Security Engineer

The Security Engineer, IT Security and Compliance position is a hands-on role that involves evaluating and enforcing security and compliance controls. This position plays an integral role in protecting the Cornerstone OnDemand (CSOD) from internal and external threats and work closely with our technology teams to define the security best practices, perform architecture and design reviews, threat modeling, conduct security assessment, and support the identification, interpretation, and remediation of vulnerabilities across CSOD tech stack.

We are looking for someone with a strong background in information security and a proven ability to deliver under pressure. HYBRID position in Santa Monica, CA or Dublin, CA office.

• Design, develop, coordinate, and document the secure operation of information systems and develop best practices for securing enterprise-wide data and information systems
• Participate in architecture and design reviews with technology staff to incorporate effective security standards into design
• Conduct vulnerability threat assessments on existing applications and systems
• Proactively monitor security levels of IT systems and establish baseline security models including patching, vulnerabilities, CIS, and end point controls
• Ensure monthly program review is completed and compliance reported to management and recommend action plans to mitigate security gaps
• Evaluate and respond to global information technology security threats in relation to systems and recommend security changes in response to emergent threats
• Use public and private threat intelligence tools for possible emerging threats.
• Evangelize security across all teams and influence change where needed
• Implement and maintain technical solutions to support compliance frameworks requirements including SSAE18, FedRAMP, ISO 27001 and PCI-DSS
• Spearhead incident response activities
• Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: EDR, SEIM, IDS, Vulnerability Scanners

• Ability to obtain a security clearance which requires US citizenship
• Bachelor's degree in an Information Technology related field of study or equivalent post high school education and/or work-related experience
• 4+ years of experience in system, network and/or cloud security.
• Experience with CI/CD practices and tools (Git, Jenkins) and integrating security solutions into CI/CD pipelines.
• Experience using Nmap, Nessus, EDR, Metasploit and other vulnerability assessment and penetration testing tools.
• Experience working on security responsibilities for a SaaS or PaaS solutions, preferably in AWS. (Experience with GCP is a plus)
• Excellent problem solving and analytical skills; outstanding oral and written communication skills
• Self-motivation and the ability to work under minimal supervision are a must
• Excellent at multitasking, and open to constant learning
• Energetic and positive attitude

• Security related certifications such as OSCP, CISSP, GCIA or similar.