Managed Services Senior Security Engineer

Bounteous is a premier end-to-end digital transformation consultancy dedicated to partnering with ambitious brands to create digital solutions for today’s complex challenges and tomorrow’s opportunities. With uncompromising standards for technical and domain expertise, we deliver innovative and strategic solutions in Strategy, Analytics, Digital Engineering, Cloud, Data & AI, Experience Design, and Marketing. Our Co-Innovation methodology is a unique engagement model designed to align interests and accelerate value creation. Our clients worldwide benefit from the skills and expertise of over 4,000+ expert team members across the Americas, APAC, and EMEA. By partnering with leading technology providers, we craft transformative digital experiences that enhance customer engagement and drive business success. We are looking to hire a new MS Senior Security Engineer who will report directly to the Managed Services Security Operations Manager. In their role they will work closely with our Bounteous team members, lines of business and clients to help protect the data, products and infrastructure against security threats in support of the Managed Services practice.   The role will be working with each of the Business Units, as well as Project, Engineering and client teams to meet security and compliance services as described in the client’s SOW, including but not limited to: vulnerability management, security updates and upgrades, responding to intrusions, reviewing devices for strong security postures, and staying current with the latest Information Security trends and news.   Information Security Responsibilities

Promote and enforce awareness of key information security practices, including acceptable use of information assets, malware protection, and password security protocols

Identify, assess, and report security risks, focusing on how these risks impact the confidentiality, integrity, and availability of information assets

Understand and evaluate how data is stored, processed, or transmitted, ensuring compliance with data privacy and protection standards (GDPR, CCPA, etc.)

Ensure data protection measures are integrated throughout the information lifecycle to safeguard sensitive information

Role and Responsibilities

Support the implementation of a strategy and roadmap for Bounteous Managed Security service offerings and contribute to driving the roadmap to completion. 

Participate in BU security architecture and review offering input pertaining to how proposed changes will have positive or negative downstream impact to Managed Services' ability to effectively provide services. 

Participate in Security on call and escalation rotation. 

Ensure that standard processes and operating procedures are regularly updated, stored in a knowledge repository, and strictly followed.  

Follow access standards for Cloudflare as implemented by the Dining BU to support statements of work for Security services. 

Responsible for working with Managed Services clients and teams to help them address client queries regarding Bounteous' information security posture, future strategy and current controls. 

Prioritize and address complex technical incidents and requests received through the ITSM ticketing system related to applications and production environments. 

Contribute to the design and implement multilevel security strategies to protect Managed Services networks and data resources. 

Coordinate requests by Managed Services accounts for security upgrades and test software to the upgrade as documented in the Service Request. Assess when Service Request scope is better suited as a Project and should be billed to the client as such. 

Respond to intrusions using expertise in computer forensics. 

Anticipate future problem areas by monitoring workflows and network traffic patterns. Share recommended remediation steps with appropriate Managed Services and account leadership as needed. 

Serve as an escalation point within the team by working with Managed Services teams, lower-level Security Analysts, clients, or project teams. 

Work with business units and Managed Services teams to understand the changes recommended to deploy/manage/maintain firewall rules and encryption programs to protect data resources. 

Provide after-hours deployment support to application development teams as needed.  

Architect solutions for specific Security service proposals, identifying cost buildup that includes work effort, tools, etc.  

Provide support in the development and delivery of presentations to clients and prospective clients about security services. 

Assist in the completion of documented client security questionnaires, manage Service Requests, Change Requests, and assignment trackers. 

Supporting the Lines of Business and clients in facilitating such reports including auditing certification requests (e.g., SOC, ISO, etc.) to a successful outcome. 

Working with internal corporate teams, upon request, to address questions in the area of IT, Infrastructure, Supplier Risk Management, Cyber Defense, and application teams to facilitate responses related to application functionality and security. 

Perform Vulnerability Management and reporting that feeds into the Managed Service’s workflow for resolution. 

Preferred Qualifications

BA/BS in Computer Science and or equivalent experience 

6+ years of industry experience/background in IT services specifically senior security operations roles, experience as a business information security officer is a plus 

2+ years of Cloudflare administration and configuration for enterprise clients  

Information Security specific qualification is desirable (such as CISM, CISA, CISSP) 

Experience in handling attack mitigation and thorough knowledge of various attacks  

Ability to assess security and business risks, analyzing and presenting critical risks and potential remediation activities to all levels of management within the business 

Experience in coaching on and analyzing of traffic for attack anomaly detection and creation of mitigation rules  

Security skills and certifications preferred: CISSP, GCIA GCIH, GCFA, GCFE, Cloudflare, etc.  

Proficient in the use of tools such as Cloudflare, Burp Suite, Kali Linux, VMware Fusion, AWS, Sumologic, Data Dog, CrowdStrike, ServiceNow, MS Office product suite (365) 

Fluent in Terraform 

Ability to work flexibly to meet demanding deadlines 

Excellent communication skills, both verbal and written 

Strong time management and organizational skills with the ability to manage multiple tasks and changing priorities 

Ability to work collaboratively in a team 

Experience in implementing security-related policies and procedures to support organizational scaling and growth projections  

Experience with 7 x 24 on call role and ability to participate in on call rotation, willing to work after hours and/or over-time to support service coverage requirements