Information Security Engineer

The Information Security Engineer is responsible for developing processes and technologies for the establishment and execution of the controls and security monitoring capability management, and response to include, assisting with the development of programs for enterprise logging, end-user behavior analytics, and security metrics and reporting.

The Information Security Engineer provides controls and security subject matter leadership into the design & delivery of controls and security architectures and development of standards and reference architectures. This includes the creation, support, and facilitation of governing principles that guide controls and security architecture decision-making. The Information Security Engineer will participate in the development of controls and security best practices to achieve the goals of the enterprise controls and security architecture, as well as act as a liaison to other teams.

Primary Responsibilities

  • Strong, track record of implementing controls and security architecture for complex solutions and ability to deliver results through partnering with stakeholders in IT and the business
  • Perform risk assessments to determine if new projects and deployments are aligned with regulatory requirements, industry standards, and best practices and comply with corporate information security and privacy policies
  • On-going project/program management and prioritization of information security risk management activities (including risk treatment plans and external audit/certification initiatives such as SOC 2 Type 2)
  • Plan and perform internal controls, security, and privacy audits to assess control design and effectiveness
  • Report on the status of compliance activities and develop metrics around the risk remediation program
  • Manage incoming and outgoing customer controls, security, and privacy information requests, and questionnaires
  • Communicate with company workers on security awareness topics
  • Support, exhibit, and grow a corporate culture that is committed to information controls and security best practices
  • Working knowledge of IT processes (i.e., ITIL) including program change control management to include but not limited to new code introduction and operating applications
  • Experience with secure architecture principles, security system integration, and configurations, and troubleshooting

Education & Experience

  • Bachelor’s degree in Computer Science, Computer Information Systems or equivalent experience
  • 5+ years of cloud security and controls audit and/or implementation within AWS
  • 4+ years experience with information security, control standards, compliance audits, and frameworks such as SOC 2 and/or ISO27001
  • Understanding of cloud application and security concepts, especially with AWS Microservices including but not limited to AWS Identity and Access Management (IAM), AWS Security Hub, Amazon CloudWatch, Amazon Detective, and/or AWS Guard Duty.
  • Experience with AWS security monitoring and reporting tools in building metrics to capture compliance status
  • Ability to clearly communicate controls and security compliance requirements to internal teams and associated implementation to external customers
  • Understanding of SDLC, CI/CD, and API driven workflows
  • CISM, CISA, and similar certifications are preferred. CCSP certification is a plus
  • AWS Certified-Specialty certification is also strongly preferred
  • Strong attention to detail and written communication skills

Application Developer

The Applications Developer evaluates, analyzes, and modifies moderately complex application programs. Codes, tests, debugs, documents, and maintains applications. Works on most phases of applications programming activities. Analyzes and resolves problems associated with applications. Detects, diagnoses and reports related problems.

Primary Responsibilities

  • Develop RESTful APIs and microservices leveraging AWS technologies, including Lambda, API Gateway, Cognito, Amazon Aurora (Postgres) and other related technologies
  • Responsible for the development and support of cloud-based applications
  • Develop solutions that meet business objectives while leveraging industry best practices
  • Maintain and/or extend existing solutions, refactoring solutions, to improve performance and security
  • Actively engage in Sprints and other facets of project planning and management (SCRUM)
  • Collaborate with other internal teams and stakeholders to support business requirements
  • Write high-quality source code to program complete applications within deadlines
  • Troubleshoot and debug applications
  • Maintain a comprehensive understanding of the K16 Solutions portfolio of applications and associated documentation
  • Pursue continuous improvement opportunities associated with existing software development programs

Technical Competencies

  • Experience with AWS, Node.js, Postgres, and other JavaScript frameworks
  • Familiarity using Git, code repositories, branching and merging strategies
  • Familiarity and understanding of Continuous Integrations
  • Ability to break down complex concepts, tasks or problems into more simple, understandable language and action plans
  • Excellent communications skills
  • Excellent organization skills, communication skills and attention to detail, and the ability to clearly and concisely articulate complex concepts for a variety of audiences

Professional Competencies

  • Passion for software development and education technology
  • Innovative and flexible thinker, comfortable suggesting solutions, and willing to take risks
  • Enjoys working independently in a fast-paced environment with tight deadlines
  • Committed to quality in every assignment, large or small
  • Excited about remote teamwork

Education & Experience

  • Bachelor’s degree in a related field, or equivalent work experience
  • Minimum of three to seven years of experience in a developer/programmer role working within a technology team