Information Security Engineer
Company: NICE
Location: Atlanta
Posted on: October 30, 2024
Job Description:
At NICE, we don't limit our challenges. We challenge our limits.
Always. We're ambitious. We're game changers. And we play to win.
We set the highest standards and execute beyond them. And if you're
like us, we can offer you the ultimate career opportunity that will
light a fire within you.So, what's the role all about?The purpose
of this role is to support security stakeholders within the
business by addressing increasing security and compliance
requirements from our customers. Reporting to the DevOps Manager
and working closely with the Engineering Manager and Security
Manager, your duties will range from answering data security
questionnaires from existing customers or prospects, to working on
new requirements stemming from certifications such as FedRAMP that
we are actively seeking to acquire. As an engineering-focused role,
there will be a significant hands-on element, with a particular
emphasis on implementing and maintaining the technical controls
necessary for FedRAMP compliance.The role will also take
responsibility for ensuring that security measures are applied
according to our policies, and that compliance-related processes
are followed correctly. This could involve configuring integrations
with new security tooling, ensuring that security log scanning
automation aligns with FedRAMP requirements, or preparing and
sending regular vulnerability and compliance scanning reports.A
strong technical understanding of software and infrastructure
development will be critical, as the role will involve frequent
collaboration with engineers. It is expected that the candidate
will develop a deep knowledge of the platform infrastructure, SDLC,
and security policy framework, particularly with regard to FedRAMP
controls. Hands-on experience configuring various security tools
will be key.Excellent written and verbal communication skills are
paramount, as drafting clear and accurate replies to security and
compliance-related questions from current and potential clients
will be a core part of the role. The ideal candidate will fully
appreciate the sensitivity involved in handling both internal and
external security audits, especially those focused on federal
standards, and will need strong communication skills to manage
these interactions effectively.This role would suit someone with a
background in software engineering or architecture who has
transitioned into security, with an interest in or experience with
FedRAMP compliance.How will you make an impact?
- Seek to understand the company data, infrastructure, and
software architecture, especially related to our SDLC and security
touch points, with an emphasis on compliance-related
requirements.
- Investigate and make recommendations to strengthen our security
posture across data, SDLC, and infrastructure, particularly in
relation to compliance frameworks like FedRAMP.
- Work with stakeholders to respond promptly to security-related
questions or questionnaires from clients or prospects, ensuring
compliance with industry standards and frameworks, including
FedRAMP when applicable.
- Ensure the tech security landscape is fully understood and
communicate any significant changes or developments to stakeholders
and decision-makers.
- Hands-on work with integrating security tooling and systems
when required, ensuring alignment with security policies and
applicable regulatory frameworks.
- Perform ad-hoc investigations into security issues, including
those that could impact regulatory compliance.
- Develop, track, and regularly report on security metrics and
KPIs for the platform, ensuring they reflect key compliance
requirements.
- Provide advice and support on security concerns to any
interested parties within the organization, helping ensure the
implementation of necessary controls.
- Use security tooling to prepare and send vulnerability reports
regularly, ensuring that reporting is in line with our compliance
obligations.
- Collaborate with finance and stakeholders when appropriate on
the procurement of security-related software tools.
- Work with stakeholders to identify and address security process
or policy gaps, including those related to compliance with
regulatory standards like FedRAMP.Have you got what it takes?
- 5+ years in a hands-on security or software engineering-related
role.
- A technical background rather than a pure compliance background
is preferable, with experience in compliance frameworks such as
FedRAMP, NIST-800-53, ISO 27001, SOC 2 Type 2, PCI DSS, HIPAA,
etc.
- Experience responding to data security questionnaires and
ensuring compliance with industry standards.
- Experience investigating and addressing software or
infrastructure security issues, with some focus on regulatory or
compliance-driven requirements.
- Strong understanding of software development and infrastructure
common practices, especially related to the SDLC.
- Hands-on experience with security software and tooling,
including those supporting compliance efforts.
- Proven ability to communicate security concepts to senior
stakeholders in both written and oral form.
- Understanding of relational databases and security best
practices, including those relevant to compliance frameworks.
- Familiarity with ETL, data warehouse, and reporting systems,
and related security practices.
- Knowledge of AWS services and security tools would be
advantageous, especially in supporting compliance
initiatives.What's in it for you?Join an ever-growing, market
disrupting, global company where the teams - comprised of the best
of the best - work in a fast-paced, collaborative, and creative
environment! As the market leader, every day at NICE is a chance to
learn and grow, and there are endless internal career opportunities
across multiple roles, disciplines, domains, and locations. If you
are passionate, innovative, and excited to constantly raise the
bar, you may just be our next NICEr!At NICE, we work according to
the NICE-FLEX hybrid model, which enables maximum flexibility: 2
days working from the office and 3 days of remote work, each week.
Naturally, office days focus on face-to-face meetings, where
teamwork and collaborative thinking generate innovation, new ideas,
and a vibrant, interactive atmosphere.About NICENICELtd.(NASDAQ:
NICE)software products are used by 25,000+ global businesses,
including 85 of the Fortune 100 corporations, to deliver
extraordinary customer experiences,fight financial crimeand ensure
public safety.Every day, NICE software managesmore than120 million
customer interactions and monitors3+billion financial
transactions.Known as an innovation powerhouse that excels in AI,
cloud and digital, NICE is consistently recognized as the market
leader in its domains, with over 8,500 employees across 30+
countries.NICE is proud to be an equal opportunity employer. All
qualified applicants will receive consideration for employment
without regard torace, color, religion, national origin, age, sex,
marital status, ancestry, neurotype, physical or mental disability,
veteran status, gender identity, sexual orientation or any other
category protected by law.
#J-18808-Ljbffr
Keywords: NICE, Atlanta , Information Security Engineer, Engineering , Atlanta, Georgia
Didn't find what you're looking for? Search again!
Loading more jobs...