Title: Senior Security Engineer
Location: Remote – USA
The Security Engineer is an integral contributor to the effectiveness of HubSpot’s information security. They will be responsible for deploying and operating our various tool sets with the goal of minimizing threats to the confidentiality, integrity, and availability of both customer and corporate information. The engineer will work extensively with our Information Technology and Network Engineering teams to design and integrate continuous improvements to our infrastructure as well as ensure both our processes and tools are fully optimized. They will be the primary implementer of solutions that will augment visibility and anomaly detection throughout the enterprise. They will become a Subject Matter Expert in both our information architecture as well as the tools, policies, and processes we utilize to protect it. The engineer will maintain timely knowledge of the evolving threat landscape in order to identify relevant risk and determine if adjustments to our toolsets are required. They will partner with other members of the Information Security team to ensure cohesive awareness of risk and our risk reduction capabilities, as well as easily collaborate with other departments that support our Information Security Program. The engineer will also work closely with Carbonite’s compliance team in order to deliver relevant content critical to our various regulatory attestations.
- Related degree and experience with network administration and/or system administration with an emphasis on security operations.
- Working knowledge of centralized policy functions and capabilities (eg Group Policy).
- Experience operating layer 7 firewalls. Inclusive of networking (layer 2 and 3), virtual routing, constructing rules, best practice segmentation, IPSec tunnels, remote access VPNs, Intrusion Prevention, and content filtering.
- Working knowledge of IP networking, including layer 2 /3 functions, static and dynamic routing protocols.
- Effective at troubleshooting network connectivity at the host level.
- Working knowledge of Active Directory and it’s functions in the enterprise.
- Experience with endpoint detection and response functionality.
- Experience investigating suspicious activity and security events.
- Experience with vulnerability management scanners.
- Experience with SIEM technologies.
- Knowledge of DNS exploitation and its role in malicious activity.
- Experience with Privileged Account Management (PAM) tools.
- Solid understanding of email risks and hygiene methods.
- Experience with Network Access Control (NAC) best practices, inclusive of IOT risk management.
- Exposure to physical security tools and conceptual best practices.
- Conceptual understanding of asset and data lifecycle management.
- Extensive experience designing and deploying High Availability layer 7 firewalls. Inclusive of networking (layer 2 and 3), virtual routing, constructing rules, best practice segmentation, IPSec tunnels, remote access VPNs, Intrusion Prevention, and application filtering.
- Extensive knowledge of IP networking, including layer 2 /3 functions, static and dynamic routing protocols.
- Experience as a primary operator of technology within a large, distributed, complex enterprise infrastructure
- Highly effective at troubleshooting network connectivity.
- Experience with Public Cloud security, including an understanding of shared security models, high risk areas, and visibility/defensive gaps in native provider platforms.
- Experience with AWS VPCs, NSGs, IAM, Cloudtrail, VPC flow logs, access logs, host protection and event investigation.
- Significant experience with Active Directory and knowledge of it’s functions in the enterprise.
- Experience with endpoint detection and response capabilities.
- Experience investigating suspicious activity and security events.
- In depth experience with SIEM technologies.
- Experience deploying DNS security tools and designing best practices.
- Experience with Privileged Account Management (PAM) tools.
- Solid understanding of email risks and hygiene methods.
- Experience with Network Access Control (NAC) best practices, inclusive of IOT risk management.
- Exposure to physical security tools and conceptual best practices.
- Conceptual understanding of asset and data lifecycle management.
- The ability to effectively coordinate with multiple stakeholders and build relationships.
- Highly effective at training team members on new (to them) technologies.
Cash compensation range: 130000-182000 USD Annually
The cash compensation above includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation, all HubSpotters are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are based on a few different factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons.