Zovio Careers

Job Information

Zovio Security Engineer I in Chandler, Arizona

Position Summary:

The Security Engineer I is a full-time member of a dynamic team whose successful execution of their charter requires curiosity, tenacity, a passion for Information Security, and a diligence to pursue the latest in the state of the art -- this is a challenging but rewarding position.

As an integral member of the Information Security Team, the Security Engineer I will develop and demonstrate technical proficiencies to support the planning and delivery of world-class enterprise systems, software, and infrastructure.

Under the guidance of the information security staff, the Security Engineer I will perform procedures to ensure the safety of information system assets and to protect systems from intentional or inadvertent degradation or destruction. Located in Chandler, AZ, the Security Engineer I will report to the AVP, Information Security and Risk Management.

Essential Job Duties:

  • The Information Security Engineer I (SE I) ensures the confidentiality, integrity, and availability of information systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, standards, procedures, and tools

  • Participate in incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary

  • Maintain an expert-level knowledge of the daily security landscape and serve as a security advisor to the company as a whole

  • Support activities which monitor, alert, and respond to Information Security incidents.

  • Support the design, deployment, and maintenance of Information Security controls and technology

  • Support development of and maintain Standard Operating Procedures related to current Information Security services and the current Application Development Lifecycle

  • Track key risk indicators over time, reporting such as metrics and key performance indicator measurement program, and provide metrics to Senior Director of Risk Management and applicable leadership

  • Promote understanding and adherence to the necessary policies, standards, and procedures to maintain security posture

  • Track and report on status of Information Security remediation efforts

  • Interface with external staff to understand projects, impact to security posture

  • Promote awareness of security issues among staff

  • Support the execution of process improvements as necessary

  • Assist external auditors, regulatory auditors, and other 3rd parties as needed, supporting security controls within compliance programs, as needed (PCI, SOX, FERPA, GDPR/CCPA, etc.)

  • Assist in company-wide security initiatives

  • Drive strategic roadmaps for the Information Security program and relates systems

  • Performance of various administration tasks and projects as assigned

  • Transform manual processes into automated solutions

Minimum Requirements :

  • Knowledge of industry standard IT principles, methods, security regulations, policies, and procedures for information systems

  • 1-3 years of experience in Information Technology (Networking, SysAdmin, etc.)

  • Relevant security and audit certifications, such as CISSP, CISA preferred or equivalent experience

  • Work with development teams to carry out Application Security Reviews; performs threat modeling, vulnerability analysis, penetration testing, code reviews, and SDLC support

  • Working knowledge of at least one scripting language (Python and PowerShell preferred)

  • Experience with Intrusion Detection Systems, Firewalls, and Endpoint Security

  • Experience with Data Loss Prevention technologies

  • Experience with Metasploit and/or Penetration Testing frameworks

  • Experience with Vulnerability Scanning, Detection and Remediation frameworks

  • Experience with Web Application Security

  • Experience with Scripting and/or Programming

  • Experience with both Microsoft and Unix-Based technologies

  • Experience with working knowledge of TCP/IP and OSI Model

  • Experience with Information Security Frameworks

  • Self-motivated and able to work in an independent manner

  • Technical writing experience

  • Must have excellent listening skills

  • Excellent verbal, written, analytical, organizational and human relations skills

  • Ability to operate in a self-directed manner with strong analytical and technical problem-solving skills

  • Experience in higher education preferred but not required

  • Security Community involvement preferred

Nice-to-Haves:

  • Offensive Security certifications (OSCP, OSCE, OSWE)

  • IT Security Certification (CySA+, CASP, CISSP, CISM)

  • CISSP, GIAC, GWAPT, GPEN, CEH, and/or certification a plus

  • Experience with scalable cloud security architecture (Microsoft Azure, AWS, etc.)

  • Application Security experience (source analysis, static analysis, DAST, threat modeling, secure SDLC, web app penetration testing)

  • Experience securing applications in containerized environments, including Kubernetes, cloud-native, and serverless

Education:

  • Bachelor's Degree in Computer Science, Computer Engineering, or related field is strongly preferred

  • IT Security Certification (Comptia Security+, SANS GIAC Series Certifications, Offensive Security Series Certifications, CEH, or equivalent) preferred

Zovio is an education technology services company that partners with higher education institutions and employers to deliver innovative, personalized solutions to help learners and leaders achieve their aspirations. Zovio leverages its core strengths and applies its technology and capabilities to priority market needs. Using advanced data and analytics, Zovio identifies the most meaningful ways to enhance the learner experience and deliver strong outcomes for higher education institutions, employers, and learners.

Zovio’s purpose is to help everyone be in a class of their own.

Our Commitments

Truly Personalized

Using data and analytics to power radically innovative experiences that are simple, predictive, and tailored to every individual.

At Life Speed

In tune with real life, creating platforms that are accessible, convenient, and that meet people where they are.

Activating Ambition

Helping people make progress in their lives by solving the problems that matter with empathy and intelligence.

Our Culture

We are ambitious individuals coming together to create bold solutions for a brighter future. We put our people first, and value different ways of thinking.

Passion | Bring it.

We take pride in what we do and have fun doing it.

Innovation | Ignite bold ideas.

We challenge the traditional way of thinking.

Teamwork | Our teams work.

We share knowledge to get the best solutions.

DirectEmployers