Lead security engineer

Full-time
  • Lead Security Engineer Lead Security Engineer Lead Application Security Engineer Req ID FY COS #2 Location(s) Atlanta, Georgia, USA;
  • Baltimore, Maryland, USA; Boston, Massachusetts, USA; Chicago, Illinois, USA; Miami, Florida, USA; Orlando, Florida, USA;

Work arrangement(s) Fully Remote (works exclusively from home), Hybrid (works from home and New Relic office throughout the week), Office (works primarily in a New Relic office) Your opportunity New Relic is hiring a lead security engineer to join our Information Security Team! Our team is responsible for safeguarding the organization's global infrastructure (including servers, networks, workstations, and cloud).

We focus on proactive security controls, performing pragmatic threat assessments, and working with teams to ensure they understand and prioritize security work appropriately.

In this role, you will collaborate with diverse teams across the organization, developing and improving tools to help improve their understanding of security risks! We value character and practical experience over certifications, and believe that building relationships is far more effective at improving security than dictating what engineers can and cannot do.

Deep history as a security engineer to is not required to qualify, but rather the ability to clearly demonstrate multi-cloud systems management, architectural design, automation skills, and show an interest in endorsing security as an integral component of the value that we provide to our customers. What you'll do

  • Operate as a technical lead for the Infrastructure Assurance team and for partner organizations.
  • Mentor / coach and remove technical roadblocks as needed for team members.
  • Educate engineers on effectively applying secure practices related to multi-cloud, Kubernetes, and internal applications and services.
  • Provide architectural security design guidance and perform security reviews for New Relic infrastructure, ensuring a secure by design model.
  • Cultivate relationships with IT, Platform Services, and non-engineering teams to grow our collaborative security culture and drive security initiatives.
  • Establish yourself as an authority with a deep understanding of engineering and non-engineering team roadmap and priorities.
  • Collaborate with Security Engineering & Automation and Security Research & Response teams on multi-functional work streams and projects.

This role requires

  • Bachelor's degree in Computer Science or equivalent practical education and experience.
  • 5+ years of cloud and infrastructure engineering experience.
  • 2+ years of infrastructure security experience.
  • Experience securing an infrastructure built in a multi-account AWS environment with a strong understanding of Identity and Access Management (roles, policies, SCP).
  • Understanding of modern DevOps engineering and Kubernetes
  • Capability to effectively communicate with individuals of varying levels of technical expertise.
  • Ability to lead cross company objectives, work autonomously, navigate ambiguous situations, and identify innovative solutions.
  • Ability to draft / maintain concise documentation.

Bonus points if you have

  • 3+ years working with modern container technologies; Kubernetes is a bonus.
  • Ability to provide guidance on secure design and implementation of complex security problems.
  • Experience performing or coordinating penetration tests.
  • Experience with infrastructures built in Azure, or Google Cloud
  • Writing in and understanding an infrastructure orchestration solution, such as Terraform, Chef, or Ansible.
  • Proficiency in at least one programming language, like Python, Ruby, or Go.
  • An understanding of tradeoffs between reliability and security in a SaaS organization.

We're looking for bold and passionate people to be a part of our mission to help every engineer do their best work, every day, using data, not opinions, at every stage of the software lifecycle.

We'd love to have you apply, even if you don't feel you meet every single requirement. What's most important to us is finding authentic and accountable people who feel connected to our mission and values, not just candidates who check off all the boxes.

We believe in empowering all Relics to achieve professional and business success through a workforce model called Flex First.

Read more about Flex First.

Our hiring process

Please note that visa sponsorship is not available for this position.

In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification.

Note : Our stewardship of the data of thousands of customers’ means that a criminal background check is required to join New Relic.

We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance.

Headhunters and recruitment agencies may not submit resumes / CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

New Relic is an equal opportunity employer. We eagerly seek applicants of diverse background and hire without regard to race, color, gender identity, religion, national origin, ancestry, citizenship, physical abilities (or disability), age, sexual orientation, veteran status, or any other characteristic protected by law.

Interested in the details of our privacy policy? Read more here.

Estimated Base Pay Range : $ , - $ ,

The pay range above represents a reasonable estimate of the salary for the listed position. This role is eligible for a corporate bonus plan and a competitive equity package.

Pay within this range varies by work location and may also depend on job-related factors such as an applicant’s skills, qualifications, and experience.

New Relic provides a variety of benefits for this role, including healthcare, dental, vision, parental leave and planning, mental health benefits, a (k) plan and match, flex time-off, paid holidays, volunteer time off, a discounted employee stock purchase plan, and other competitive benefits designed to improve the lives of our employees.

Wage - midpoint , Wage - minimum , #LI-AK3 #LI-Remote This field has no functionality and it was added so that we could display the separator above

Apply Now

Related Jobs

Lead security engineer

New Relic, Inc. Baltimore, MD
APPLY
  • Lead Security Engineer Lead Security Engineer Lead Application Security Engineer Req ID FY COS #2 Location(s) Atlanta, Georgia, USA;
  • Baltimore, Maryland, USA; Boston, Massachusetts, USA; Chicago, Illinois, USA; Miami, Florida, USA; Orlando, Florida, USA;

Work arrangement(s) Fully Remote (works exclusively from home), Hybrid (works from home and New Relic office throughout the week), Office (works primarily in a New Relic office) Your opportunity New Relic is hiring a lead security engineer to join our Information Security Team! Our team is responsible for safeguarding the organization's global infrastructure (including servers, networks, workstations, and cloud).

We focus on proactive security controls, performing pragmatic threat assessments, and working with teams to ensure they understand and prioritize security work appropriately.

In this role, you will collaborate with diverse teams across the organization, developing and improving tools to help improve their understanding of security risks! We value character and practical experience over certifications, and believe that building relationships is far more effective at improving security than dictating what engineers can and cannot do.

Deep history as a security engineer to is not required to qualify, but rather the ability to clearly demonstrate multi-cloud systems management, architectural design, automation skills, and show an interest in endorsing security as an integral component of the value that we provide to our customers. What you'll do

  • Operate as a technical lead for the Infrastructure Assurance team and for partner organizations.
  • Mentor / coach and remove technical roadblocks as needed for team members.
  • Educate engineers on effectively applying secure practices related to multi-cloud, Kubernetes, and internal applications and services.
  • Provide architectural security design guidance and perform security reviews for New Relic infrastructure, ensuring a secure by design model.
  • Cultivate relationships with IT, Platform Services, and non-engineering teams to grow our collaborative security culture and drive security initiatives.
  • Establish yourself as an authority with a deep understanding of engineering and non-engineering team roadmap and priorities.
  • Collaborate with Security Engineering & Automation and Security Research & Response teams on multi-functional work streams and projects.

This role requires

  • Bachelor's degree in Computer Science or equivalent practical education and experience.
  • 5+ years of cloud and infrastructure engineering experience.
  • 2+ years of infrastructure security experience.
  • Experience securing an infrastructure built in a multi-account AWS environment with a strong understanding of Identity and Access Management (roles, policies, SCP).
  • Understanding of modern DevOps engineering and Kubernetes
  • Capability to effectively communicate with individuals of varying levels of technical expertise.
  • Ability to lead cross company objectives, work autonomously, navigate ambiguous situations, and identify innovative solutions.
  • Ability to draft / maintain concise documentation.

Bonus points if you have

  • 3+ years working with modern container technologies; Kubernetes is a bonus.
  • Ability to provide guidance on secure design and implementation of complex security problems.
  • Experience performing or coordinating penetration tests.
  • Experience with infrastructures built in Azure, or Google Cloud
  • Writing in and understanding an infrastructure orchestration solution, such as Terraform, Chef, or Ansible.
  • Proficiency in at least one programming language, like Python, Ruby, or Go.
  • An understanding of tradeoffs between reliability and security in a SaaS organization.

We're looking for bold and passionate people to be a part of our mission to help every engineer do their best work, every day, using data, not opinions, at every stage of the software lifecycle.

We'd love to have you apply, even if you don't feel you meet every single requirement. What's most important to us is finding authentic and accountable people who feel connected to our mission and values, not just candidates who check off all the boxes.

We believe in empowering all Relics to achieve professional and business success through a workforce model called Flex First.

Read more about Flex First.

Our hiring process

Please note that visa sponsorship is not available for this position.

In compliance with applicable law, all persons hired will be required to verify identity and eligibility to work and to complete employment eligibility verification.

Note : Our stewardship of the data of thousands of customers’ means that a criminal background check is required to join New Relic.

We will consider qualified applicants with arrest and conviction records based on individual circumstances and in accordance with applicable law including, but not limited to, the San Francisco Fair Chance Ordinance.

Headhunters and recruitment agencies may not submit resumes / CVs through this website or directly to managers. New Relic does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with New Relic.

New Relic is an equal opportunity employer. We eagerly seek applicants of diverse background and hire without regard to race, color, gender identity, religion, national origin, ancestry, citizenship, physical abilities (or disability), age, sexual orientation, veteran status, or any other characteristic protected by law.

Interested in the details of our privacy policy? Read more here.

Estimated Base Pay Range : $ , - $ ,

The pay range above represents a reasonable estimate of the salary for the listed position. This role is eligible for a corporate bonus plan and a competitive equity package.

Pay within this range varies by work location and may also depend on job-related factors such as an applicant’s skills, qualifications, and experience.

New Relic provides a variety of benefits for this role, including healthcare, dental, vision, parental leave and planning, mental health benefits, a (k) plan and match, flex time-off, paid holidays, volunteer time off, a discounted employee stock purchase plan, and other competitive benefits designed to improve the lives of our employees.

Wage - midpoint , Wage - minimum , #LI-AK3 #LI-Remote This field has no functionality and it was added so that we could display the separator above

Full-time
APPLY

Senior Security Analyst

Conquest Cyber Baltimore, MD
APPLY

InTulsa is partnering with Conquest Cyber to find candidates for this exciting role in Tulsa*

Location : Tulsa, OK. This is a hybrid position for those already in Tulsa, OK or willing to relocate to Tulsa, OK

About the Company :

Our enemies are not simply amateur hackers, but highly motivated, well-funded nation states and criminal organizations. By targeting our nation’s defense and critical infrastructure sectors, cyber-attacks threaten to disrupt the way we live.

This is where we sit at the forefront of this quiet and distributed conflict to ensure cyber resiliency for the sectors critical to our way of life.

At Conquest Cyber we build adaptive risk management programs where innovation is most needed, the sectors that protect our way of life.

Be part of a world class team, enjoy the challenges and rewards of working with some of the leading U.S. agencies and companies, protect assets that are vital to our society.

Job Description :

Companies are constantly under attack by sophisticated cyber adversaries that range from nation states to organized criminal activity.

In response, the Cyber Security Operations Center (CSOC) is charged with ensuring all customers are secure against all tiers of adversaries.

We are on the front lines of security defense e.g. incident response, threat hunting, and intelligence. As a part of our team you'

ll be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment.

This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge by developing new detective measures to protect our customers.

Responsibilities :

Serve as a primary member of the Cyber Security Operations Center (CSOC) who handles security events and incidents daily in a fast-paced environment.

Performs Incident Handling duties which can be minor or major security incidents within the defined Computer Security Incident Response process.

Maintains situational awareness for cyber threats across multiple clients and take action where necessary.

Note : This position is for our night shift. Nights are a 10-hour shift, 4 Days on and 3 off, hours are 10 : 00 PM to 8 : 00 AM local.

Daily responsibilities include, but are not limited to :

Countermeasure deployment across various technologies.

Malware and exploit analysis.

Intrusion monitoring and response.

Assessing alerts and notifications of event activity from our SIEM platform, and intrusion detection systems by responding accordingly to the threat.

Continuing content development of threat detection and prevention systems.

Data analysis and threat research by maintaining knowledge of security principles and best practices. Must remain abreast of emerging threats and trends.

Assists teams in various security and privacy risk mitigation efforts, including incident response.

Leads or participates in information security related projects or in managing strategy.

Develop new forensic detective and investigative capabilities using current technical solutions.

Desired Responsibilities and Skills :

B.S. in Computer Science, Computer Engineering, MIS, or related degree and a minimum of one (1) year experience in cyber security or incident response.

Hands on experience with using security monitoring tools, running vulnerability scans, and reviewing assessment reports.

Systems administrator experience in Linux, Unix, Windows or OSX operating systems is desirable.

Knowledge of networking and the common network protocols.

Demonstrated ability to create scripts, develop tools, or automate processes in PowerShell, Python or Bash.

Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis.

Demonstrated ability to perform static and dynamic malware analysis.

Demonstrated ability to analyze large data sets and identify anomalies.

Demonstrated ability to quickly create and deploy countermeasures under pressure.

Familiarity with common infrastructure systems that can be used as enforcement points.

Strong organizational skills with the ability to coordinate and prioritize multiple tasks simultaneously.

Must work well under pressure to meet deadlines.

Licenses / Certifications :

One or more of the following (or similar), or the ability to obtain within one year :

CSA : Certified SOC Analyst

GISF : Information Security Fundamentals

GSEC : Security Essentials

CompTIA Security+

Competencies and Behaviors :

Analysis : Identify and understand issues, problems, and opportunities; compare data from different sources to draw conclusions.

Communication : Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.

Exercising Judgment and Decision Making : Use effective approaches for choosing a course of action or developing appropriate solutions;

recommend or take action that is consistent with available facts, constraints, and probable consequences.

Technical and Professional Knowledge : Demonstrate a satisfactory level of technical and professional skill or knowledge in position-related areas;

remains current with developments and trends in areas of expertise.

Building Effective Relationships : Develop and use collaborative relationships to facilitate the accomplishment of work goals.

Client Focus : Make internal and external clients and their needs a primary focus of actions; develop and sustain productive client relationships.

Must be willing to work weeknight or weekend night shifts.

Extended working hours may be required as dictated by management and business needs.

Desired Qualities & Characteristics :

Willing to work at a high level of intensity and fast pace to support the needs of rapidly growing businesses

Flexible and able to handle multiple projects at one time while maintaining incredible attention to detail

Maintain a positive, solutions-focused attitude

Ability to use good judgement and keep client information confidential

Bold, confident & open to feedback

Strategic, analytical, collaborative

Adaptive problem solver with grit

Acumen, emotional stability, intellectual capacity

Mission oriented

Conquest Cyber does not discriminate on the basis of race, color, religion (creed), gender, gender identity or expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status in any of its business activities including recruiting and selection.

We are committed to providing a diverse, inclusive, and welcoming environment for employees, volunteers, subcontractors, vendors, and clients.

Li-Hybrid

Full-time
APPLY

It administrator

NFM Lending Baltimore, MD
APPLY

Diversity, Equity, and Inclusion :

At NFM Family of Lenders ( COMPANY ) we are a diverse team of champions, industry pioneers and action leaders. We draw on the differences in who we are, what we’ve experienced, and how we navigate the mortgage industry with focused intention.

We work to attract, develop, engage, advance, and retain a high performing workforce through fostering an inclusive culture where everyone can join in the journey to success. EOE.

Position Summary :

The IT Security Administrator is responsible for planning, designing, development, and implementation of NFM’s systems, network and endpoint security, log management, business continuity and disaster recovery.

This role will assist and coordinate with the Director of IT to implement all relevant and compliant security controls to prevent any type of unauthorized cyber intrusions by any malicious actors into NFM’s digital communications, data, and assets.

This position will require onsite work in Linthicum at least 2-3 days per week

Essential Job Functions :

  • Defend all information systems from unauthorizes access, modification, destruction, and / or other attacks.
  • Record and remediate security incidents.
  • Scan and assess the network for vulnerabilities regularly.
  • Regularly test information systems to ensure security needs are met.
  • Monitor security and system alerts and resolve alerts in a timely manner.
  • Configure and support security tools such as firewalls, anti-virus, patch management systems, AWS security controls, O365 security controls.
  • Create, implement, and maintain information security policies and other relevant documentation.
  • In consultation with the Director of IT, develop and update business continuity / disaster recovery protocols.
  • In consultation with the Director of IT, regularly test business continuity / disaster recovery protocols to ensure security needs are met.
  • Provide necessary documentation and relevant information in response to external information security auditing to ensure compliance to state and national regulations.
  • Perform regular internal auditing and to ensure good security posture.
  • Remediate audit findings in a timely manner.
  • Respond to and remediate security vulnerabilities / incidents in a timely manner.
  • Train fellow employees in security awareness and procedures.
  • Test training efficacy and evaluate / improve employee comprehension.
  • Support development and implementation of new security solutions.
  • Work with vendors to evaluate and acquire security solutions.
  • Work with vendors to perform yearly external comprehensive security audits.
  • Record and monitor IT Security Department projects and progress.
  • Present IT Security Department updates to management through detailed reports and presentations.
  • Respond to employee IT Security questions and concerns.
  • The employer shall, in its discretion, modify or adjust the position to meet the company’s changing needs.
  • This job description is not a contract and may be adjusted as deemed appropriate at the employer’s sole discretion.
  • The IT Security Administrator is expected to maintain satisfactory attendance and report to work on time every day.
  • This position may require occasional overtime and travel.
  • Additional tasks as assigned.
Full-time
APPLY

Manager, Security

Kennedy Krieger Institute Baltimore, MD
APPLY

Overview

The Manager, Security (Operations) is responsible for the development and maintenance of Security program, which meets or exceeds all governmental and regulatory requirements.

This position is responsible for monitoring and distribution of security reports to all Institute locations and maintains a relationship with Johns Hopkins Hospital Security office and other local Law Enforcement Agencies.

Responsibilities

  • Develop and implements an Institute wide security program aimed at protecting Institute property, both internal & external, employees, patients, visitors, surrounding building, grounds, for all Kennedy Krieger Institute locations.
  • Assist with orientation, training, supervision, and evaluation of department personnel.
  • Work with coordinators to create a monthly schedule for security employees.
  • Coordinate with contracted security agency to cover schedule.
  • Review and approve / disapprove staff requests; request contractors; and provide back-up coverage as needed.
  • Act as a resource to other departments providing advice and counsel as necessary with training / information in matters specific to security awareness, security, and their functions
  • Assist with responding to all inquiries from governmental and regulatory agencies.
  • Develop programs and documentation to assure compliance with the Joint Commission and the Commission on Accreditation of Rehabilitation Facilities (CARF)
  • Liaise with federal, state and local law enforcement, as well as other emergency management and homeland security agencies.

Also liaise with school security officials located in jurisdictions servicing the lower school, LEAP and Center for Career & Technology and other schools.

  • Assist with the oversight of C-Cure operation relating to card access and Kennedy Krieger Institute photo identification (ID) badges, monitor Closed Circuit Television (CCTV) operation at various facilities, test and inspect emergency repeater radio system, monitor Baltimore City Police false alarm reduction policy as it relates to the Institute.
  • Oversee the Institute’s card access system by granting staff and visitor access, ensuring proper operation, and working with private vendors to maintain and upgrade the system when appropriate.
  • Conduct investigation of all internal complaints relative to security staff or others, as directed.
  • Assist with departmental budget preparation. Gather data required for budgetary purposes.
  • Serve as a representative for Kennedy Krieger Institute Security Department on various committees internal and external.

Qualifications

QUALIFICATIONS :

  • Knowledge of public safety, and security operations, rules, regulations, precautions, prevention, and the protection of people, data and property.
  • Knowledge of safety laws, legal building and hospital codes, and relevant regulations of CARF and The Joint Commission.

EDUCATION :

Bachelor’s degree in Business or related field required.

EXPERIENCE :

  • Must possess law enforcement and security experience.
  • Minimum of five years’ experience in Security Management, or related field required.

Benefits

Kennedy Krieger Institute offers excellent benefits including medical, dental, vision, 401K with match, tuition reimbursement, free parking and child care subsidies! In addition, we offer rich professional development opportunities.

We require full COVID vaccination or documentation of medical and / or religious exemption(s) approval for this job as we are a healthcare institution committed to putting health and safety first for our patients, students, employees, and the communities we serve.

EOE / M / F / D / V

Full-time
APPLY

Security Analyst Intern

Arena Technical Resources Baltimore, MD
APPLY

Description : Job Description :

Job Description : Position Overview :

Position Overview :

This is an associate position is primarily geared towards a college student just starting out in the cybersecurity field.

The primary responsibilities in this job will be security analysis. Secondary responsibilities include risk management.

Short Description :

Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.

Monitor anti-malware, host-based intrusion detection, file integrity, and hardening compliance measures. Collaborate with technical SMEs to mitigate findings and scrutinize security events and issues for potential indicators of compromise.

Job Description :

At GDIT, people are our differentiator. We are seeking an Associate Cyber Security Analyst to join our team to support Centers for Medicare & Medicaid Services (CMS) activities at Windsor Mill, MD.

As a security analyst supporting the Healthcare Integrated General Ledger Accounting System (HIGLAS) contract, you will work with a team of analysts and engineers to scrutinize network and system events for potential indicators of threats or compromise.

This effort includes implementing and maintaining security safeguards designed to minimize the CMS security risk and protect confidentiality, integrity, and availability of sensitive data, including privacy information.

This is an internship on a security team responsible for establishing and maintaining a high security posture for a critical federal information system.

Our team s security responsibility includes, but not limited to, developing IT security strategy and architecture, establishing security operations and monitoring, implementing risk and vulnerability management processes, remediating weaknesses, conducting audits and assessments, maintaining all manner of IT security documentation, managing access, and enforcing Federal and organizational policies.

This position allows the opportunity to work 100% remote from home preferably in Eastern or Central time zones. Those local to the Baltimore MD area will have opportunity to come into our office as needed.

Sponsorship will not be provided for this position.

Some of the key activities and responsibilities for this position include the following :

Provide support to and participate in continuous monitoring activities including monitoring host and network activity, enterprise security bulletins, vulnerability status, threat detection, and other related activities.

Analysis, assessment, and response to anomalous activity in support of security events and incident response.

Draft documentation to detail potential risks associated with known security issues within the environment.

Develop and maintain Standard Operating Procedures (SOPs) related to security tasking.

Coordinate and collaborate with technical subject matter experts (SMEs) to ensure technical and operational security controls are operating as expected.

To be suitable, you must meet these qualifications :

Ability to pass CMS background check and meet the residency requirement for having resided in the US at least (3) three out of the last (5) five years.

Enrolled in a Bachelor s degree in Information Security, Information Technology, or equivalent; 0-1 years of security experience.

General knowledge of security activities such as malware detection, host- and network-based intrusions, system hardening, etc.

Knowledge of general computing technologies (e.g., Windows Server, Linux, databases, TCP / IP network stack, scripting languages, etc.).

General experience with analysis of security or information technology issues.

It would be great if you also had :

Relevant, entry-level IT or security certifications, such as Security+ CE.

Knowledge of Splunk for conducting investigations and analysis.

Knowledge of CMS security guidelines and technology requirements.

Strong analytical, communication, written, and verbal skills with the ability and comfort level to conduct presentations for existing customer audiences.

Arena Technical Resources, LLC, (ATR) is an Equal Opportunity Employer (EOE) who will provide equal employment opportunity to employees and applicants for employment without regard to race, ethnicity, religion, color, sex, pregnancy, national origin, age, veteran status, ancestry, sexual orientation, gender identity or expression, marital status, family structure, genetic information, or mental or physical disability.

Temporary
APPLY