Security Engineer, Automation
The Company Serving the People Who Serve the People Granicus is driven by the excitement of building, implementing, and maintaining technology that is transforming the Govtech industry by bringing governments and their constituents together. We are on a mission to support our customers by meeting the needs of their communities and implementing our technology in ways that are equitable and inclusive. Granicus has consistently appeared on the GovTech 100 list over the past 5 years and has been recognized as the best companies to work on BuiltIn. Over the last 25 years, we have served 5,500 federal, state, and local government agencies and more than 300 million citizen subscribers powering an unmatched Subscriber Network that uses our digital solutions to make the world a better place. With comprehensive cloud-based solutions for communications, government website design, meeting and agenda management software, records management, and digital services, Granicus empowers stronger relationships between government and residents across the U.S., U.K., Australia, New Zealand, and Canada. By simplifying interactions with residents, while disseminating critical information, Granicus brings governments closer to the people they serve—driving meaningful change for communities around the globe. Want to know more? See more of what we do here. The Role: Security EngineerGranicus is looking for someone to help build the tools, infrastructure, and processes to improve the overall security posture of the global organization. We also want someone who is excited to assist other teams in making their own implementations more secure, while identifying weaknesses that need to be addressed.What your impact will look like here-Serve as primary Security Engineer focused integrations and automation-Develop automated techniques to assure security controls validation across hybrid multi-cloud environment-Research attack campaigns and facilitate awareness on common tactics, techniques, and procedures (TTPs)-Develop threat hunting use cases to support risks identified within the threat model(s)-Design SOAR use cases in on-prem and multi-cloud environment based on threat research and the business risk profile-Advise engineering teams on infrastructure security design-Develop Python scripts, or similar, to automate recurring security and compliance tasks-Develop Python scripts, or similar, to collect and analyze large data sets from multiple sources-Assist other engineers in managing and improving existing security tools, including SIEM, EDR, Endpoint security, and more-Research new security technology trends that can be used to reduce exposure-Work with cross functional teams as a security representative during incidents-Use APIs to automate processes and tie tools together (e.g. pull data from a CSPM into a SIEM, pull assets from a CMDB into a scanner, and integrate alerts into Slack automations)-Serve as an escalation point for SOC Analysts and other junior staff-Participate in an on-call rotation to ensure 24x7 escalation support for incidents-Ensure the confidentiality, integrity, and availability of information assetsYou will love this job if you have-You have a high degree of technical competency in relation to AWS and Azure cloud infrastructure -You have a high degree of technical competency in creating security automation and integrations-You are grounded in fundamentals and continuously learn new security concepts and technologies-Experience creating and maintaining python scripts, or similar for Security Automation-Experience with Linux systems engineering-Experience managing any (not all) common security tools like SIEM, EDR, endpoint security, vulnerability scanner, IPS, WAF, etc.-The ability to continuously learn new methods and technologies and identify gaps that should be addressed-Experience operating with cloud platforms, APIs, and event-driven automation-Understanding of Infrastructure as a Service (IaaS) cloud platforms, such as IAM, compute (EC2), networking (VPC, Load Balancers), serverless (Lamda), and Containers (EKS), in order to identify and prioritize potential security challenges-Ability to write technical Standard Operating Procedures (SOPs) and train team members-Three years of experience in an Information Security role-Industry standard certifications like CISSP, CISM, GSEC, GCIH, etc
The Process
- Phone screen – Speak to one of our talented recruiters to ensure this could be a fit.
- -Assessment – Take a quick assessment (Don’t worry, we will prep you!)
- -Hiring Manager interview – Talk to the hiring manager so they can learn more about you and you about Granicus.
- -Panel interview – Meet more members on the team! Learn more and share more.
- -Reference checks – Provide 2 references so we can hear about your awesomeness.
- -Verbal offer – Let’s talk numbers, benefits, culture and answer any questions.
- -Written offer – Sign a formal letter and get excited because we sure are!