Principal Security Engineer (REMOTE - Mexico)
100% REMOTE MUST BE UK BASED or Poland Based.
Working hours are UK Time Zone. Standard Business Hours.
Turnitin is your partner in education with integrity. Turnitin’s originality checking and authorship investigation services ensure academic integrity, promote critical thinking, and help students improve their authentic writing. Turnitin provides instructors with the tools to prevent plagiarism, engage students in the writing process, and provide personalized feedback. Turnitin is used by more than 30 million students at 15,000 institutions in 140 countries. Turnitin is headquartered in Oakland, Calif., with international offices in Newcastle, U.K., Utrecht, Netherlands, Melbourne, Australia, Seoul, Korea and throughout Latin America.
We are searching for people who demonstrate a passion for education and technology, are collaborative and entrepreneurial in spirit, and who can contribute to our continuing success and growth. In return, Turnitin offers a great benefits package and provides challenging and inspiring work.
We are looking for someone who brings passion, security experience, attention to detail, and the willingness to continuously learn. You will work within the Information Security & Compliance team and report directly to the Information Security Manager where you will have an opportunity to shape the security operations function for the global leader in educational technology. If you are passionate about security and have the desire to work for a mission-based company we would love to hear from you.
The Principal Security Engineer position is a hands-on role that requires a high level of technical expertise. Responsible for a broad range of tasks including a mix of daily operational tasks as well as strategic planning, engineering, and operational functions. This position requires proficient in scripting, well-versed in technical security engineering, operations, and management of information security tools and processes such as Incident Response (IR), Security Information and Event Management (SIEM), Intrusion Detection System (IDS), Cloud Security Posture Management (CSPM), Data Loss Prevention (DLP), Vulnerability Management, Identity and Access Management (IAM), Privileged Access Management (PAM), Endpoint Security, file integrity monitoring, vulnerability and risk assessment, penetration testing, malware analysis, digital forensics, and encryption.
As a Principal Security Engineer, you will provide support to protect Turnitin’s digital networks and information, your duties and responsibilities will include the following:
- Act as an escalation point to investigate sensitive and complex security events and incidents from a wide variety of cybersecurity technologies, including; Endpoint Detection and Response (EDR), Email Protection, Cloud Native Application Protection Platform (CNAPP) and Security Information and Event Management (SIEM)
- Evaluate new security technologies and tools, recommending the adoption of those that align with our security objectives and goals
- Proactively identifying and mitigating potential cyber threats to our systems and data
- Use threat intelligence to identify potential attacks and develop strategies to prevent them
- Act as an SME for security requirements and solutions on cloud, infrastructure and application projects
- Work closely with the IT leaders, engineering, and DevOps teams to ensure network and application design decisions comply with organizational policies, and appropriately mitigate security risk
- Provide information security expertise to influence the interpretation, development, acquisition, or implementation of complex technical solutions, including security products
- Work closely with the DevOps team to embed vulnerability management best practices into routine operations
- Utilising scripting/coding for security testing and automation
- Develop, define, and communicate security requirements for cloud architecture, enterprise software, IT services, and product design
- Provide expertise on security requirements in system development activities, vulnerability management, policies, standards, and procedures.
- Help shape the security strategy for the business
- Define security requirements for baseline system configurations
- Research and recommend security solutions, products, and security controls
- Provide mentoring and training to junior security staff members
- 5-7 years experience in IT and information security, 3 of which must be in information security.
- Strong experience in securing cloud platforms (AWS, GCP, or Azure)
- Expert knowledge of endpoint security best practices (Windows and/or MacOS)
- Strong experience in configuring and using a variety of security tools (IAM solutions, IDS/IPS, Vulnerability Scanners, SIEM, EDR / XDR solutions, Secure Email Gateways, and Log Management Systems) and understanding of best practices relating to their use
- Strong relationship management experience in influencing and motivating internal functions with minimal direction
- Hands-on experience with analysis and deployment Infrastructure as Code tooling
- Proven track record building productive relationships with key business leaders and senior stakeholders in technology and the business
- Ability to provide a balance of strategic planning and tactical execution.
- Experience assisting/leading security incidents with demonstrable experience across the full lifecycle of an incident
- Experience automating manual processes to improve the efficiency of day-to-day tasks and provide metrics to demonstrate success
- Retains up-to-date knowledge of security architecture and security risk trends.
- Knowledge of CIS and/or NIST frameworks
- Understanding of security principles with the ability to communicate security concepts to non-technical and technical audiences with ease.
- Working knowledge of industry security standards (SOC2, FedRamp / StateRamp, ISO 27001)
- Working knowledge of networking and firewall concepts
- Experience with serverless technologies
- Threat Hunting experience
- Experience programming in languages such as Go, Java, Ruby or Python
- Experience in delivering security awareness training across an organization
- Excellent communication, facilitation, writing, and public speaking skills.
- Project management skills and experience.
- Previous experience coordinating penetration tests
- Relevant industry security certifications (Certified Ethical Hacker (CEH), GIAC Certified Detection Analyst (GCDA), CompTIA Security+, GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), AWS Certified Security Professional, Certified Cloud Security Professional (CCSP))
- Bachelor's degree or equivalent
Total Rewards @ Turnitin
Turnitin maintains a Total Rewards package that is competitive within the local job market. People tend to think about their Total Rewards monetarily – solely as regular pay plus bonus or commission. This what they earn in exchange for what they do. However, Turnitin delivers more than just these components. Beyond the intrinsic rewards of making a difference in the lives of educators, administrators, learners and researchers around the world, and thriving in an organization that is free of politics and full of humble, inclusive and collaborative teammates, the extrinsic rewards at Turnitin include generous time off and health and wellness programs that offer choice and flexibility and provide a safety net for the challenges that life presents from time to time. In our Remote-First approach to collaborating, you are also able to work the way that best fits your style and situation – whether that be remote, in one of our offices/rented spaces or hybrid.
Our Mission is to ensure the integrity of global education and meaningfully improve learning outcomes.
Our Values underpin everything we do.
Customer Centric - We realize our mission to ensure integrity and improve learning outcomes by putting educators and learners at the center of everything we do.
Passion for Learning - We seek out teammates that are constantly learning and growing and build a workplace which enables them to do so.
Integrity - We believe integrity is the heartbeat of ExamSoft. It shapes our products, the way we treat each other, and how we work with our customers and vendors.
Action & Ownership - We have a bias toward action and empower teammates to make decisions.
One Team - We strive to break down silos, collaborate effectively, and celebrate each other’s successes.
Global Mindset - We respect local cultures and embrace diversity. We think globally and act locally to maximize our impact on education.
- Flexible/hybrid working
- Remote First Culture
- Health Care Coverage*
- Tuition Reimbursement*
- Competitive Paid Time Off
- 4 Self-Care Days per year
- National Holidays*
- 3 all-company global holidays (Juneteenth + 2 Founder’s Days)
- Paid Volunteer Time*
- Charitable cContribution Match*
- Monthly Wellness Reimbursement/Home Office Equipment*
- Access to Modern Health (mental health platform)
- Parental Leave*
- Retirement Plan with match/contribution*
* varies by country
Turnitin, LLC is committed to the policy that all persons have equal access to its programs, facilities and employment. We strongly encourage applications from people of color, persons with disabilities, women, and the LGBTQ+ community, regardless of age, gender, religion, marital or veterans status.