Security Engineer

  • Centregreen Way, Cary, NC 27513, USA
  • Full-time

Company Description

We’re Onna: a fast-growing tech startup based in New York and Barcelona with offices in Research Triangle Park and Tolouse. Our international team is composed of fun, experienced, and hard-working individuals on a mission to make information easily accessible and useful, no matter where it lives. We build e-discovery, knowledge management, and other data search tools for our clients (Facebook, Electronic Arts, Dropbox, and Fitbit, to name a few.) In May 2019 we closed an $11M Series A led by Dawn Capital with the participation of our integration partners Slack Fund and Dropbox - and we’re focused on building an amazing team to deliver the best product possible.

Job Description

Are you an enthusiastic multi-tasker who feels comfortable in a challenging, fast-growing environment? Would you like to be part of a flat organization with an amazing culture? As a Security Engineer, you will be participating in the research, development and implementation of technical security programs and solutions necessary to us and our clients. Your role will have a vast variety of duties including conducting risk assessments, drafting of policies, implementing external solutions,  responding to client security questionnaires, participating in security audits, compliance and any other security related tasks.

What you get to do every day

  • Development and implementation of security related policies and procedures

  • Selection and evaluation of security solutions

  • Conduct regular internal reviews and audits

  • Design and implementation of controls that mitigate identified risks and compliance goals

  • incident response plan, including development, implementation and annual test exercises

  • Development of security training and awareness program

  • Coordinating with third party vendors to implement regular pentesting and vulnerability management

  • Participate in the implementation and development of SIEM monitoring, IDS/IPS and logging tools

  • Work with SOC2 and ISO auditors to complete annual security audits and maintain certifications

  • Apply security engineering best practices according to well known industry standards (NIST 800, SANS…)

  • Communicate with current and prospective clients to address security related concerns or solutions.

  • Constantly work on growing your knowledge on relevant topics, product, solutions and best practices.

Qualifications

  • Bachelor’s degree in computer science, information systems or similar

  • Demonstrated expertise in providing security-focused solutions for the enterprise

  • Active CISSP certification

  • Experience with SOC2 Type II and  ISO 27001 certification audit processes

  • Strong understanding of security compliance and privacy regulations (GDPR, PCI…)

  • Strong analytical skills

  • English fluency, both written and verbally, is a must

  • Good communication and attitude

  • Strong client facing skills and ability to address audiences of varying technical levels

  • Ability to multitask and handle multiple projects

  • Attention to detail and accuracy

  • Ability to collaborate in a team environment across multiple time zones

  • More than 5 years of experience in security, compliance, risk management, technical security implementations

Bonus Points…

  • Other industry accepted certifications (SANS, CISA, CISM…)

  • Ability to quickly learn new technologies

  • A self-starter comfortable working independently with minimal supervision

  • Able to take ownership of projects and propose innovative solutions to maximize productivity

Additional Information

We like to keep employees happy and are always looking for ways to improve our overall work culture and benefits package. Here are some of the benefits we offer at this time:

  • Comprehensive medical, vision, and dental coverage
  • 401(k) with matching contribution
  • Flexible vacation and PTO policies
  • Monthly gym membership
  • Commuter perks
  • Monthly group activities

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

All your information will be kept confidential according to EEO guidelines.