IT Security EngineerApply
- Company: Squire
- Posted: 08/10/2021
- Location: Remote
- Category: Information Technology
- Job Type: Direct Placement
WHO WE ARE
Squire is a booking and payment platform that connects people with great barbers nationwide. Squire makes it easy to discover and book the best barbers wherever you are, in just a few taps.
Squire is also the premier management platform for barbershops. Using Squire, barbers are able to engage their customers, process bookings and payments and better market their business through Squire’s “barbershop discovery” capabilities. Fully integrated with a point of sale, inventory management and payroll systems, Squire is a one-stop solution for barbershop owners to efficiently operate their business.
With headquarters in New York and a presence in major cities in the United States and Canada, Squire has quickly become a market leader in technology solutions for the barbershop industry nationwide.
Reid Christian, an investor at Charles River Ventures (CRV) who led the Series B, said that he knew Squire would be a success when he experienced the product at Rust Belt Barbering in Buffalo, New York. Christian compared Squire to a “Venmo-like experience” with transactions. He estimates billions of dollars in men’s grooming spend.
As shops broadly reopen, Squire is in a good, timely spot to be adopted by the masses. For the co-founders, the incoming wave of interest was affirmed a long time ago. For more information, please visit getsquire.com or download the Squire iOS app from the App Store.
SQUIRE is looking for an exceptional IT Security Analyst to join our highly coveted engineering group. This is an opportunity for you to work on exciting projects and brand-new initiatives. As the IT Security Analyst, you are responsible for performing activities related to the administration, implementation, improvement, and monitoring of Squire’s IT security systems, standards, architecture, and best practices. You will carry out routine to complex assignments in one or more IT security related areas including servers and workstations, applications, network, incident and event response, vulnerability management, and identity and access management. You will work to ensure systems and staff comply with IT policies and procedures across the enterprise, and recommend and implement changes to further protect the environment.
Director of IT / Security
JOB DUTIES AND RESPONSIBILITIES
- Review all security reports and logs for unusual or anomalous activities.
- Monitor and advise on security issues related to systems and workflow to ensure that security controls are operating as intended.
- Participate in all information security related incident response activities.
- Coordinate and execute IT security projects.
- Coordinate response to information security incidents.
- Participate, coordinate and manage ongoing Penetration tests and PCI audit tasks.
- Conduct assessment and security audits and manage remediation plans.
- Collaborate with different IT management to manage security vulnerabilities.
- Perform security research to keep on top of the latest security issues.
- Prepare/update/review security operations documentation, including policies and procedures, notifications, and alerts.
- Review/monitor/validate security configurations, including servers, firewalls, IDSs, WAFs and next-generation A/V and endpoint protection systems.
- Responsible, self-motivated, well organized individual with the ability to handle multiple concurrent projects while adapting quickly to rapidly changing priorities.
- Strong communication skills both verbal and written.
- Solid organizational and documentation skills.
- The duties and responsibilities outlined above are not a comprehensive list and additional tasks may be assigned from time to time based on business needs.
REQUIREMENTS AND QUALIFICATIONS
The IT Security Analyst should have 7 or more years of documented and verifiable experience with the following:
- Strong experience in managing and administrating a Security Awareness Training platform
- Direct, hands-on experience managing, configuring, and ongoing administration of a MDM solution, including the management and secure configuration of endpoint devices
- macOS and iOS devices
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., SIEM and Log Management Technology, Firewalls, Intrusion Prevention and Detection System’s (IPS/IDS), Web Application Firewalls (WAF), Endpoint Protection, and Vulnerability Scanning:
- Rapid7 InsightVM and InsightAppSec
- New Relic
- Direct, hands-on experience with Identity Access Management (IAM) technologies and services:
- Google Workspace
- Amazon Web Services (AWS)
- SSO IdP and SP
- Strong working knowledge of IT Service Management (e.g., ITIL-related disciplines):
- Vulnerability Management
- Incident Management and Response
- Configuration and Change Management
- Experience working with methodologies to conduct threat-modeling exercises on new applications and services
- Thorough understanding of the latest security principles, techniques, and protocols
- Proven working experience in building and maintaining security systems
- Direct, hands-on experience or a strong working knowledge of vulnerability management tools
The IT Security Analyst should have a strong understanding of the following regulations and frameworks:
- Payment Card Industry Data Security Standard (PCI-DSS)
- NIST Cybersecurity Framework (CSF)
- SANS Critical Controls
- General Data Protection Regulation (GDPR)
Degree not required.
Squire provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.