Opportunity - Information Security and Compliance Specialist
About Sage Intacct:
Sage Intacct is the only preferred provider of financial applications by the AICPA and has companies on the system with thousands of users, consolidating several hundred entities, and managing hundreds of thousands of daily transactions. The multi-entity architecture of Sage Intacct supports business expansion, automating processes that dynamically change as a company grows. This technology infrastructure scales effortlessly, so companies can easily increase their number of users, customers, transactions, and locations – without the need for lots of manual effort, consultants, or workarounds.
The Information Security and Compliance Specialist is an integral member of Sage Intacct’s security team which has overall information security responsibility for the enterprise. This position can be described as a very broad-based position and will provide the candidate exposure to many facets of Information Security across product, operations, engineering, and IT. This position requires hands on experience in security engineering, architecture, administration of security technologies and experience with data analysis and risk management. This position will require collaboration with Engineering, QA, Operations, Product Management, Support and other departments to ensure compliance with policies and other activities which impact the confidentiality, integrity and availability of our application, infrastructure and business processes.
Job Responsibilities include:
Deployment, administration and operation of security solutions such as vulnerability scanning and pen testing tools, log aggregation & analysis tools, data loss prevention systems, intrusion prevention devices and other tools as necessary
Maintain up-to-date detailed knowledge of the information security industry, including awareness of new or revised security solutions, improved security processes and the identification of current and new attacks and threat vectors especially as it relates to Sage Intacct and its customers.
Provide recommendations and limited administration of security products and services to include firewalls, encryption technologies, patching, certificate management, anti-virus, email security controls, intrusion detection/prevention, identity and access management and security scanning and assessment tools
Conduct security audits and assessments, analyze results, identify remediation activities and/or compensating controls and track remediation efforts to completion.
Deployment, administration and operation of security solutions
Respond to customer or other third-party inquiries
Assist in evidence generation, collection and other activities to support compliance requirements
Participate as a member of the Incident Response Team by conducting forensic analysis and troubleshooting to assist in the containment and remediation of security incidents
Identify security issues and provide the appropriate resolution or make recommendations to Sr. Management on how to resolve or identify compensating controls related to security findings
Performing IDS monitoring and analysis, network traffic analysis, log analysis, prioritization and differentiation between potential intrusion attempts and false alarms
Participate in periodic information systems risk assessments.
Bachelor’s degree in an information technology discipline or equivalent IT experience required
Relevant IT or security certifications including CISSP, CISM, CRISC, CEH or SANS certs are expected
Extensive experience (5+ years) in information security operations and/or related IT operational functions
Requires demonstrable background in: security products and technologies; security engineering/architecture, networking protocols, security analysis and investigations
Hands on working knowledge of AWS, with specific experience administrating AWS Security related services
Demonstrable ability to analyze network packets and log data
Experience with Splunk, ElasticSearch, Snort, Tripwire, Wireshark or other analytics tools a plus
Experience with Cisco ASA and Palo Alto Firewalls a plus
Programming experience in scripting languages such as Windows PowerShell, Python, Perl, Bash, etc., highly desirable
Ability to multitask, prioritize, coordinate, work well under pressure and meet deadlines
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to both technical and non-technical audiences
Must be a critical thinker with strong problem solving skills and a "can do” attitude
Must have experience with MS Office products with a strong working knowledge of Excel Pivot Tables and Charts.
Must stay up to date with current vulnerabilities, attacks, and countermeasures
Must be able to and willing to work independently with minimal amount of supervision
Sage Intacct Corporation is an Equal Opportunity Employer, and all qualified applicants will receive consideration for employment, as Sage Intacct Corporation does not discriminate on the basis of race, color, religion, **gender**, age, national origin, disability, veteran status, **gender** orientation or any other classification protected by Federal, state, or local law.