At Shutterfly, we make life’s experiences unforgettable. We believe there is extraordinary power in the self-expression. That’s why our family of brands helps customers create products and capture moments that reflect who they uniquely are.
Shutterfly is looking for a Principal Information Security Engineer to join their team! In this position you will be an integral part of developing our enterprise Information Security Program and leading the Architecture team to building processes and solutions. Your focus will be on providing Architectural security insights to ongoing projects within the organization, acting as a lead driving the development and processes needed to support the initiatives of the Security Program, and providing general guidance to others within the Information Security organization.
What You'll Do Here:
- Help design and build systems architectures that support future growth which can easily integrate with security tools and solutions.
- Build out repeatable, secure, and available architectures for Information Security tools.
- Understand current CI/CD pipelines to introduce and maintain Information Security Requirements and checks, and to provide continuous improvements to those workflows.
- Identify potential architectural and security improvements to cloud infrastructure, processes, and pipelines.
- Support the Enterprise by conducting Architectural reviews of proposed changes within the organization with a primary focus on Security domains, and to conduct risk analysis to identify risks that may be introduced by the changes proposed.
- Analyze logs and build dashboards in our SIEM to support various projects and workloads.
- Provide technical training for Information Security teams for cloud solutions, CI/CD processes and pipelines, and general technical gap remediation.
- Risk Analysis, Risk Remediation, and scoring as part of our Risk Management program.
- Support governance initiatives with various IT teams within the Enterprise.
- Help to identify security implications within the adoption of emerging technologies, such as generative AI.
- Help build and review least privilege models for some key access areas, such as role based access control and network access.
The Skills You'll Bring:
- Bachelors of Science in CIS/MIS/CS/CE, Engineering/Technology or related field or equivalent experience/training.
- 8-10 years working in Information Technology and 4-6 years specifically in Information Security.
- A strong understanding of applicable security best practices.
- Demonstrable oral and written communications, with the ability to set expectations with various internal and external partners.
- Practical experience in deployment and management of applied IT security.
- Hands on experience with Incident Response or previous participation with Incident Response teams such as the role of a first responder, someone who helps with analysis, forensics, etc.
- Understanding of CI/CD pipelines, specifically including Jenkins, Github, and Terraform, but with other technologies as needed.
- Provide feedback and guidance for how to securely architect and implement solutions in major public cloud environments (AWS, Azure, Google)
- Expertise and understanding of AWS IAM, networking and connectivity solutions, security groups, VPCs, subnets, routing, S3 (with bucket policies, ACL), SSM parameter store/secrets manager, KMS, encryption, SSM Session Manager, and other applicable security controls available in AWS.
- Expertise with different authentication and authorization mechanisms.
- Experience conducting vulnerability testing on Windows, OSX, UNIX, Solaris and Linux, based systems.
- Hands on experience in both using and securing containerized systems and container registry solutions.
Preferred Certifications:
- CISSP, SSCP, GSEC, GPEN, AWS/GCP architecture certs and/or similar security professional certifications
Supporting a diverse and inclusive workforce is important to Shutterfly not only because it directly reflects our value of Embracing our Differences, but also because it’s the right thing to do for our business and for our people. We welcome all applicants and evaluate them based on their qualifications, without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, or other characteristic covered by law. Learn more about our commitment to Diversity, Equity, and Inclusion on our Career Site.
This position will accept applications on an ongoing basis until filled.
The compensation package for this role is based on multiple factors, such as job level, responsibilities, location, and candidate experience. The base pay ranges included below are specific to the locations listed, and may not be applicable to other locations.
California : [$141,500-200,250]
Connecticut, New York, and Rhode Island: [$141,500-183,250]
Colorado and Washington: [$141,500-169,750]
Nevada: [$133,000-183,250]
This position may be eligible for a bonus incentive, health benefits, a 401K program, and other employee perks. More details about our company benefits can be found at https://shutterflyinc.com/benefits/.
This opportunity can be remote, but candidates must reside in a state in which Shutterfly is registered to do business. This includes all US states except District of Columbia, North Dakota, Mississippi, Rhode Island, Vermont, and Wyoming.
#SFLYTechnology