Security Compliance Engineer
Operations | Washington, DC | Full Time
Virtru is in search of a Security Compliance Engineer looking to take our security and compliance program to the next level. We are looking for an individual who can bring an engineering approach to security and compliance governance and technical implementation. We want someone adept at improving our current policies/procedures against evolving best practices and has a desire to write the code that enforces them. The ideal candidate would measure their success against the criteria of automation, repeatability, and scalability. They would continually raise the security bar for the Virtru platform as its footprint expands into globally regulated industries and governments.
Here at Virtru you’ll help build a cutting edge of security software platform, whilst getting your hands on some of today’s most important tools and tech like Docker, AWS, Ansible, Terraform, Elasticsearch, Redis, and a plethora of other tools and services. Due to the team’s size your voice will immediately have significant impact, and with a constantly growing customer base, there is no shortage of challenging and exciting scaling/optimization work to ensure that we can provide the most secure and performant service.
Get in touch if you are excited to help us grow our infrastructure into a world-class service.
- Evaluate existing security and compliance plans, policies and procedures
- Update/improve where necessary
- Define new security and compliance policies to adhere to current and future requirements
- Manage procedures and services for adherence to policies (JIRA, Internal / External Scans, etc.)
- Work with engineering teams to implement changes to adhere to policies
- Evaluate and manage systems for auditing and enforcement of policies
- Work with engineering teams to manage security incidents
- Perform regular compliance audits
- Write policy documentation
- Maintain and expand compliance certification programs as needed.
- 3+ years working with security auditing tools (Nessus, Metasploit, Snort, GRC tools, OSSEC, etc.)
- Understanding of the OWASP Top 10 and mitigation strategies
- Knowledge of Linux utilized in a server environment
- Familiarity with state, federal and industry compliance programs (e.g., PCI, SOC2, HIPPA, FedRAMP )
- Experience working with auditors on compliance programs
- Have been the technical and program lead for compliance programs
- Knowledge of network and system security best practices
- Hands-on experience with SOC2 and FedRAMP
- Knowledge of programming languages like Go, Node, Python, and/or Ruby
- Experience with Amazon Web Services (AWS) and related security best practices (Azure and/or GCP could suffice as well)
- Familiarity with Center for Internet Security best practices
- Ansible experience.
- Experience with Terraform to manage AWS resources.
- Strong natural analytical and creative abilities.
- We are looking for teammates who can problem solve and suggest solutions as opposed to just implementing a plan they are given.
- Comfortable working in a fast-paced, constantly evolving environment.
- Willing to put in additional hours during the occasional crunch mode.