Sr. Information Security Engineer

Seniority Level: Mid-Senior

Location: Remote (select US States)

About the role and about You:

At Zwift IT, we are constantly improving our security practice and enforcing our security policy. Currently, we are looking for a senior IT security engineer who will have strong domain expertise in enterprise security architecture, endpoint security protection, networking security, and risk assessment and analysis. This is a unique opportunity to work with an innovative team in a business-critical discipline.

Successful corporate Information Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and comfortable navigating ambiguity. You should have strong problem-solving skills, excellent interpersonal skills, a deep technical understanding of corporate information security infrastructure, and endpoints threats, strong scripting and automation skills, and the desire to be an individual contributor to securing Zwift enterprises, services, and endp

What you’ll do:

• Develops and implements security technologies, standards, processes, policies, and guidelines for the enterprise
• Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
• Coordinates with other groups to assess, implement, and monitor IT-related security risks/hazards
• Responsible for the day-to-day operations of technical security including, but not limited to, IPS/IDS, Vulnerability Scanning & Management, Patch Management, Encryption, Content Filtering, email hygiene, DLP, Identity & Access Management/SSO, and secure file sharing.
• Ensures Identity and Access reviews are performed periodically and follows through on findings and remediation's
• Follow standards in accordance with company policies and regulations (ISO 27001, PCI, SOX, etc.)
• Prepare and present Security test findings to stakeholders.

What you'll have:

• Bachelor’s degree in Computer Science, Information Systems, or related technical field
• 5+ years of working experience in Information Security Domains
• Experience in planning and executing IT Security initiatives end to end
• Solid understanding of information security standards & practices
• Experience with security products from a variety of vendors (firewalls, intrusion detection systems, vulnerability scanners, multi-factor/strong authentication technologies, RADIUS/TACACS+ servers, logging, penetration testing software, etc.)
• Experience with a variety of security technologies and concepts (DMZ architectures, cryptography, forensics techniques, PKI, digital certificates/signatures, hashing/ciphers, IPsec, wireless technologies, URL filtering, etc.)
• Experience with endpoint security solutions including anti-virus, DLP, encryption, and malware remediation techniques.
• Experience analyzing and applying information security, risk management, and privacy practices
• Solid understanding of IT processes including security, incident management, configuration management, change management, release management, problem management, business continuity, and disaster recovery
• Expert knowledge and experience in a broad range of security controls and risk management frameworks (NIST, ISO 2700x, PCI)
• Excellent communication, verbal, and writing skills.

Bonus points:

• Comfortable in an AWS environment
• Technical Leadership capability with project and time management skills
• CISSP, CCSP, or other Cyber Security related certifications
• Ability to train security/audit concepts

How to stand out among the rest:

Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.

Values:

Of course, we are nothing without our values. Our values ground us. They ensure we run and build a company where people love to work, feel like they are welcomed, included, and belong.  Only then can they thrive and do their best work.  The values we strive to live every day are:

• Make It Fun
• Elevate Teammates
• Cultivate Our Community
• Always Level Up
• One Zwift for All

We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing [email protected]. 

Zwift, Inc. is an Equal Opportunity Employer.

Transparency in Coverage: 

Health plan price transparency is designed to help consumers know the cost of covered items or healthcare-related services prior to the date upon which they receive care. Transparency in Coverage (TIC) regulations require health insurers and group health plans to create machine readable files (MRFs) that contain the negotiated rates for in-network providers and allowed amounts derived from historical claims for out-of-network providers and make those files publicly available.

Here is the link to the site on which Kaiser Permanente posts its in-network and out-of-network allowed amount machine-readable files (MRFs).

Here is the link to the site on which Anthem posts  its in-network and out-of-network allowed amount machine-readable files (MRFs). The link will allow you to search for your files using your Employer Identification Number (81-2798595)