Information Security Engineer - Remote
Today, we’re the second-largest domain wholesaler in the world with tens of millions of domains under management (OpenSRS / Enom). We’re doing all kinds of interesting things, including running an MVNO cell phone service (Ting Mobile) and building true fiber to the premises networks in towns and cities across the US (Ting Internet). We offer individual and small business domains and integration with various popular platforms (Hover/Ascio).
We’re a team of over 600 people serving tens of millions of customers around the world. Our growth has been incredible, smart and measured (NASDAQ: TCX, TSX: TC). Our success is built on a solid technical and financial foundation.
Job summary:The Information security analyst is responsible for IT security solutions and responses for all corporate and production environments. This position will be responsible for designing, maintaining, configuring, troubleshooting, auditing, and documenting the status of all security initiatives and compliance solutions, as well as assisting with planning and improving incident response procedures. The Security Engineer role supports the technology needs of the organization and Tucows clients to provide a robust, secure, and reliable computing environment.
- Handles moderately sophisticated issues and problems, and refers more complex issues to higher-level staff
- Possesses proven working knowledge of the subject matter
- May provide leadership, coaching, and/or mentoring to a subordinate group
- Integrate security designs to ensure the organization’s proprietary information (data and systems) are safeguarded.
- Conduct application security assessments
- Investigates security breaches to determine system weaknesses.
- Conducts testing and configuration procedures across products and systems.
- Analyzes security management systems, enterprise systems, and data files to validate security.
- Performs security analysis across networks, databases, and internet/web operations.
- Evaluate security plans to ensure the integrity of new and/or existing business operations.
- Translates and designs security requirements.
- Provides management with risk assessment briefings on products and/or services.
Experience and Qualifications:
- Experience securing critical production environments to meet audit requirement (PCI, SOC2, ISO)
- Strong Knowledge in DevOps and DevSecOps processes, workflows, and technologies.
- Solid experience implementing security monitoring, logging, and alerting.
- Solid experience with containerized environments and orchestration (Docker, Docker Swarm, Kubernetes) and CI/CD
- Solid experience with security vulnerabilities, exploits, and practical mitigations. Knowledge of security vulnerability testing tools (e.g. Network Vulnerability Scanners and SAST/DAST technologies).
- Solid experience with the development and execution of threat assessments and security testing methodology.
- Solid experience with network technologies (e.g. firewalls, gateways, switches, routers, IDP/IPS, concentrators, load-balancers)
- Solid Experience with network application protocols and their built-in security mechanisms (e.g. TCP/IP, SSL/TLS, IPSec, HTTP, SSH, SMTP, SNMP etc.), as well as internetworking design concepts and architectures.
- Proven ability in Information Security
- Bachelor’s degree in computer science or a related technical field.
We believe diversity drives innovation. We are committed to inclusion across race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status or disability status. We celebrate multiple approaches and diverse points of view.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.