Lead Information Security Engineer

Company: Brivo Systems, LLC
Location: Bethesda
Posted on: May 20, 2023

Job Description:

About the RoleAs the Lead Information Security Engineer, you will use your skills to support Brivo's recurring revenue and growth by providing secure systems and privacy for our users which will build trust in the brand and give Brivo a competitive advantage in the field. You will be responsible for leading a team of Security Engineers and Analysts to protect Brivo's sensitive data from threats and leading Brivo's information security program including compliance audits, incident response, risk management, and other security and privacy related initiatives.You will also be expected to:

• Interview, hire and train new hires for the security team
• Supervise, conduct performance appraisals, and support professional and skills growth for members of the security team
• Assess systems and processes for risks, identify and recommend mitigation options, present options to stakeholders for approval, and design solutions for engineers including endpoint, application, cloud, container, and serverless security projects
• Lead security presentations and meetings on the Brivo security program to external stakeholders including end users, resellers, and developer partners and internal stakeholders including executive leadership
• Identify security metrics, perform organization risk assessments, and lead executive level risk strategy meetings on a monthly and quarterly basis
• Plan, design, build, and integrate processes, tools, and systems to protect information across devices, applications, and infrastructure
• Maintain security systems including: cloud networking and security tools, Security Event and Incident Management (SEIM), Intrusion Detection System (IDS), web application firewall (WAF), certificates, and vulnerability scanning tools
• Update security documentation including training, policies, and processes per industry best practices and to meet regulatory and compliance requirements
• Lead incident response activities using system logs and alerting in an on-call rotation
• Drive third party risk management program including onboarding and annual assessments, new vendor implementation recommendations, and continuous monitoring
• Coordinate audits with third parties for SOC 2 and ISO27001 certification audits
• Stay up to date on security best practices and emerging threats and regulationsAbout You
  • Supervisor experience including interviewing, hiring, training, performance appraisals, and professional development of security professionals
  • Strategic thinking skills including seeing the big picture and forward-thinking to help the organization avoid risk, be prepared for future regulations, and stay up to date on the latest technologies and best practices
  • Soft skills including presenting, explaining difficult technical concepts in layman's terms, team building, and running efficient meetings
  • Experience with processes including organization risk assessment, threat modeling, vulnerability management, supply chain risk management, incident response, employee security training, and compliance processes and best practices
  • Experience with technical writing work including risk reports, policies, procedures, runbooks/playbooks, and training
  • Experience with security and operations technologies including infrastructure as code (IaC), Kubernetes, cloud networking and security tools, Security Event and Incident Management (SEIM), Intrusion Detection System (IDS), web application firewall (WAF), asset configuration and management, email security gateway, cloud application security broker (CASB), and vulnerability scanning tools
  • Experience with compliance work such as SOC 2 and ISO27001 audits, privacy impact assessments, and NIST or CIS standards compliance auditsPreferred Skills
    • Security related degree or certifications such as: Security+, Cloud+, AWS certifications, CKA, CISSP, CCSP, CCSK, GCSA, CISM
    • A home lab topology and projects you performed using the lab
    • Other projects and accomplishments you may have completed such as:
      • A security website or blog that demonstrates your security knowledge and technical writing skills
      • Security training content you developed
      • Security related volunteer work
      • Speaking engagementsAbout UsBrivo is the global leader in mobile, cloud-based access control for commercial real estate, multifamily residential, and large distributed enterprises. Our comprehensive product ecosystem and open API provide businesses with powerful digital tools to increase security automation, elevate employee and tenant experience, and improve the safety of all people and assets in the built environment. Having created the category over twenty years ago, our building access platform is now the digital foundation for the largest collection of customer facilities in the world, trusted by more than 25 million users occupying over 300M square feet of secured space in 42 countries.Our dedication to simply better security means providing the best technology and support to property owners, managers, and tenants as they look for more from buildings where they live, work, and play. Our comprehensive product suite includes access control, smart readers, touchless mobile credentials, visitor management, occupancy monitoring, health and safety features, and integrated video surveillance, smart locks, and intercoms. Valued for its simple installation, high-reliability backbone, and rich API partner network, Brivo also has the longest track record of cybersecurity audits and privacy protections in the industry.Brivo is privately held and headquartered in Bethesda, Maryland. Learn more at Brivo is an Equal Opportunity/Affirmative Action Employer

Keywords: Brivo Systems, LLC, Bethesda , Lead Information Security Engineer, Engineering , Bethesda, Maryland