Staff Security Engineer, Cybersecurity- 190229
Technology & Operations – Information Security and IRM
Ellie Mae (NYSE:ELLI) is the leading cloud-based platform provider for the mortgage finance industry. Ellie Mae’s technology solutions enable lenders to originate more loans, reduce origination costs, and reduce the time to close, all while ensuring the highest levels of compliance, quality and efficiency. Visit EllieMae.com to learn more.
The Staff Engineer, Cybersecurity will work as a member of the Information Security team and will provide overall direction, life cycle management and leadership for Cybersecurity architecture and technology.
You will take a lead role in the identification, analysis, evaluation, life-cycle management and adoption of our security technologies. You will be a key consultant regarding security features of technologies used in the corporate environment, working closely with other security functions to ensure that there is coordination with their activities in technology choices.
The Security Engineer is a hands-on role that involves evaluating and enforcing application security & cyber threat intelligence in all phases of the software development life cycle. You will partner with our development teams to define the application security best practices, perform software architecture and design reviews, conduct white box security testing, and support the identification, interpretation, and remediation of vulnerabilities across a variety of applications, programming languages, and platforms. Key areas of focus for this role will be cyber threat intelligence and application security.
- Act as the authority and Domain Expert in application security, cyber threat intelligence and information security and advise leadership on the related issues, systems, processes, products, and services.
- Manage the life cycle of security technologies.
- Keep up to date with the latest security technologies; make recommendations for use based on business value
- Create and maintain application and enterprise security standards applicable to all technologies in the portfolio
- Work closely with the other technology members to make sure that security is properly provisioned in their technology domains.
- Develop and enhance the cyber threat intelligence function
- Architect, prioritize, coordinate and communicate the choice of cyber threat intelligence and digital risk protection technologies necessary to ensure a highly secure yet usable computing environment
- Participate in the evaluation of overall risk for applications and IT systems and the data they contain and process, accounting for the people, processes, and technologies that provide security controls
- Assist in the audit process.
- Maintains oversight of the design and implementation of products and IT systems to ensure appropriate and effective security controls are included
- Serve as an Information Security authority and contribute to the definition of overall product and IT security architecture
- Participate in architecture and design reviews with senior development/DevOps staff; define and design security code analysis tools and framework.
- Define, maintain and enforce application security best practices. Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation.
- Issue reports on application scans; monitor, track progress, and maintain history of found vulnerabilities.
- Perform Secure Code Development Training to developers and relevant staff.
- Self-direct, and provide direction/guidance to individuals or small teams. Prior experience decomposing larger objectives into smaller, defined tasks.
- Contribute, influence, and provide security controls and requirements to various Ellie Mae products.
- Author and present materials ranging from detailed technical specifications to high-level presentations.
- Bachelor degree in Computer Engineering or related field of study
- 10 + years of dedicated experience in the InfoSec space responsible for Threat Modeling of complex security systems and delivering comprehensive architecture specifications for complex security solutions.
- Expert knowledge of information security principles, web applications and familiarity with malicious code and common techniques used by hackers.
- Prior experience coding using Java or Python.
- Knowledge of hosted and cloud-based infrastructures and how they affect security implications and control approaches (familiarity with Amazon Web Services is a plus).
- Demonstrated ability to integrate various security technologies and controls into a cohesive architecture that sufficiently mitigates risk to the company.
- Posses a deep technical understanding of and experience with security technologies including, but not limited to, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development, and cryptographic protection mechanisms.
- Strong client service orientation
- Strategic thinker; forward-thinking; innovative
- Thorough understanding of the security controls provided in common platforms and applications for corporate environment
- Ability to use personal influence and communications processes to align technology to business objectives and articulate vision and strategy for complex technical undertakings.
- Ability to deal with ambiguity and make experienced judgments in situations for which little to no precedent exists
- Independently deliver working, high quality solutions on time.
- Be focused, passionate and strive to find simple solutions to complex problems using your analytical skills. Quickly digest any issue/problem encountered and recommend an appropriate solution.
- Great energy and enthusiasm with a positive, collaborative working style, clear communication and writing skills and well-honed influencing and negotiating skills.
Ellie Mae is an equal opportunity and affirmative action employer. Women, minorities, people with disabilities, and veterans are encouraged to apply.
We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.