Sr. Principle Technologist Information Security

Date: Jul 20, 2021

Location: Columbus, OH, US, 43202

Company: American Chemical Society

CAS uses intuitive technology, unparalleled scientific content and unmatched human expertise to help companies create groundbreaking innovations that benefit the world. As the scientific information solutions division of the American Chemical Society, CAS manages the largest curated reservoir of scientific knowledge, and for 115 years, has helped innovators mine, assess and apply that information to keep businesses thriving. The CAS team is global, diverse, endlessly curious and strives to make scientific insights accessible to innovators worldwide.

 

CAS is currently seeking a Senior Security Principal Technologist:  This position will be located in our Columbus, OH headquarters.

As our company grows and we expand our team, CAS is looking for an exceptional Senior Security Principal Technologist specialized in locking down our corporate assets and network. You'll be joining a team where you have real ownership and a charter to champion best practices, drive change, determine future policy and architecture, while providing the guidance on solutioning complex problems.

 

You will assess threats and vulnerabilities, analyze data and code, define measurable objectives, and drive implementations of security solutions. You will also be responsible for building and implementing testing tools and methodologies, including manual and automated processes, deployment, and monitoring.

 

Duties:

•             Design, deploy, manage and improve critical security infrastructure services/tools for authentication and authorization, PKI, secrets management, logging, detection, vulnerability management, Customer Identity and Access Management, and more

•             Partner with teams throughout American Chemical Society on technology initiatives to improve security and bring standard methodologies to our products and services

•             Advises business stakeholders, partners and Technology leadership in the identification, analysis and/or implementations of technologies, scope, requirements, benefits and risks of proposed initiatives/solutions as it relates specifically to information security and privacy goals/objectives.

•             Analyze the latest attacker techniques and develop approaches to detect them across the company's diverse environments and endpoints.

•             Define, implement, and tune detective capabilities and data sources to detect and remediate malicious activity

•             Work with engineering and operations teams to implement threat detection signals, deploy new tooling, and improve response capabilities.

•             Analyze security data and report on threats and incidents across various platforms and environments.

•             Mentor team members, junior and senior, in state-of-the-art incident response practices

•             Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate

•             Assist with security incidents that the company may face in alignment with our response processes

•             Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks

•             Document security processes and standards.

 

Qualifications:

•             18+ years of experience with security engineering in e-commerce, internet, or social networking settings

•             Ability to create presentations and a story that will resonates with the business to help make sure our end users, customers, workforce members, and members of the society are in a secure posture that aligns with the business risk tolerance of the organization

•             BS/MS/PhD in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience and evidence of exceptional ability.

•             Mastery of multiple security domains such as intrusion detection, incident response, malware analysis, and forensics.

•             Knowledge of web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten

•             Deep understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies

•             Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle.

•             Strong verbal and written communication skills, solid team player, with demonstrated abilities in analysis and problem-solving

Nice To Have:

•             Experience achieving and maintaining compliance with SOC2, NIST 800-53, and other security frameworks

•             Working in the Information Security field across multiple different industry verticals

•             Hands-on expertise operating in an AWS environment with mastery of architecture and security capabilities in the cloud

•             Security certifications (CISSP, CEH, etc…)

•             Experience with Network Security

•             Experience detecting abuse and large-scale attacks in a diverse environment.

•             Experience with Docker, Kubernetes, and other tools to enhance future operations

•             Database Security

 

CAS offers a competitive salary and comprehensive benefits package, including a generous vacation plan, medical, dental, vision insurance plans, and employee savings and retirement plans. Candidates for this position must be authorized to work in the United States and not require work authorization sponsorship by our company for this position now or in the future. EEO/Minority/Female/Disabled/Veteran


Nearest Major Market: Columbus

Job Segment: Information Security, Information Systems, Computer Science, Database, Technology, Research