Zovio Information Systems Security Engineer III in Chandler, Arizona
Under the direction of the Senior Director, Risk Management the Senior Information Security Engineer III (SE III) is the lead Engineer for the Information Security program at Zovio. The SE III will oversee and lead procedures to ensure the safety of information system assets and to protect systems from intentional or inadvertent access or destruction.
Essential Job Duties:
The Security Engineer III ensures the confidentiality, integrity, and availability of information systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, standards, procedures, and tools
Lead and oversee implementation of the enhancement process and improvement process of the program
Maintain an expert-level knowledge of the daily security landscape and serve as a security advisor to the company as a whole
Lead and oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
The SE III will oversee development of strategic roadmaps for the program, guiding the strategic and continuous process improvement
The SE III will implement continuous improvement criteria and measurement strategies, reporting results of the CPI program to Management
Oversee the team’s conducting of regular application audits and track results over time, including overseeing audits of Security Operations Partners
The SE III will oversee and lead the integration of manual processes into automated processes
Work towards development of a Secure development framework
Track and report on status of security remediation efforts
Provide metrics to Senior Director, Risk Management and applicable leadership
Promote understanding and adherence to the necessary policies, standards, and procedures to maintain security posture
Maintain required documentation for applicable security procedures
Interface with internal staff to understand projects and impact to security posture
Foster and promote collaboration among all members of the IT Department and Risk Management Department, including security awareness
Plays key role in establishing and maintaining security controls within compliance programs, as needed (PCI, SOX, FERPA, GDPR/CCPA, etc.)
Participate in incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary
Collaborate on solutions to mitigate risks and enhance system security
Manage Information Security communication channels and establish communication requirements, internally and to external parties
Conduct internal and external Information Security compliance audits and assessments; provide analysis, recommendations and update policies and procedures as required
Work with outside consultants as appropriate for independent security audits
Lead efforts to support external auditors, regulatory auditors and other 3rd parties as needed
The SE III will mentor and guide Engineers I and II
Foster a responsive, attentive, service delivery mentality and culture within the Information Security team
Offensive Security certifications (OSCP, OSCE, OSWE) strongly preferred
IT Security Certification (CySA+, CASP, CISSP, CISM) preferred
Knowledge of industry standard IT principles, methods, security regulations, policies, and procedures for information systems
3-5 years of experience in Information Technology (Networking, SysAdmin, etc.)
Relevant security and audit certifications, such as CISSP, CISA preferred or equivalent experience
Work with development teams to carry out Application Security Reviews; performs threat modeling, vulnerability analysis, penetration testing, code reviews, and SDLC support
Working knowledge of at least one scripting language (Python and PowerShell preferred)
Provide support on risk assessment, threat modeling and vulnerability remediation
Evangelize security and be an advocate for a positive approach to application security
Write technical and executive reports based on findings
7-10 years of experience in Information Technology
Experience gathering requirements for efforts
Experience tracking and managing large amounts of data
Self-motivated and able to work in an independent manner
Technical writing experience
Must have excellent listening skills
Excellent verbal, written, analytical, organizational and human relations skills
Ability to operate in a self-directed manner with strong analytical and technical problem-solving skills
Security Community involvement preferred
CISSP, GIAC, GWAPT, GPEN, CEH, and/or certification a plus
Experience with scalable cloud security architecture (Microsoft Azure, AWS, etc.)
Application Security experience (source analysis, static analysis, DAST, threat modeling, secure SDLC, web app penetration testing)
Experience securing applications in containerized environments, including Kubernetes, cloud-native, and serverless
- Bachelor's Degree in Computer Science, Computer Engineering, or related field is strongly preferred
Zovio is an education technology services company that partners with higher education institutions and employers to deliver innovative, personalized solutions to help learners and leaders achieve their aspirations. Zovio leverages its core strengths and applies its technology and capabilities to priority market needs. Using advanced data and analytics, Zovio identifies the most meaningful ways to enhance the learner experience and deliver strong outcomes for higher education institutions, employers, and learners.
Zovio’s purpose is to help everyone be in a class of their own.
Using data and analytics to power radically innovative experiences that are simple, predictive, and tailored to every individual.
At Life Speed
In tune with real life, creating platforms that are accessible, convenient, and that meet people where they are.
Helping people make progress in their lives by solving the problems that matter with empathy and intelligence.
We are ambitious individuals coming together to create bold solutions for a brighter future. We put our people first, and value different ways of thinking.
Passion | Bring it.
We take pride in what we do and have fun doing it.
Innovation | Ignite bold ideas.
We challenge the traditional way of thinking.
Teamwork | Our teams work.
We share knowledge to get the best solutions.