Alteryx is seeking an experienced Senior Cyber Security Engineer with demonstrated competence and thought leadership capability to contribute toward the success of our Cyber technology initiatives. The role reports to the Vice President of Information Security and Data Privacy. The Sr. Cyber Security Engineer is a critical role within the Information Security organization focused on identifying and remediating cyber security risks and assisting IT with automating solutions to reduce the organization's risk landscape. This role will focus on Incident Response identifying and mitigating advanced threats within the organization.
The Sr. Cyber Security Engineer will also assist with the security design, implementation and support of security solutions and technologies to help protect the environment from unauthorized access, use, disclosure, destruction, modification, or disruption. The Engineer will analyze system services, operating systems, networks and applications from a cyber security perspective, discovering security issues that appear under existing and new threat scenarios.
* Own and enhance the Cyber Incident Response Program * Continue to mature the Cyber Defense framework, policies and procedures * Partner with IT to assess, enhance, design and deploy Cyber Defense monitoring, prevention and malware technologies * Perform analysis of events/incidents and provide remediation suggestions to relevant business owners * Research and document security best practices to proactively identify cyber security gaps including vendor review, new technology evaluations and proof of concept trials * Assist in the assessment of the current vSOC solution for internal and external environments * Collaborate with Engineering teams to build out the DevSecOps approach * Review vulnerability scans and work with Risk and Compliance, IT and Engineering to prioritize vulnerabilities based on risk and threat intelligence as well as secure compliance * Assist in monitoring configuration management to ensure IT and Engineering related assets comply with Security standards * Collaborate with IT and Engineering to ensure compliant inventories and secure baseline images * Assist in the monitoring and review of Firewall Rule sets/configurations and changes to ensure proper oversite and compliance against security standards * Analyze penetration/assessment test results and engage with Information Technology and business units to resolve and track identified findings and recommendations * Participate in disaster recovery exercises
* 5+ years of experience in the Cyber Defense Domain of Knowledge * 7+ years of experience in Information Security * 3+ years in securing Cloud Security platforms such as AWS, Microsoft and Google Cloud Solutions * Bachelor's degree in Cyber Security, Information Security or equivalent work experience * Hans on experience in leading and working a cyber breach and breach investigation * Experience in IT infrastructure management * CISSP and or GIAC certifications * Experience with Continuous Integration and Continuous Delivery practices of DevSecOps * Confident ability to recognize security events of interest that may require improved detection/alerting capabilities. * Has mastered the Security Core concepts of Data Center and Cloud Technologies (Inventory Management, Vulnerability Management, Configuration Management and Patch Management) * An understanding of tiered defense-in-depth security design * Detailed technical knowledge in security engineering, system and network security, authentication and security protocols, security vulnerabilities and remediation techniques * Experience with Windows and Linux Servers * Familiar with emerging technologies in the security monitoring, event correlation and alert/detection space
Desired Skills and Experience
* CCSP is a definite plus * Familiarity with common industry best practices (ITIL, SDLC, AGILE) * Recent working experience with the following compliance programs: ISO 27001, ISO 27018, SSAE18 SOC1 Type 2/SOC2 Type 2, CSA and FISMA/FedRAMP * Some experience in application architecture and middleware technology * Security and IT Metrics experience (dashboards) * Some experience with process automation and/or scripting (i.e. XML, python) is a plus * Excellent written communication and presentation skills with the ability to present complex security issues to a variety of audiences, including senior executive team * Must be self-directed, able to manage individual projects or act as part of a larger team * Proven ability to positively influence change and adoption of information security protocols and concepts * Ability to work extremely well under pressure while maintaining a professional image and approach * Strong business acumen & successful track record in aligning with peers * A strong cross-functional team player with ability to lead and coach others in a matrix structure, across time zone and national boundaries
Alteryx (formerly SRC) is a provider of a subscription-based end-to-end analytics platform that allows organizations to discover, access, prepare, and analyze data from multiple sources.