Information Security Engineer I

Posted May 26

It’s about more than the right fit. We’re looking for the right connection.

At Nextiva, it’s our team members that make Nextiva a great place to work. Nexties are smart, driven, and the best in class at what they do. We’re changing the game in the software industry with the first of its kind, conversation-centric work hub that unifies team collaboration, customer management & engagement in ONE single application.

Since its founding in 2008, more than 100,000 companies rely on Nextiva for customer and team communication. We believe in the power of strong connections; connections to our customers with our signature Amazing Service®, our products and services, and most importantly, each other.

Build Amazing - Deliver Amazing - Live Amazing - Be Amazing

The Information Security Engineer is responsible for implementation, operation, monitoring and administration of a variety of tools and processes to protect company information in accordance with the Information Security Program and related policies. The engineer conducts Incident Response and investigates and assesses threats and responds to enterprise security events and incidents. The engineer performs vulnerability assessments and supports mitigation efforts across the organization, supports penetration testing, and supports internal and external audit.

Key Responsibilities:

  • Establish and maintain strong working relationships with the departments involved with information security (Operations, Development, IT, Legal, Human Resources, and others)
  • Participate in the development of Information Security Program policies, processes, procedures, standards, guidelines, and the training of staff.
  • Recommend and implement improvements to the effectiveness of the Information Security Program.
  • Provide direction to employees according to established policies and management guidelines for system, application and network security.
  • Operate, manage, monitor and improve technical security controls across the enterprise, including AV, IDS, vulnerability scanning, WAF, code scanning, web proxies, encryption and audit log monitoring.
  • Perform periodic internal security reviews and risk assessments; support internal and external information security audits.
  • Manage vulnerability assessment and testing tools to identify security vulnerabilities and weaknesses and ensure consistency and compliance with established standards and security policies.
  • Implement custom WAF rules and policies in security tools to mitigate threats and reduce risk. Review reports for anomalies. Take appropriate action to address alerts and report findings.
  • Respond to security incidents, conduct root cause analysis of incidents, recommend corrective actions and ensure corrective action completion.
  • Document information security monitoring, scanning and testing procedures.
  • Keep up to date with the security field, including emerging vulnerabilities.
  • Perform other duties to support the technical and operational security of the organization as required.

Qualifications:

Includes required, preferred and percentage of travel, if applicable

  • Bachelor’s degree in an IT related field or equivalent experience and 1-3 years of experience in working in IT security, IT systems or network engineering, software development, QA, or a related role.
  • Desired certifications – one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+.
  • Working knowledge of, and experience in, desktop and server environments, including Mac, Windows, and Linux operating systems.
  • Experience with IT technologies related to security, including Active Directory Group Policies, LDAP, SSO, SSL, encryption and hashing algorithms, and key management practices.
  • Flexibility to work off-hours to support global project teams and maintenance windows.
  • Ability to support 24x7 on-call for incident response on a rotating basis.
  • Other desired experience:
  • Familiarity with GDPR, CCPA, HIPAA or PCI privacy and security requirements and ISO 27001, SOC 2, NIST or CIS 20 frameworks.
  • General knowledge of security implications of threats and vulnerabilities related to networks, servers, operating systems, applications, and databases.
  • Experience conducting security assessments, technology reviews and application requirements analysis from a security design perspective.
  • Experience developing software, scripting and using SQL queries to automate controls, processes and reporting.
  • Experience using SIEM and log management tools.

Competencies:

  • Strong analytical problem-solving skills and attention to detail.
  • Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans, organizes, schedules and executes tasks and projects in an efficient and productive manner.
  • Ability to form productive relationships across the organization to accomplish information security objectives.
  • Ability and willingness to learn all aspects of the information security field.
  • Professional verbal and written communication skills in English.
  • Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously, phone, email, tickets, and chat.
  • Able to assess, document, and prioritize identified security flaws and vulnerabilities based on risk.

Typical Office Environment: Requires extensive sitting with periodic standing and walking. May be required to lift up to 35 pounds unassisted. May be required to lift over 35 pounds using assistive device and/or team lift. Requires significant use of personal computer, phone and general office equipment. Needs adequate visual acuity, ability to grasp and handle objects. Needs ability to communicate effectively through reading, writing, and speaking in person or on telephone.

Compensation, Rewards & Benefits:

The salary or hourly wage offered by Nextiva to external candidates considers a wide range of factors, including but not limited to skills sets, experience, training, licensure and certifications, etc. Our compensation decisions are dependent on the facts and circumstances of each case. Our estimate of the expected hiring range for the position as posted is $68,000 - $107,000.

Nextiva provides a comprehensive employee benefits package that includes medical (including supplemental plans for accident, hospitalization and critical illness), telemedicine, dental, vision, disability, life insurance, legal assistance, an Employee Assistance Plan, paid parental bonding leave, PTO for hourly employees and Flexible Time Off (FTO) for salaried employees, an employee long-term savings plan (401k) through Fidelity with Nextiva matching, comprehensive employee wellness programs and loads of learning and development opportunities which are coupled with career paths to last a lifetime.

Interested in joining our amazing team at Nextiva HQ? Apply today as we launch the future of business conversations! 🚀