Vonage

Vonage is a global cloud communications leader that helps businesses accelerate their digital transformation through our fully programmable Unified Communications, Contact Center Applications, and Communications APIs. 

Our Security Mission: We commit to safeguard the confidentiality, integrity, and availability of information systems, identity, and data assets by providing proactive security expertise, and guidelines for creating and maintaining a resilient and secure infrastructure, and fostering a culture of security awareness and compliance throughout the organization

SOUND INTERESTING? CONTINUE READING BELOW…….

Why this role matters:

The Vonage Information Security organization is seeking people who are passionate about information security. The Security Operations team manages a fast-paced and constantly growing global multi-cloud environment and seeks to implement cutting-edge technology to secure Vonage’s services and infrastructure. The Security Operations team aims to enhance the security of our software applications and production systems, develop and utilize security and automation tools to help us maintain and report on our security posture and regulatory compliances.

In addition to developing advanced SecOps tools and automated reporting,, the candidate will be expected to understand modern cyber threats, how to architect and design software and networks for security-in-depth, how to detect cyber attacks, and how to efficiently respond to them. 

Where you will work:

Flex Worker - You will have home based days, but can be required to commute to the office for collaboration, customer meetings and presentations up to 3 days a week (exact days to be agreed with your line manager). The address of the office you will be commuting to is Bell Works 101 Crawfords Corner Road Suite 2416, 4th Floor, Building #2 Holmdel, NJ 07733

Sponsorship Not Available - Legal authorization to work in the US is required. We are unable to sponsor individuals for employment visas, now or in the future, for this job opening.

What you will do:

• Design and develop tools to automate security operations or reporting tasks.
• Support ongoing and new service/compliance initiatives including PCI, HIPAA, SOC2, GDPR, ISO27001 and CFIUS.
• Champion the continuous improvement of security monitoring, detection, and prevention capabilities. This includes vendor technology evaluations, and the subsequent operational deployment of selected security tools. Key areas include network security, container security, host-based intrusion detection systems, cloud security tools, web application firewalls, database security monitoring systems and data classification tools, firewalls/routers/switches, proxy servers, antivirus systems, file integrity monitoring tools, and operating system logs, to name a few. 
• Lead system and application security reviews, assess and document any vulnerabilities discovered, and champion the timely remediation of such findings, including the deployment of vendor security updates and the redesign of software applications and network architectures to harden against threat actors.
• Serve as a key member of the Security Incident Response team --- responsible for the coordination with other engineering and business teams across the company, and/or with external partners, to implement a multi-faceted incident response and remediation action plan.
• Establish the trust of, and a strong working partnership with, senior network and software developers and architects from across the company. 

What you will bring:

Required

• A BS/MS in Computer Science, Information Security, or other related degrees
• A passion for Information Security
• Ability to function independently as directed
• Experience with scripting and/or programming in Python, Perl, bash
• Participation in an Agile Development Sprint process
• Willingness to learn new technologies and systems and to continuously learn and improve
• Ability to interact with APIs using curl, Postman, etc.
• Skills in manipulating data in spreadsheets, databases, Tableau or other tools
• Knowledge of cloud computing systems - AWS knowledge is a must, Google Cloud highly desired
• Understanding of kubernetes / container ecosystems
• Demonstrated understanding of general Unix/Linux systems administration (Or similar, e.g. Ubuntu, Solaris, etc.)
• Knowledge of standard Unix infrastructure tools/protocols (DHCP, DNS, NTP, SYSLOG, SSH, IPSec etc.)
• Basic cross-functional understanding of network engineering concepts and protocols (e.g., TCP, UDP, SSL, etc.)
• Knowledge of Security incident response processes 
• Knowledge and understanding of MITRE ATT&CK vectors and tools as well as the best practices for securing systems and networks
• Familiarity with Microsoft Windows, Mac OSX, and Linux/Unix system administration and security controls
• Must be fluent in English and have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff
• Candidates must be self motivated, have strong collaborative skills, and willing to work with and learn enterprise technologies and be comfortable working in a matrixed organization

Desirable

• Information Security and Cloud Certifications (CISSP, CISM, CompTIA, etc)
• AWS Cloud Certifications (AWS Architect, AWS Security Engineer, etc)
• Experience in Threat Hunting Processes and Tools
• Database and Data Pipeline Architecture and Development Experience
• Knowledge in NetSkope Security Tools and CASB Data Loss Prevention strategies
• 10+ years of experience in software development/security operations

How you will benefit:

• Medical, Vision, and Dental Coverage
• Health Savings Account (HSA)
• Income Protection
• Maternity & Paternity Leave
• 401(k) Contributions: Pre-Tax, Roth, or After-Tax Roth Options
• Unlimited Discretionary Time Off
• Three Paid Volunteer Days a Year
• Tuition Reimbursement
• Voluntary Legal Plan
• Optum Employee Assistance Program
• Discount on Auto, Home & Pet Insurance

Note: The purpose of this profile is to provide a general summary of essential responsibilities for the position and is not meant as an exhaustive list. Assignments may differ for individuals within the same role based on business conditions, departmental need or geographic location.