We are looking for an innovative Remote Information Security Engineer - DevSecOpsto join our team!The global church is quickly moving towards more digital ministry solutions. Lifeway is hitting the gas pedal and moving towards creating cutting edge, trustworthy resources for churches. Our next Information Security Engineer- DevSecOps will help lead us into this new season.You will work closely with our Information Security team, other Lifeway IT teams (tech.lifeway.com), ministry areas, and work independently to planand carry out security measures to monitor and protect sensitive data, networks and systems from infiltration and cyber-attacks.
Designs, builds, implement, and administers security systems and programs within the infrastructureOrchestrates and performs vulnerability scanning and remediationObtains, analyzes and acts upon appropriate product, vendor, and security architecture informationWorks with the security leadership to establish policies, governance and other security protocolsInvestigates and responds to security eventsCollaborates with internal and external entities to accomplish various tasks and projectsKeeps up with security threats as they evolve
Bachelor's degree in Computer Science, Information Technology, or equivalent industry experiencePreferred certifications: CISSP, CISA, CCSKTwo (2) years experience with administrating CyberArk OR ThycoticAbility to thrive in fast-paced, high-stress situationsStrong analytical, communication and organizational skillsKnowledge of cloud security concepts and techniquesExperience with cloud computing (AWS EC2, S3), Docker, KubernetesKnowledge of server security hardening standards and vulnerability trends on Linux (Ubuntu/Alpine) and Windows servers, Windows and Mac workstationsAbility to communicate network and systems security issues to peers and managementKnowledge of anti-virus/anti-malware software, intrusion detection, firewalls and content filteringKnowledge of risk assessment tools, technologies and methodsKnowledge of computer forensic tools, technologies and methodsKnowledge of disaster recovery and business continuity methodsKnowledge of applicable information security regulations including PCI and PII / privacy law (GDPR, CCPA)Understanding of static/dynamic code analysis of various programming languages: Java, Scala, React, GoLang, Rust, etc.Familiarity with the following: Rapid7 InsightVM, Aqua Kubernetes Security, Okta, Cisco Duo, Cisco AMP, CIS Benchmarks, preferred