Principal Security Engineer
San Francisco, CA

Job Description

Summary

Esurance is looking for a Principal Security Engineer to join a dynamic and award-winning team of individuals who are committed to making insurance smarter, easier, and dare we say- cooler. As part of a growing company that is focused on providing an outstanding customer experience, you'll have the opportunity to expand your skills and discover your potential.

If you're looking for a career at a socially conscious company that offers great benefits - including matching 401k and tuition reimbursement - then you may have just found your new home.

Esurance combines the spunk of a startup company with the backing of Allstate (the largest publicly held personal lines insurer in the U.S.) to create a unique, energized, and exciting place to work.

Responsibilities

The Principal Security Engineer as a member of the IT Security team that bolsters and maintains the security posture ofEsurance applications, services and the infrastructure in order to protect against security threats including intrusions,malware, system-level breaches, unauthorized access, insider attacks and loss of proprietary information. This individualis expected to be available for off-hour support as part of an on-call rotation and to travel within the continental UnitesStates as needed.

Job Responsibilities:

Proactively work with IT and business to identify security risks and implement practices that meet standards forinformation security. Security Architecture - Architect security solutions and technically lead their implementation from end to end Security Incident Response - Oversee threat management and security incident handling, including the coordinationof investigations and reporting of security incidents to management, in alignment with business needs and regulatoryrequirements Implementation of Security Controls - Design and implement controls to meet Esurance security and complianceneeds Log Review - Review consolidated system logs and other audit trails on a regular basis for indications of attacks. Vulnerability Management - Work with Esurance development and infrastructure teams to identify and remediateapplication- and infrastructure-related vulnerabilities Security Expertise - Serve as a resource cross-functionally to share security insight and best practices with teamsacross the company Security Governance - Develop Information Security Policies, Standards, Procedures and best practices to supportEsurance's security control framework Security Due Diligence - Ensure that security is factored into the evaluation, selection, and configuration of hardware,applications and software Security Assessments - Conduct third party security assessments as required Compliance - Ensure compliance to Esurance control framework and best practices through continuous monitoringand gap analysis. Provide support and guidance for legal and regulatory compliance efforts, including audit support Security Awareness - Promotes information security awareness throughout the company. Develop informationsecurity as a core competency throughout the company Security Monitoring - Ensure audit trails, systems logs and other monitoring data sources are reviewed periodicallyand are in compliance with policies and audit requirements Evolution and Skill Enhancement - Stay current with security technologies and threats by monitoring vendor andindustry publications and attending training

Qualifications:

Security engineering experience, including experience implementing encryption, intrusion detection, network security,multiple operating systems (Windows, Linux, etc.), directory services (Active Directory, LDAP), Virtualization Security,Security Information and Event Management (SIEM) tools and log management, web application and network vulnerabilityscanning, etc. Experience with Network Security technologies including Firewalls, IDS/IPS system, cryptographic systems, identitymanagement systems, RADIUS, and TACACS Ability to work independently as well as a member of a team Ability to articulate security issues in terms of business risk Analytical skill, technical knowledge and practical application of information security at a business and technical level Esurance Insurance Services, Inc. is an Equal Opportunity Employer. The above statements are intended to describe the general nature and level ofwork being performed by people assigned to this job. This description is not intended to be construed as an exhaustive list of all the responsibilities,duties and skills required. Experience in the Financial Services industry and solid understating of ISO 27001, SOX and Payment Card Industry(PCI) Data Security Standards (PCI DSS) as well as experience in the implementation of controls to mitigate PCIissues CISSP certification is highly desirable

Experience / Education:

Bachelor's degree (B.S.) in Computer Science or equivalent job experience Minimum 7 years experience implementing security solutions and processes Minimum 7 years experience with Network Security technologies

Physical Demands and Work Environment:Representative of those that must be met by an employee to successfully perform the essential functions of this job. Mustbe able to operate a PC and sit for extended periods of time. Reasonable accommodations may be made to enableindividuals with disabilities to perform the essential functions.

Qualifications

Benefits

At Esurance, being committed to our employees is not just something we say, it's something we do. Our benefits package is designed to help our associates stay healthy, meet their long-term financial goals, and balance the demands of work and personal life. Esurance rewards hard work, dedication, and creativity with competitive salaries and a generous bonus system. We are committed to our employees and we are dedicated to creating a diverse, positive, innovative and team-oriented work environment.

Health & wellness

* Medical, vision, and dental insurance
* Life Insurance
* Accidental death and dismemberment coverage
* Wellness tools and coaching
* Group critical illness coverage
* Accident indemnity and hospital indemnity plans
* Group legal
* Student Loan Repayment Program
* Identity Protection

Savings

* 401(k) plan with annual matching contribution
* Choice Dollars
* Referral bonuses
* Performance-rewarding bonus system
* Tuition assistance program (up to $5,250 per year)
* Health savings and flexible spending accounts
* Commuter benefits

Family & community

* Adoption assistance
* Buckle Up Baby program
* Pet insurance discount
* Charitable gift matching
* Give Time, Get Time volunteer program
* Employee Assistance Program

Time off

* Paid time off (holidays, vacation, personal days)
* Short-term disability
* Long-term disability (employee-paid option)