LastPass is looking for a Senior Information Security Engineer:
This person will join the Corporate IT Team and will be responsible for designing, implementing and supporting internal security services at LastPass. Important part of this role is security consultancy to meet standards and ensure best practices are well implemented within the Corporate IT team and across different groups. The Security Engineer implements and operates all Corporate IT Security controls, create policies and standards with procedures to follow. Identify the most secure way to implement new solutions across and ensure we meet all requirements from Compliance.
If you are passionate about complex problem solving and motivated by scale, then this is the role for you!
Who will you work with?
Work with the Internal Corporate IT team member and help and support their implementations with security glasses on. Cooperate wit LastPass Security team and ensure the requirements from them are implemented and maintained. This role is also responsible for working with SOC team in investigating security events like IDS, malware and SIEM alerts. This engineer will also work closely with Engineering and other groups of the company in implementing remediation plans for security weaknesses and ensure we’re using the latest, state of the art solutions.
What are some of the exciting challenges you will be working on?
- Implementation and maintenance of Azure security tools end features
- Create standards for endpoints across the company including OS hardening (MAC and Windows), mobile device management solutions, SaaS based applications
- Improve and maintain LastPass patching procedure
- Work with LastPass Security Team to improve our vulnerability management process
- Ensure proper remediation in place
- Follow up on security vulnerabilities across the Corporate IT environment and mitigate them
- Research and vet new security solutions
- Improve our Azure AD security posture
- Research, select, design, configure, maintain and troubleshoot security infrastructure including, but not limited to Anti-Malware console, IDS, Content Filter, Vulnerability Management, Mobile Device Management, Privilege Management system and Cloud Security and spam filtering
- Document standard operating procedure and create high quality technical documentation of security services
- Liaise with GRC team during internal and external security audit of internal systems
- Conduct security awareness trainings to instill best practices
- Assess security implications of change and access requests
- Technical security assessment of third-party services and integrations
- Be the trusted advisor of other engineering teams
What does it take to work at LastPass?
- Hands on experience with computer forensics, penetration and vulnerability testing tools, conducting internal audits, independently building systems to run security tools from the ground up,
- Prior experience in participating in Incident Response/Handling teams,
- Knowledge of Identity management and endpoint security solutions, EDR. Hands on experience in one or more of the below: Sentinel, Intune, MCAS, Azure AD, SCCM, SCOM, Azure proxy, ADFS, AV or DLP, IAM solutions like SailPoint
- Broad knowledge of Microsoft Security products, Identity Management, network security, endpoint security, cloud security, vulnerability management, security incident response and malwares.
- Fluent in English
- Good sense of humor
Its great, but not required
- Possess any technical security certifications (e.g., SANS, Offensive Security, CEH, Azure/AWS Security Engineer or any other industry standard certifications) is a plus
- Ethical Hacking or Security Analyst experience helpful
- Fluent Hungarian
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided