Job Specifications
PagerDuty, Inc. (NYSE:PD) is a global leader in digital operations management. Trusted by nearly half of both the Fortune 500 and the Forbes AI 50, as well as approximately two-thirds of the Fortune 100, PagerDuty is essential for delivering always-on digital experiences to modern businesses.
Join us. At PagerDuty, you'll tackle complex problems, collaborate with kind and ambitious people, and help build a more equitable world--all in a flexible, award-winning workplace.
PagerDuty is seeking an Enterprise Security Engineer to join our diverse, customer-focused team! As a member of the IT Operations & Security team, you will collaborate with a global team of technology and security professionals to proactively identify and mitigate enterprise risks, monitor and respond to security events, respond to and assist in security incidents as a security incident responder, and protect PagerDuty's enterprise systems, data, and operations.
You will be responsible for partnering closely with the CISO organization on the planning and execution of key security initiatives related to enterprise security. You will develop and track key security metrics and ensure best-in-class operations, including the creation and ongoing maintenance of enterprise security technology runbooks, and automated workflows, assisting in process refinement and operational ownership of enterprise security technologies. You will collaborate with a diverse team of analysts, engineers, and key stakeholders on security initiatives across the company to define, design, and implement security programs and technology projects and will communicate and interact regularly with senior IT and business leadership
The ideal candidate possesses a natural curiosity about information security, a passion for doing what's right, and will use their expertise to implement a best-of-class Enterprise Security program at PagerDuty.
This role is expected to come into our Toronto office at least 2 times per week, so you can thrive in your new role and fully embrace being a Dutonian!
Key Responsibilities
Partner closely with CISO organization to design and implement enterprise IT security architectures and solutions.
Tracking the evolution of cutting-edge security technologies, and keeping up to date of the latest security threats and trends
Focus on enterprise security and zero-trust technology, serving as the principal technical expert in this area within the Enterprise Security department
Monitors security alerts and leads the team in identifying and responding to security threats
Monitors systems for vulnerabilities, provides prioritization, and drives remediation efforts
Working cross-functionality to triage suspicious activity and drive remediation (performing L2-L3 duties as needed)
Analyzing threat intelligence feeds to develop metrics, alerts, and techniques to protect against new and emerging attack vectors
Develop metrics, thresholds, alerts, dashboards, and incident response playbooks
Drive the design and development of automated security response and maintenance solutions.
Oversee our workstation vulnerability management & endpoint compliance program
Develop internal playbooks and tabletop exercises to train teams on how to handle common attack scenarios
Develop and report metrics on security posture (e.g. endpoint compliance, vulnerability gaps, application security, etc.)
Partner with Compliance teams to ensure and demonstrate implemented controls are working efficiently
Participates in information security control assessments providing risk-based gap analysis and prioritized remediation recommendations.
Act as SME for EDR tooling on corporate Workstations
Participate on rotating on-call schedule
Basic Qualifications
At least 5 years of experience in the information security industry, with 3+ years in network security or zero-trust, and 3+ years in security architecture or solution experience.
Extensive knowledge of Information Security concepts especially in the areas of security threats, analyzing security logs and driving Incident response.
Extensive knowledge and practical experience in network security and zero-trust.
Broad understanding of the IAM cybersecurity landscape including identity stores, authentication/authorization, strong authentication, and privileged access management capabilities and methodologies
Deep understanding of security technologies and concepts including SIEM, MDR/XDR, EDR and vulnerability management.
Strong understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework).
Strong knowledge of incident response processes
Preferred Qualifications
Familiarity with the following industry frameworks & regulatory standards: HIPAA-HITECH, Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR), ISO 27001/2, NIST Cybersecurity Framework (CSF/800.53), SOC2, FedRAMP
Current certification in an industry-recognized information security certification such as CISSP, CISA, CISM, Sec
About the Company
In an always-on world, teams trust PagerDuty to help them deliver an optimal digital experience to their customers, every time. PagerDuty is the central nervous system for a company's digital operations. We identify issues and opportunities in real-time and bring together the right people to respond to problems faster and prevent them in the future. From digital disruptors to Fortune 500 companies, over 18,000 businesses rely on PagerDuty to help them continually improve their digital operations--so their teams can spend les...
Know more