Lead Software Engineer, Cybersecurity
We are looking for a lead software engineer with cyber security experience to join our product engineering team to support a number of security and compliance initiatives. In this role, you will analyze various cloud technologies and third-party technologies, with a focus on finding the balance between security and performance needs in clouds like AWS and Google. You will also be responsible for driving and maintaining compliance initiatives, like ISO 27001 standards across parts of the organization.
As a lead software security engineer, you will be responsible for:
- Be the champion of application security, work closely with developers solving security issues.
- Reviewing new technologies and products for security implications.
- Helping the engineering productivity team and others in solving cyber security problems in ways that not only comply with required standards but also contribute materially to the security of Dow Jones systems.
- Manage day-to-day operations of the perimeter protection products, WAF, and bot protection. Create and fine-tune perimeter security policies and exceptions lists.
- Advising, influencing, and educating the rest of the company on matters of compliance and security.
- Interfacing with multiple teams and stakeholders to drive compliance to the ISO 27001 standard
- Managing an ISMS is required to maintain the ISO 27001 certification for the business
- Implement AWS cloud security groups and policies for applications deployments
- Assist security liaison on the proof of concepts for security and performance solutions.
- Providing expert advice during security incidents, and communicating technical ideas to technical and non-technical audiences clearly in speech and prose
- Collaborating with Engineering and Operations in the design of new compliance controls for new or existing products and technologies.
- Automating routine parts of the security operations role
About the Team:
The Engineering productivity and InfoSec Team is responsible for safeguarding the security of Dow Jones' infrastructure and providing internal advocacy for security practices. Within this larger context, the Information Security and engineering productivity team work closely with product and platform teams throughout the company to help ensure that Dow Jones systems meet both the safety and security compliance needs of our customers.
Required Education and Experience
Applicants must meet one of the following education and experience requirements:
- 8+ years of relevant experience and a Bachelor’s degree in computer science or related field.
- 2+ years implementing standards like ISO 27001 compliance for a global technology organization
- 5+ years of experience designing secure complex distributed systems
- Security certifications (e.g., OSCP) and Cloud Certifications are a plus
- Programming experience, preferably with a diversity of languages
- Application performance and low latency applications