Senior Security Engineer
Information Technology, Boston, United States
SENIOR SECURITY ENGINEER
LogMeIn simplifies how people connect with each other and the world around them to drive meaningful interactions, deepen relationships, and create better outcomes for individuals and businesses. One of the world’s top 10 public SaaS companies, and a market leader in communication & conferencing, identity & access, and customer engagement & support solutions, LogMeIn has millions of customers spanning virtually every country across the globe. LogMeIn is headquartered in Boston with additional locations across North America, Europe, Middle East, Asia and Australia.
Our headquarters are two state-of-the-art buildings on Summer Street in the heart of Boston’s Innovation District that includes a 2,200 sq ft roof deck and patio. We work in an open and collective environment simplifying how people connect to each other and the world around them.
LogMeIn is looking for an expert, hands-on Security Engineer to join our Internal IT team in Boston, MA. You will ensure that our internal applications and infrastructure are designed with the highest security standards in mind. If you enjoy analyzing system services, operating systems, networks, and applications from a security perspective, and you are skilled at discovering security issues that appear under new threat scenarios, this position is a fantastic opportunity. You will work closely with other IT professionals here and in other parts of the US. You’ll be part of an IT team with colleagues in London, Dublin, and Hungary, so occasional travel (10%) will be part of the gig. Reporting to the Director of Information Technology, you will be focused on taking LogMeIn Internal IT Security to the next level. Make your mark by helping to shape risk and information security governance for one of the fastest growing software companies in the world.
- Help shape security standards, procedures and guidelines for IT security controls and policies; evangelize, communicate and build consensus for adoption of policies company wide
- Provide internal security assessments of all new technology being delivered by Internal IT or acquired with partnerships with SaaS companies by participating in the life cycle of technology projects
- Provide security assurance against cyber-attacks, which may include (but not be limited to) DOS, DDOS, data loss and other malicious cyber activities, which could negatively impact the company and/or our Customers.
- Track, document and manage all open security related problem reports and remediation within the team to the IT management and CISO.
- Research, evaluate and recommend information security related hardware and software to maintain a strong security posture, including developing business cases for security investments
- Conduct periodic risk assessments, penetration testing, and vulnerability assessments
- Develop and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment.
- Monitor periodic reports and analyze security logs for unusual events and trends.
- Provide expert level support and analysis during and after a security incident
- Participate in security investigations and compliance reviews as requested by internal or external auditors.
- Help conduct Security Awareness Training for employees at all levels
- Research and assess new threats and security alerts, and recommends remedial actions.
- Document and report on annual security reviews, residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
- CISSP nice to have
- CCNP Security or similar Cisco certification(s) a plus
- Ethical Hacking or Security Analyst experience helpful
- Hands on experience with computer forensics, penetration, and vulnerability testing tools, conducting internal audits, independently building systems to run security tools from the ground up
- Prior experience in leading or participating in Incident Response/Handling teams
- Minimum 5 years experience in an IT Security role focusing on system, network, infrastructure/application-level vulnerability testing and auditing
- Strong familiarity with common standards for IT security and Cyber Defense and Privilege management solutions.
- Strong working knowledge of Microsoft Windows Active Directory, LDAP, Internet and network security technologies and protocols such as TCP/IP, firewalls (including application firewalls), routers, switches, IDS/IPS, Anti-Virus, SIEM, Web Proxy, VPN, Linux, Encryption technologies products, etc. You should have previous hands-on experience building and supporting at least a few of these technologies.
- Strong knowledge of network security encryption methods, IPSEC, Kerberos, Authentication concepts
- Working knowledge and experience ensuring compliance with the following standards: PCI, SOX
- Excellent oral, written and interpersonal communication skills
- Must be passionate about IT Security; decisive and confident: be comfortable defending a strong security posture to any level in the business
Be Accountable - even when no-one is looking
Thrive Together - greatness comes from unlocking each other’s potential
Advance Confidently - we find opportunity and act on it
Collaborate Openly - our whole is greater than the sum of our parts
Engage Fearlessly - we speak up and listen