Senior Information Security Specialist

Summary

Join Ontic, a company building software for corporate and government security professionals, as a Cloud Security Engineer. You will partner with the cloud infrastructure team to define and configure the security posture of Ontic's AWS and GCP environments. Responsibilities include continuous monitoring and reporting, documentation creation and maintenance, responding to audits, and incident response. You will need a BA/BS in a related field, 3+ years of experience in information security, extensive AWS cloud security experience, and relevant certifications. Ontic offers a competitive salary, benefits including medical, vision, dental, 401k, and stock options, as well as flexible PTO and other perks.

Requirements

• BA/BS or higher in Cybersecurity, Computer Science, Information Technology, Management Information Systems, or a related field
• 3+ years experience in information security-related roles
• Extensive experience with AWS cloud security, including the use of Inspector, Config, Guardduty and Security Hub required
• NIST 800-53 knowledge and understanding is required
• CompTIA Security+, CCSP, SSCP, CISSP or similar certifications
• Excellent written and verbal communication skills
• Extremely organized and able to oversee multiple projects simultaneously
• Only U.S. citizens are eligible to apply for this role
• Applicants must be legally authorized to work in the US without requiring sponsorship, now or in the future

Responsibilities

• Partner with Ontic’s cloud infrastructure team to define and configure the security posture of Ontic’s AWS and GCP environments, including AWS GovCloud
• Continuously monitor and report on Ontic’s cloud security posture
• Create and maintain documentation related to the security posture across Ontic
• Maintain standard operating procedures, processes and guidelines
• Respond to client audits, assessments and questionnaires related to Ontic security
• Assist with internal and 3rd party audits, risk assessment and risk reviews
• Detect and analyze security events and incidents
• Respond to potential information security related incidents 24x7
• Review threat intelligence from multiple sources
• Automate security analysis, administration and remediation procedures and tasks
• Develop and maintain information security metrics
• Stay current on emerging industry and technology trends

Preferred Qualifications

• GCP, Azure or other cloud experience is a plus
• FedRAMP experience is a plus
• Experience with ISO 27001/27002, SOC 2 or similar security frameworks a plus
• Experience with Crowdstrike Falcon or similar endpoint security suite a plus
• Experience with CloudFlare or similar Web Application Firewall (WAF)
• Experience working with Splunk, Rapid7 InsightIDR, QRadar, SumoLogic or similar security information event management systems (SIEM) a plus
• Experience with query and scripting languages a plus

Benefits

• Competitive Salary
• Medical, Vision & Dental Benefits
• 401k
• Stock Options
• HSA Contribution
• Learning Stipend
• Flexible PTO Policy
• Quarterly company ME (mental escape) days
• Generous Parental Leave policy
• Home Office Stipend
• Mobile Phone Reimbursement
• Home Internet Reimbursement for Remote Employees
• Anniversary & Milestone Celebrations