Zovio Careers

Job Information

Zovio Information Systems Security Engineer III in San Diego, California

Under the direction of the Senior Director, Risk Management the Senior Information Security Engineer III (SE III) is the lead Engineer for the Information Security program at Zovio. The SE III will oversee and lead procedures to ensure the safety of information system assets and to protect systems from intentional or inadvertent access or destruction.

Essential Job Duties:

  • The Security Engineer III ensures the confidentiality, integrity, and availability of information systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, standards, procedures, and tools

  • Lead and oversee implementation of the enhancement process and improvement process of the program

  • Maintain an expert-level knowledge of the daily security landscape and serve as a security advisor to the company as a whole

  • Lead and oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary

  • Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement

  • The SE III will oversee development of strategic roadmaps for the program, guiding the strategic and continuous process improvement

  • The SE III will implement continuous improvement criteria and measurement strategies, reporting results of the CPI program to Management

  • Oversee the team’s conducting of regular application audits and track results over time, including overseeing audits of Security Operations Partners

  • The SE III will oversee and lead the integration of manual processes into automated processes

  • Work towards development of a Secure development framework

  • Track and report on status of security remediation efforts

  • Provide metrics to Senior Director, Risk Management and applicable leadership

  • Promote understanding and adherence to the necessary policies, standards, and procedures to maintain security posture

  • Maintain required documentation for applicable security procedures

  • Interface with internal staff to understand projects and impact to security posture

  • Foster and promote collaboration among all members of the IT Department and Risk Management Department, including security awareness

  • Plays key role in establishing and maintaining security controls within compliance programs, as needed (PCI, SOX, FERPA, GDPR/CCPA, etc.)

  • Participate in incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary

  • Collaborate on solutions to mitigate risks and enhance system security

  • Manage Information Security communication channels and establish communication requirements, internally and to external parties

  • Conduct internal and external Information Security compliance audits and assessments; provide analysis, recommendations and update policies and procedures as required

  • Work with outside consultants as appropriate for independent security audits

  • Lead efforts to support external auditors, regulatory auditors and other 3rd parties as needed

  • The SE III will mentor and guide Engineers I and II

Minimum Requirements:

  • Foster a responsive, attentive, service delivery mentality and culture within the Information Security team

  • Offensive Security certifications (OSCP, OSCE, OSWE) strongly preferred

  • IT Security Certification (CySA+, CASP, CISSP, CISM) preferred

  • Knowledge of industry standard IT principles, methods, security regulations, policies, and procedures for information systems

  • 3-5 years of experience in Information Technology (Networking, SysAdmin, etc.)

  • Relevant security and audit certifications, such as CISSP, CISA preferred or equivalent experience

  • Work with development teams to carry out Application Security Reviews; performs threat modeling, vulnerability analysis, penetration testing, code reviews, and SDLC support

  • Working knowledge of at least one scripting language (Python and PowerShell preferred)

  • Provide support on risk assessment, threat modeling and vulnerability remediation

  • Evangelize security and be an advocate for a positive approach to application security

  • Write technical and executive reports based on findings

  • 7-10 years of experience in Information Technology

  • Experience gathering requirements for efforts

  • Experience tracking and managing large amounts of data

  • Self-motivated and able to work in an independent manner

  • Technical writing experience

  • Must have excellent listening skills

  • Excellent verbal, written, analytical, organizational and human relations skills

  • Ability to operate in a self-directed manner with strong analytical and technical problem-solving skills

  • Security Community involvement preferred

Nice-to-Haves:

  • CISSP, GIAC, GWAPT, GPEN, CEH, and/or certification a plus

  • Experience with scalable cloud security architecture (Microsoft Azure, AWS, etc.)

  • Application Security experience (source analysis, static analysis, DAST, threat modeling, secure SDLC, web app penetration testing)

  • Experience securing applications in containerized environments, including Kubernetes, cloud-native, and serverless

Education:

  • Bachelor's Degree in Computer Science, Computer Engineering, or related field is strongly preferred

Zovio is an education technology services company that partners with higher education institutions and employers to deliver innovative, personalized solutions to help learners and leaders achieve their aspirations. Zovio leverages its core strengths and applies its technology and capabilities to priority market needs. Using advanced data and analytics, Zovio identifies the most meaningful ways to enhance the learner experience and deliver strong outcomes for higher education institutions, employers, and learners.

Zovio’s purpose is to help everyone be in a class of their own.

Our Commitments

Truly Personalized

Using data and analytics to power radically innovative experiences that are simple, predictive, and tailored to every individual.

At Life Speed

In tune with real life, creating platforms that are accessible, convenient, and that meet people where they are.

Activating Ambition

Helping people make progress in their lives by solving the problems that matter with empathy and intelligence.

Our Culture

We are ambitious individuals coming together to create bold solutions for a brighter future. We put our people first, and value different ways of thinking.

Passion | Bring it.

We take pride in what we do and have fun doing it.

Innovation | Ignite bold ideas.

We challenge the traditional way of thinking.

Teamwork | Our teams work.

We share knowledge to get the best solutions.

DirectEmployers