Job Specifications
(Fremont - USA)
Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions.
Company Overview
At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration.
We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities.
Learn more at www.ivalua.com. Follow us on LinkedIn and Twitter.
THE OPPORTUNITY
Context
Our team is dedicated to serve our clients post going-live the best way we can to secure an exceptional client experience.
With over 10 global team members, Infosec team needs to work with IT and R&D teams to keep our enterprise-class SaaS service secure from a variety of threats.
Role
This is an exciting opportunity for a Senior Security Engineer role at Ivalua. You will engineer, implement, review and monitor technical security controls to protect and enhance the security of our hosting and corporate infrastructure, networks and applications. You will also help with operational security aspects which will include performing security reviews on infrastructure changes, reviewing firewalls rules, analyzing results from vulnerability or penetration testing reports, investigating security events by analyzing logs and identifying actionable plans to address in the infrastructure.
What You Will Do With Us
Perform technical security design, architecture, change and/or configuration audits/reviews on our hosting and corporate infrastructure systems including Azure cloud environments, servers, network devices, endpoints, and security technologies deployed (CNAPP, MDM, WAF, DDoS, etc.)
Act as the main SPOC for the network and cloud vulnerability management activities to perform scanning, internal and third-party penetration testing and red teaming as well as analysis and retesting of the reported security findings
Collaborate with the SOC team to enhance our detection and response processes and capabilities
Support the security initiatives for securing our Azure environments (EntraID Conditional Access, CSPM, Infrastructure as Code, NSG rules review etc.)
Provide support to the GRC team on the technical security controls related to compliance initiatives (such as FedRAMP, PCI, NIST 800-53 r5, IRAP, SANS CIS 20) and the technical security questions from customers and prospects
Act as the SME on infrastructure and cloud security topics, expand and develop sharing of technical knowledge and collaborate with multiple internal teams to review and improve the technical architecture and efficiency of IT and security operational processes
YOUR PROFILE
If you have the below experience and strengths this role could be for you:
Skills And Experience
At least 5+ years of hands-on experience on infrastructure and network security engineering / architecture, protocols and technologies like CNAPP, CSPM, MDM, IAM, DDoS
At least 5+ years of hands-on experience in performing network and/or cloud penetration testing
Bachelor's degree in related field preferred or equivalent experience with proven skills
Experience with scripting (such as Python, PowerShell etc.)
Knowledge of Active Directory (key concepts, protocols, services, tiering, main attacks, best practices for hardening etc.)
Knowledge of Cryptography concepts, encryption algorithms, protocols, keys and certificates management
Hands-on experience with security concepts on Azure cloud environments and services (Azure EntraID, Azure Key Vault, Azure encryption, Azure Sentinel, NSG, Azure firewall etc.)
Experience with security incident response and investigation
Ability to foster collaborative, open and working relationships with technology and other stakeholders
Experience with security standards and compliance programs such as OWASP, NIST, FedRAMP, PCI, SANS CIS 20
An Information Security qualication or evidence of starting to work towards e.g. OSCP, eJPT AZ-500, GIAC GPEN or similar certication
Ability to handle multiple tasks, prioritize and meet deadlines
Soft Skills
Ability to handle multiple tasks, prioritize and meet deadlines
Ability to foster collaborative, open and working relationships with technology and other stakeholders
What Happens Next
If your application fits this specific position's needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals - apply today!
Our Talent team will guide you through every step of the interview process - from prepa