Security Engineer
Named one of Austin’s fastest growing companies and one of the best places to work, Q2 offers our employees a culture fueled by engaged, motivated, and dedicated team members. We’re dedicated to our mission: to strengthen communities by strengthening the financial institutions that serve them. We do it with our purpose-driven culture, and by helping banks and credit unions stand apart in their communities.
Q2 Software is seeking a Security Engineer who is passionate about securing innovative products that scale to 400+ financial institutions and 12M+ users. As a member of Q2 Security, you will evaluate, design, and implement Security systems and capabilities in a fast-paced, hands-on role that partners with stakeholders across Engineering, QA, DevOps, IT, Operations, and Product Management. If you enjoy working in a highly collaborative environment and approach every day with a burning passion to build highly scalable, resilient, and secure systems, then Q2 wants you!
You are familiar and comfortable with:
- Taking extreme ownership of challenging problems, nothing should scare you and challenges should excite you.
- Being uncomfortable, dealing with ambiguity, and working in a fast-paced environment.
- Managing demanding customer expectations with business acumen to deliver.
- Tracking your portion of projects with solid documentation.
- Continuous learning, training, and research – at times utilizing discretionary effort.
- Speaking up, disagree if you do not agree, and if you do not win, disagree and commit.
- Building custom solutions for new or unique security challenges utilizing python, or other modern languages.
- Designing, implementing, maintaining public cloud Security architectures in AWS, Azure, and GSP.
- Designing, implementing, maintaining on-premise SaaS infrastructure Security architectures, that require application knowledge.
- Understand and utilize newer tools and theories such as Terraform, containerization, microservices.
- Designing and implementing Security Controls that support NIST CSF, SOC2, ISO 27000, PCI DSS, and a few others (no one person knows them all, be willing to figure it out with help from colleagues).
- Delivering strategic and tactical Security guidance for IT, Engineering, and DevOps initiatives.
- Incorporating Security checks processes into existing and new systems.
- Baking Security controls into Engineering and DevOps pipelines (e.g., build automation and configuration management).
- Designing and implementing network-based and host-based Security tools.
- Designing, implementing, and integrating disparate Security solutions into an Analyst-friendly Security Analytics platform.
- Critiquing Security designs as part of architectural design reviews.
- Identifying problem areas, bringing multiple solutions to the table, and educating stakeholders on the possibilities.
- Providing technical mentorship to your Q2 Security teammates.
- Failing fast and failing forward.
- Measuring and reporting on progress.
- Measuring and documenting risk reduction.
- Thorough documentation.
- Talking to Internal and External customers and stakeholders.
- On-call rotations.
EXPERIENCE & KNOWLEDGE:
- Bachelor’s degree in Computer Science, Engineering, Computer Security, Information Systems, or related field (Experience and Certifications considered).
- 10+ years' related security engineering experience, operations experience is a bonus
- Linux or Windows System Administration experience.
- One or more of top 3 cloud providers environments.
- Automation and scripting via PowerShell, Python, Perl, or Bash.
- Implemented Security solutions in public clouds (AWS, Azure, and/or Google).
- Experience in a wide variety of security solutions – Network, Behavioral, IAM, Endpoint, etc.
- Splunk or similar log aggregation experience.
- Deep network understanding.
- Familiar with Configuration Management (Ansible, Chef, and/or Puppet).
EXAMPLE CERTIFICATIONS:
- CCSK (Certificate of Cloud Security Knowledge)
- AWS (or equivalent) – Certified Security Specialist
- SANS GIAC – GWEB, GWAPT, GPEN, GCED, GMON, GDSA, GSSP, etc.