Maintain Security Solutions to Protect our Employees and Customers
Sisense is the unified, collaborative data platform for professional data teams. We help thousands of data teams tackle increasingly complex data challenges, from ETL through to predictive analytics.
Our expectations for ourselves are ever increasing and we're looking for someone to help us along that journey. If you love creating delightful user experiences for technical and non-technical users and delivering company-changing outcomes, this role is for you!
The experience you'll develop, design and implement security touchpoints into the Sisense product and support the trajectory of our cloud product while maturing the existing on-premise product. While this role will primarily focus on application security, there will be plenty of opportunity to expand into other areas of Security Operations (Vulnerability Management, Bug Bounty and Incident Response) and Security IT (Configurations, SaaS security tooling and overall automation)
WHY YOU SHOULD JOIN OUR INFORMATION SECURITY TEAM:
- Customers trust us with their most important data. They use Sisense to query everything from revenue metrics to the personally identifiable information of their users. In Sisense we use the edge of technology for our product, for our internal services and to enhance the security posture. We are a global company and we believe that diversity and providing equal opportunities are great for expanding our ways of thinking.
- You will partner with Engineering, Product Management, Operations, IT and others to truly empower the employees at Sisense. You'll be expected to support solutions, applying risk-based security touchpoints that are both highly secure and highly functional while moving at the speed of the business. Enabling everyone at Sisense to keep moving fast while continuously increasing the strength of our security may be your greatest challenge. While some capabilities are already in place that will need to be learned and maintained, there will be a need to deploy new emerging security solutions to proactively and reactively protect our employees and customers.
HOW YOU'LL RAMP
Within your first 30 days you'll…
- Meet with the global security team to understand the organizational mission, attack surface and strategically align on risk-based security initiatives
- Spend time with the engineering and product team to get up-to-speed on our technology stacks and current security controls
- Spend time with the IT, R&D and potentially customers to get up-to-speed on our technology stacks and current security controls
By Day 30, you'll...
- Have a solid fundamental understanding of our products, people, processes and technologies
- Perform initial assessment on the strengths and weaknesses of the current product through analysis, automated scanning, and/or custom attack patterns
- Provide recommendations for identified opportunities from the current state processes
- Review code and other production changes to ensure no security issues are introduced
- Work with key stakeholders to ensure compliance of Sisense's internal procedures and compliance goals (SOC2, HIPAA, ISO, GDPR, CCPA)
By Day 60, you'll…
- Drive security improvements to production cloud environments
- Collaborate with third-party penetration testing vendors
- Perform targeted offensive security testing
- Evangelize better security throughout the company
By Day 90, you'll...
- Implement continuous monitoring systems and tools to automatically identify potential security issues at the code, application and infrastructure layers
- Support External and Internal Penetration Testing efforts and assist with driving issues to closure
- Assist with our bug bounty program and maturation of Hacker powered security
- Promote a security-first culture and ensure that all employees at Sisense are able to protect the organization from threats
WHAT YOU HAVE AND ACCOMPLISHED SO FAR:
- Experience working as an application security engineer, consultant or similar position
- Security mindset as a business enabler as part of the core security foundation of driving change with an effective communication style
- Hands-on experience in configuring and hardening cloud-based infrastructure (AWS, Google Cloud, Azure, etc.)
- Experience with container technology (Kubernetes)
- Demonstrated capability in secure coding (input validation, session management, etc.) and performing automated or manual static analysis
- Hands-on experience in conducting penetration testing and vulnerability assessment at the network and application layers
- Ability to dissect new systems, product requirements, features to identify and develop security requirements
- Basic understanding of security processes (access management, incident management, data security, etc.)
- Experience with Mend (Whitesource) or Snyk
- Security certifications such as OSCP, CISSP, CEH, GWAPT, etc.