By clicking Apply Now you agree to share your profile information with the hiring company.
ABOUT THE POSITION
Gridspace is looking for a Security Lead to manage compliance and security operations. The candidate should be organized, thorough, and have a strong technical background in IT, systems administration, and/or network engineering. Most importantly, candidates should have a desire to work with a world-class engineering team to secure massively scaled cloud services.
Technical responsibilities will include:
- Become the primary security expert for multiple product lines, and act as the point of contact for engineering and security.
- Support engineering with implementing security fixes, ensuring security scanners are utilized correctly, and develop strategies to proactively secure the architecture.
- Help to automate common security tasks and patterns.
- Research and analyze the latest capabilities of specific Information Security (e.g. Cloud services, encryption, PKI etc.) and IT technologies (e.g. operating systems, networks, storage, virtualization etc.).
- Manage the IT infrastructure including endpoint management, single sign-on, anti-malware, event notifications, etc.
- Assist co-workers in maintaining security of their devices and processes.
Operational responsibilities will include:
- Familiarize yourself with common private sector security standards including PCI, HITRUST, and SOC2.
- Act as the primary contact with all security compliance audits and client due diligence questionnaires.
- Work directly with partner teams to understand our corporate infrastructure and business operations solutions and serve as subject matter expert to identify key risks to our security posture.
- Create threat models for both external and insider threats that directly influence designs, risk tolerance, and roadmaps.
- Maintain the schedule of daily, weekly, monthly, and annual compliance related tasks.
- Lead the physical security efforts of Gridspace assets and properties.
- Run company-wide phishing tests, security awareness training, and regular status meetings with management.
- Manage and evaluate third party services and vendors.
You have:
- Strong technical aptitude with project management skills, capable of learning emerging products and creating plans to support the business
- Experience with GCP, Kubernetes, or distributed cloud-based environments
- Experience working in a high security and/or highly regulated industry. We would love to have you take the essentials of what you’ve learned and apply them to the unique challenges Gridspace faces
- Experience securing large Python codebases is a plus
- Experience managing a SIEM such as SumoLogic
- Experience with endpoint management and security such as JumpCloud and Crowdstrike Falcon is a plus
- Experience with performing or managing network and application penetration tests
- Experience achieving PCI, HITRUST, SOC2, or FedRAMP certifications are a plus
- Experience with managing outside vendors and customer relationships is a plus
- Military experience is a strong plus
Read Full Job Description