- Salary: $130000 - $150000
- Citizenship: Not Provided
- Incentives: Stock Options
- Education: Bachelors Degree
- Travel: No Travel
- Telework: Optional Telecommute
Security Operations Manager
Chicago, IL / Los Angeles, CA / United States, Remote
At Amount we have a thriving culture and possess a truly entrepreneurial spirit. We value innovation and individual voices, we are committed to active inclusion and diversity, and we support each other's growth. Most importantly, we’re always ready to hustle!
If you’re ready to thrive in a fast-paced environment, come join an organization with visionary leadership and FinTech disruptors. With your help, we will continue to reinvent banking by helping our Amount platform partners innovate and digitize their banking products and services!
Learn more about our recent Series D Funding that happened in May! https://techcrunch.com/2021/
Amount is seeking a Security Operations Manager role. The right candidate for the role will manage and support the security operations team with the objective of investigating, analyzing, and responding to cyber incidents within Amount’s network and AWS cloud services. Core responsibilities consist of building, developing, and managing a growing team of security engineers who perform many tasks: incident response, log analysis, tooling development, and risk assessments. The right person will be able to navigate complex security problems, thinking like both a hacker and defender, and drive relevant teams to take the right actions in the right time frames to mitigate risks.
What you’ll work on:
- Mentor and manage teams of security engineers to drive best outcomes with data, conviction, and diplomacy
- Create and execute roadmaps and project plans and own all operational metrics and support for the SecOps team
- Foster a culture of continuous engineering improvement through mentoring, feedback, and metrics
- Evangelize operational excellence by leading operation reviews, documenting best practices, and prioritizing automation
- Distill and communicate technical concepts to the team and other stakeholders
- Breadth of knowledge across Amazon Web Services (AWS) products & security solutions
- Knowledge of implementing security principles in DevOps pipelines with containerized workloads
- Securing Amount applications deployed across AWS cloud infrastructure including account structure IAM policies and network controls such as Virtual Private Cloud (VPC), subnets, and security groups, not just limited to a single workload
- Monitor external data sources (e.g., cyber defense vendor sites, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine which security issues may have an impact on the enterprise
- Proactively monitor, identify and analyze complex internal and external threats, including viruses, targeted attacks and unauthorized access
- Perform investigation of network, cloud resources and hosts/endpoints for malicious activity and assist in efforts to detect, confirm, contain, remediate and recover from attacks
- Engineer solutions to automate the security analytics platform/SIEM to make alerting more meaningful by reducing noise
- Ability to design and enhance incident response processes for both cloud and within Amount’s network. (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation)
- Support security operations by automating data collection, analysis, and report generation using script language programming (Shell/Perl/Python/Ruby)
- Work with client facing stakeholders such as partners and vendors to help comply with information security requirements
- Educate and advise internal stakeholders on security best practices and architecture
- Understanding of Security principles, techniques and technologies such as SANS Top 20 Critical Security Controls and OWASP Top 10
- Maintain and improve standard operating procedures and processes
Who you are:
- 5+ years of security related experience in areas such as pen-testing, intrusion detection, incident response/handling, Firewall administration, Security analytics, and vulnerability scanning
- Security incident and event management, log analysis, network traffic analysis, malware investigation/remediation, SIEM correlation logic and alert generation
- Vulnerability scanning tools and reporting (Rapid7 etc.)
- SIEM solutions such as SumoLogic, Splunk or similar with the experience to write complex queries to configure alerts and dashboards
- AWS resources including: EC2, ECS, RDS, Lambda, CloudWatch, Guard Duty, Security Hub, Inspector, Systems Manager, Config, CloudFront, VPC security configuration and Security groups
- AWS/Cloud security audit tools such as ScoutSuite, Cloud Custodian, CloudCheckr highly preferred.
- Securing container systems like Docker, EC2 Container Service, Kubernetes and well versed in infrastructure as code orchestration tools such as Terraform, Chef, Puppet, Ansible etc.
- Networking fundamentals (TCP/IP, Network Layers, etc.)
- Malware operation and indicators
- Current threat landscape (threat actors, APT, cyber-crime, etc.)
- Security related technologies and be able to engineer solutions with these technologies (DLP, IDS, IPS, EDR, FW, WAF, SIEM, etc.)
- Security tools experience (Wireshark, tcpdump, Netwitness, Snort, Bro, Kali, etc.)
- Audit requirements (PCI, SOX, etc.)
- Programming skills in various languages (Python, bash etc.) highly desired
Amount delivers the technology that financial institutions need to build and enhance the digital experience.
Built by digital lending industry veterans, Amount helps partners go digital in months—not years. Amount empowers multi-product omnichannel retail banking experiences and a robust point-of-sale financing suite underpinned by core platform features including fraud prevention, verification, decisioning engines and account management.
Amount partners can optimize performance across product categories by tapping into various service offerings including customer acquisition, funnel and performance assessments, and risk analytics.
- Optimistic: We believe technology has the power to improve the financial lives of everyone.
- Teamwork: We make the best technology work for our clients by working together.
- Risk Aware: We understand the impacts of each and every decision we make in our high risk industry.
- Integrity: We work honestly and undivided in our commitment to make more possible.
- Eager: We are self-starters, fully engaged and committed to pushing great ideas forward quickly and responsibly.
- Respectful: We honor diversity, value inclusion, and create an environment of belonging for people of all backgrounds.
- Committed: We are dedicated to the highest standard for our partners, their customers, and our people.
- Curious: We seek to understand the core of each problem, enabling us to find the right solution.
Benefits and Perks:
- Enjoy each other's company over happy hours, yoga and meditation sessions, lunch and learns, team demo days, game nights, and more!
- Take the time you need when you need it through our Flexible PTO policy.
- Save $$ on taxes by using our commuter and transit benefits! We also have a bike storage room available onsite.
- Take advantage of our comprehensive benefits package including medical, dental, vision coverage, 401(k), parental leave, HSA match, and an Employee Assistance Program.
- Interested in having a stake in Amount? We offer a meaningful equity program.
- Have a pet? Then, we're paws-itively certain you're going to love our My Pet Protection plans.
- Short-term disability, long-term disability, and life insurance are options too!