At Zenoss, we know building an exceptional company starts with the right people. That’s why we recruit and retain high caliber people with “can do” attitudes, who personify our value “People Who Do.”  Working together, we create an environment where we can individually innovate, achieve our best and be rewarded for delivering superior results.

Our SaaS Operations team is in search of one of the ‘People Who Do,”  to join our team as Security and Compliance Engineer. If you’re ready join Zenoss as we make our mark around the globe, keep reading.

Who You Are

You understand that managing risk is a critical role for  any company, particularly one delivering a SaaS product. You know your way around audit compliance, and maintaining and updating the company’s security posture in an ever evolving regulatory and threat landscape.  You have the skills to translate security standards and regulatory criteria into software product functions, cloud infrastructure architecture, and operational processes. You know that conducting periodic internal audits and working with third party auditors to facilitate audit compliance ensures the best results.  You know how to partner with cross functional leaders to modify controls, identify risks and collectively present them to executive leadership. You’ve helped develop and maintain data flow documentation, privacy policies, and associated processes to ensure compliance with data privacy regulations. You ensure efficient knowledge management of company processes, security details, and product features to enable rapid response to external parties evaluating Zenoss.

What You’ll Do:

• Maintain working knowledge of SOC2, FedRamp, NIST Cybersecurity, GDPR, Privacy Shield regulations and frameworks
• Participate in planning sessions with direct and cross-functional teams.
• Ensure global cloud operations maintain security framework as they evolve and scale.
• Develop and maintain a working knowledge of Zenoss products and services.
• Collaborate with Engineering and Product Management to ensure feedback into the product development lifecycle is achieved based on issues identified in production operations.
• Work with cross functional teams to translate risk assessment findings, data privacy and audit compliance controls into actionable tasks.
• Partner with Operations teams to ensure vulnerability management, coordinate penetration testing, and maintain business continuity plans.
• Maintain compliance with audit requirements and keep all customer and operation environments secure.
• Demonstrate good leadership by providing an objective, high energy, consistent work ethic.
• Ensure integrity and adherence to configuration management and change control processes and procedures.
• Carry out and assist crafting policies and procedures as established by the team, department or company at large
• Conduct quarterly internal audits, maintain appropriate documentation, and manage audit processes.
• Ensure efficient knowledge management of security responses to third parties.
• Review existing and potential vendor and partner relationships for audit and data privacy compliance.

What You Bring:

• Undergraduate degree in related discipline (IS/CS degree preferred)
• 5-10 years of professional increasing hands-on experience with security compliance, preferably with a focus on production software operations environment.
• Familiar with best practices in audit compliance, change management and security architecture such as SOC2, FedRAMP, GDPR, NIST 800-53
• Knowledge of data privacy regulation and experience implementing controls
• Detailed knowledge of SOC2 controls and familiarity with the 2017 criteria a plus
• Experience with cloud services like Amazon Web Services and Google Cloud
• Strong verbal and written communication skills
• Project and task orientation, with a focus on details
• Proactive communication, able to readily provide detailed status to customers, leadership, and project teams
• Ability to work both within a team and independently
• Ability to collaborate with team members and other departments
• Sound decision-making skills, based on compliance needs and technical knowledge
• Self-motivated and able to work under pressure to deliver high-quality solutions
• Detail oriented with excellent analytical skills