Seniority Level: Mid-Senior

Location: Remote (select US States)

About the role and about You:

At Zwift IT, we are constantly improving our security practice and enforcing our security policy. Currently, we are looking for a senior IT security engineer who will have strong domain expertise in enterprise security architecture, endpoint security protection, networking security, and risk assessment and analysis. This is a unique opportunity to work with an innovative team in a business-critical discipline.

Successful corporate Information Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and comfortable navigating ambiguity. You should have strong problem-solving skills, excellent interpersonal skills, a deep technical understanding of corporate information security infrastructure, and endpoints threats, strong scripting and automation skills, and the desire to be an individual contributor to securing Zwift enterprises, services, and endp

What you’ll do:

• Develops and implements security technologies, standards, processes, policies, and guidelines for the enterprise
• Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
• Coordinates with other groups to assess, implement, and monitor IT-related security risks/hazards
• Responsible for the day-to-day operations of technical security including, but not limited to, IPS/IDS, Vulnerability Scanning & Management, Patch Management, Encryption, Content Filtering, email hygiene, DLP, Identity & Access Management/SSO, and secure file sharing.
• Ensures Identity and Access reviews are performed periodically and follows through on findings and remediation's
• Follow standards in accordance with company policies and regulations (ISO 27001, PCI, SOX, etc.)
• Prepare and present Security test findings to stakeholders.

What you'll have:

• Bachelor’s degree in Computer Science, Information Systems, or related technical field
• 5+ years of working experience in Information Security Domains
• Experience in planning and executing IT Security initiatives end to end
• Solid understanding of information security standards & practices
• Experience with security products from a variety of vendors (firewalls, intrusion detection systems, vulnerability scanners, multi-factor/strong authentication technologies, RADIUS/TACACS+ servers, logging, penetration testing software, etc.)
• Experience with a variety of security technologies and concepts (DMZ architectures, cryptography, forensics techniques, PKI, digital certificates/signatures, hashing/ciphers, IPsec, wireless technologies, URL filtering, etc.)
• Experience with endpoint security solutions including anti-virus, DLP, encryption, and malware remediation techniques.
• Experience analyzing and applying information security, risk management, and privacy practices
• Solid understanding of IT processes including security, incident management, configuration management, change management, release management, problem management, business continuity, and disaster recovery
• Expert knowledge and experience in a broad range of security controls and risk management frameworks (NIST, ISO 2700x, PCI)
• Excellent communication, verbal, and writing skills.

Bonus points:

• Comfortable in an AWS environment
• Technical Leadership capability with project and time management skills
• CISSP, CCSP, or other Cyber Security related certifications
• Ability to train security/audit concepts

The base salary for this position ranges between $138,000 - $180,000. The base salary will be based on a number of factors including the role offered, the individual's job-related knowledge, skills, qualifications, and geographic location. In addition to base salary, Zwift is proud to offer a comprehensive and competitive benefits package for all eligible employees which also includes performance bonuses, equity, and a full range of medical, financial, and other perks and benefits.