Desired Skills and Experience
- Integrate with internal engineering teams providing frameworks to build, design, and implement products across the organization securely
- Review new and existing products and services for vulnerabilities
- Assess the health and security of internal network architectures
- Analyze and prioritize reports from external researchers; facilitate confirmed issues to resolution with engineering teams
- Assist in the prompt investigation of security incidents and be prepared to isolate and remediate incidents pursuant to established procedures
- Assist in the design and delivery of disaster recovery plans that meet compliance related recovery objectives
- Provide training to the Vivid Seats community, fostering a security best practice culture
- Support and assist in developing ongoing roadmap for security related projects
- 3+ years of combined experience in information security, technology, and risk management with at least 1 year experience focusing on information security
- Extensive knowledge of current and emerging IT security technologies and techniques covering all levels of cloud and local IT architecture
- Understanding of application security concepts (such as the OWASP top 10) with the ability to articulate concepts to technical and non-technical staff
- Vulnerability management experience across multiple operating systems, databases, and applications, remediating issues with technical staff
- Knowledge of disaster recovery and business continuity principles and practices
- Experience in TCP/IP networking, firewalls and virtual private networks (VPN)
- Understanding of current encryption standards and implementation procedures
- Ability to work with engineering teams to weigh business risks and enforce appropriate security measures in support of a Continuous Integration / Continuous Deployment environment
- Experience with incident management and threat remediation including threat analysis, isolation, identification, and eradication
- Ability to handle multiple complex, long term projects simultaneously
- Knowledge and experience with control frameworks such as ISO, NIST, CobiT, and PCI
- Passion for technology and information security
- B.A. or B.S. in Computer Science, Information Management, or relevant field
- CISSP is a plus