and Response
• Run vulnerability (SAST) and application (DAST) scans accurately and on a timely basis
• Work with Compliance colleagues to accurately document and track vulnerabilities and remediation
• Manage the lifecycle of organizational security tools
• Help technical teams determine application risks related to privileged access on endpoints
• Work with cross functional teams as a security representative during incidents
• Review proposed changes for potential security issues
• Participate in an on-call rotation to ensure 24x7 escalation support for incidents
• Ensure the confidentiality, integrity, and availability of information assets

Preferred Qualifications

• A passion to figure out the who, what, when, and why of a situation
• An attention to detail to ensure the vulnerability management operations are run accurately
• Direct experience in the specific technical areas of systems administration, application development, database administration, network operations, or data center operations
• The ability to continuously learn new methods and technologies and identify gaps that should be addressed
• Experience in a common scripting language like Python, Powershell, etc
• Running a vulnerability management process using common technologies like Nessus
• Understanding of Infrastructure as a Service (IaaS) cloud platforms, such as IAM, compute (EC2), networking (VPC, Load Balancers), serverless (Lamda), and Containers (EKS), in order to identify and prioritize potential security challenges
• Familiarity with IDS/IPS, SIEM, DLP, firewalls, vulnerability management systems, and endpoint security products, including management and configuration of the tools
• Ability to write technical Standard Operating Procedures (SOPs) and train team members

Benefits

• We are a remote-first company with a globally distributed workforce across the United States, Canada, United Kingdom, India, Armenia, Australia, and New Zealand
• At Granicus, we are building a transparent, inclusive, and safe space for everyone who wants to be a part of our journey
• Employee Resource Groups to encourage diverse voices
• Coffee with Mark sessions – Our employees get to interact with our CEO on very important and sometimes difficult issues ranging from mental health to work-life balance and current affairs
• Microsoft Teams communities focused on wellness, art, furbabies, family, parenting, and more
• We bring in special guests from time to time to discuss issues that impact our employee population