Careers at Varicent
Join our team of passionate, innovative and driven professionals for a fun and rewarding career at Varicent. Collaborate, develop and grow, make an impact.
Security Engineer - Role Description
This role is located in Toronto, ON, Canada.
Varicent is the industry-leading sales performance management solution recognized by Gartner as a seven-time Leader in the Gartner Magic Quadrant for Sales Performance Management.
Founded in 2005 and having pioneered sales performance management, Varicent was named the fastest growing software company in North America by Deloitte’s Fast 50™ in 2010, was acquired by IBM in 2012 and has since been re-founded as an independent global business in January 2020. We are looking for a highly talented and driven individual to make an impact across our organization.
Our Information security Team is looking for a Security Engineer to assist in designing, implementing, operating and monitoring security solutions across Varicent. We’re looking for someone who has a deep understanding of security tools and technologies that help appropriately identify malicious activity / threats, respond to incidents, analyze vulnerabilities while collaboratively working with stakeholders across the organization. This high impact role will be responsible for recommending and/or implementing security tools and processes to appropriately mitigate risk.
The successful candidate will be working 100% from home until further notice in compliance with provincial stay-at-home COVID-19 policies.
You bring to Varicent
- Degree in Computer Science, Engineering or a related discipline.
- Certifications such as but not limited to CISSP, CEH, CCSP etc.
- Experience with public cloud-based infrastructure such as Azure, AWS, GCP etc.
- Experience in securing operating systems, networks, systems, databases and application architectures.
- Experience with antivirus, IDS/IPS, WAFs.
- Experience with industry leading Security Information and Event Management (SIEM) tools such as QRadar, Splunk and vulnerability management tools such as Nessus and Appscan etc.
- Knowledge of security standards and regulations (NIST CSF, ISO 27001/2, etc.)
- Problem-solving skills, high energy and willingness to continually learn and improve.
- Strong business communication skills (both verbal and written).
What you’ll do
- Security Monitoring, including:
- Coordination, deployment, configuration, monitoring and maintaining security toolset.
- Document processes, architecture diagrams, flowcharts etc. as it relates to Security Monitoring;
- Vulnerability and Secure Configuration Management, including:
- Implement and perform secure baseline and infrastructure vulnerability scanning;
- Review, analyze and remediate/coordinate remediation/recommend remediation activities.
- Review, analyze and provide guidance and/or remediation steps for findings generated from SAST and DAST tools and work with stakeholders to mitigate identified risk.
- Information Security Incident Management, including:
- Develop documentation as it relates to Incident Management, including Incident Response Playbooks;
- Act as first responder or escalation point, depending on incident severity, following Incident Response Playbooks;
- Determine/support investigation and root causes of incidents;
- Security Architecture & Technical Security, including
- Develop, review, update and maintain hardening standards documentation based on security best practices (CIS, NIST, etc.);
- Recommend or implement changes as it relates to infrastructure security technologies (e.g. firewalls, WAF, IDS/IPS, EDR etc.), Identity & Access, security monitoring and alerting technologies etc.;
- Security Metrics & Reporting
- Develop, collect and present security metrics for Varicent leadership team and clients, including but not limited to:
- Information Security Monitoring.
- Information Security Incidents.
- Critical/High vulnerabilities and burndown of remediation activities.