Security Engineer II at Khoros
Khoros is seeking aSecurity Engineer II to join ourfast-growing team. Our software builds trusted relationships between the world'sbest brands and their customers, helping people get answers and share theirexperiences. Customers rely on our software platform to help them connect,engage, and understand their Total Community. In a world of extremeexpectations, Khoros has allowed our customers like Airbnb, AT&T, GoPro,and many more meet the needs of their customer base by allowing them to drivethe conversation through unique and vibrant Khoros-powered communities.
- Conduct application security scanning and penetration testing using automated and manual techniques
- Conduct security assessments of our cloud hosting environment
- Coordinate compliance and customer security audits
- Work with engineering and infrastructure teams to prioritize and address security bug fixes, security feature implementations and various security enhancements
- Participate in security architecture design reviews and enhance security requirements related to new and existing software platforms, systems and features
- Create and maintain documentation
- Assist with the development and delivery of security awareness and technology training
- Associate or Bachelor's degree preferred (Computer Science or Technology preferred)
- 2+ years of professional experience in information security and web application security
- Understanding of OWASP Top 10 and SANS Top 25 application security errors
- Familiarity with cloud security best practices
- Familiarity with scripting languages such as Perl, PHP, Python, Ruby, Shell, etc.
- Experience with commercial and/or open source security tools (ex: Qualys, VeraCode, Metasploit, Burp Suite, Wireshark, WAF, IDS/IPS, Firewall, etc.)
- Strong organizational skills
- Strong analytical and problem-solving skills
- Strong oral and written communication skills
- Experience with audits and compliance (SOC2, ISO 27001, GDPR, HIPAA, PCI DSS, etc.)
- Familiarity with web protocols and standards (TCP/IP, HTTP, SSL, DNS, etc.)
- Security certifications such as CISSP, CISM, GPEN, CEH, CCNA, etc.