Listing Description

Role.  An overview of the opportunity:

You will be able to get up to speed at your own pace, working with the security team, and with corporate information security policy already established. You will be able to take ownership and responsibility for leading and managing our security efforts. The engineering teams and IT will use your domain expertise and advice to ensure new and ongoing projects comply with the company information security standards. This is a highly visible and strategic role to support the fast growth of Skupos. 

Responsibilities.  Your responsibilities will include:

• Creating, maintaining, and updating corporate policies to meet and exceed a custom matrix of information security requirements (primarily PCI-DSS scoped for a connected service provider)


• Periodically auditing corporate, team and employee processes and actions, automated systems and associated configurations/source code, and physical workspaces to ensure a high degree of compliance with established security policies.


• Support periodic pentesting and continuous vulnerability scanning of in scope systems and infrastructure


• Review internal and external vulnerability scan reports and coordinate remediation of results with affected teams


• Support security incident response activities, including participating in incident response training and exercises


• Support the review and maintenance of network and web application firewall rules and requested rule changes, including network segregation into appropriate security zones


• Implement, support, and audit endpoint security controls


• Monitor all systems to ensure their operation and utilization comply with SI standards and directives


• Monitor virtual, physical, and wireless corporate networks to detect unauthorized or abnormal devices or network usage


• Review customer facing installation and support processes to ensure we are creating and maintaining a secure solution with our customers, following established industry standards


• Periodically conduct general security training across the organization, as well specialized security training for PCI scoped teams


• Represent the organization in infosec and security focused architecture review sessions with connected vendors and industry partners


• Represent the organization in industry standards consortium security and privacy committees

Experience.  Candidates should have:

• Experience in securing infrastructure and applications in a public cloud (Amazon Web Services, Microsoft Azure, or Google Cloud Platform).


• Experience with security controls for information security compliance programs including SOC-II, PCI-DSS


• Experience with vulnerability mitigation methods.


• Experience with IT security policies, including general employee security training and corporate workstation management.


• Security concepts in AWS and with the available automation and security tools, such as Inspector, GuardDuty, Macie, Config, CloudFormation, CloudWatch, CloudTrail, Terraform, WAF etc., while also being familiar with third party alternatives (and when it is beneficial to use them).


• The ability to monitor, evaluate, and interpret vulnerabilities/CVEs, vulnerability, risk, and security assessments, cloud platform/system/device/IDS/IPS logs, threat analysis, and malware..


• The possession of, or desire to possess, a PCIP (or higher) certification

Salary is based on experience and location.

Salary range for Denver, CO: $90,000 - $120,000