Time zones: CET (UTC +1)
, EET (UTC +2)
The Information Security Engineer (engineer) is tasked with creating and certifying defense in depth for SugarCRM. The engineer will employ highly technical security skills to build and manage infrastructure security tools, respond to escalations, perform technical risk assessments, and ensure vulnerability remediation takes place. They will also act as a security subject matter expert (SME), providing advice for both corporate and product technical teams.
The engineer will play a key part in defining technical strategy and aligning SugarCRM’s security program with industry standards, helping ensure our customers data is kept secure.
The security engineer will have, but is not limited to, the following roles and responsibilities:
Impact you will make in the role:
- Serve as a key technical resource for corporate and product security.
- Select and deploy technologies to help protect SugarCRM customer data.
- Review security escalations both internally, and from SugarCRM’s MSSPs.
- Work on a range of cloud-based security technologies.
- Create and lead an action plan to reduce risk.
- Review and oversee remediation of vulnerability and penetration tests.
- Own encryption processes, key management and review.
- Act as a technical point of contact for the compliance team.
- Provide expertise in privacy and data protection aspects and educate staff on information security best practices.
- Research and collate threat intelligence and new attack trends.
What you will need to succeed:
- Live and authorized to work in Romania, Poland or Serbia, without sponsorship
- BS degree in computing, information security, or a related field. MS is preferred.
- Years of information security experience is also acceptable in lieu of a degree.
- Strong experience with Microsoft Windows, MacOS and Linux operating systems.
- Strong experience with AWS security & configuration best practices and tools.
- Strong experience in network security including next gen firewalls, IDS/IPS, VPN and WAF.
- Strong experience using vulnerability management tools, for example Tenable, Qualys, Veracode.
- Experience reviewing, building and fine tuning SIEM tools, for example LogRhythm, QRadar, Splunk.
- Experience with incident response, forensics and evidence preservation.
We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of dedication, impact, and the ability to thrive in a fluid and collaborative environment. We want you to learn new things in this role, and we encourage you to apply if your experience is close to what we’re looking for. We also know that diversity of background and thought makes for better problem solving and more creative thinking, which is why we're dedicated to adding new perspectives to the team.