We are looking for a Senior Security Engineer to help us build and grow our EverCommerce security program. designs, builds, deploys, integrates, and optimizes security solutions and processes.
The Senior Security Engineer will have well-developed communication skills and can demonstrate proven technical ability, refined relationship management skills, and problem-solving skills. We are seeking an individual with a diverse background and that includes aptitude across several technologies, and skill sets. This role will require close coordination with other information security engineers, teams, security stakeholders and with internal and external software development teams.
Responsibilities - What You’ll Be Doing
Create and maintain security architecture and engineering processes and procedures Design of system architectures which meet established cybersecurity requirements and align with customer needsThis includes security requirements definition, documentation, and communication.Development of security architecture requirements and implementation guidance based on analysis of NIST 800-53 and or other security control frameworksArchitect, design, implement, maintain, and operates information system security controls and countermeasures.Provides techniques and patterns for securing integration with external security system vendors and/or cloud providersLeads regular architecture and design reviews to ensure requirements implementationEvaluates and plays an active role in life-cycle management of multiple security technologiesIdentify security risks and control gaps within systems, designs, products, data flows, and processes; and recommend corrective architecture, integrations, controls, and operationsParticipate in the development of security requirements, architectures, and documentation to ensure security controls are seamlessly integrated into new technology deploymentsPerform secure architecture and design reviews of new technology and security systems deployments, and collaborate with business teams to integrate secure-by-design principles into CI/CD pipelinbes and Agile development processesMaintain a clear view of the overall security architecture roadmap and strategic planLeverage emerging technologies and advanced security practices to ensure EverCommerce is at the forefront of security for our solution groups and our customersBuild, maintain and mature security architecture metrics and reportingServe as a subject matter expert/contributor measurably improving the overall security framework and programMentor junior security engineers and analystsAdditional duties as required and assigned Requirements
At least 7 years of relevant work experience in a technical field (e.g. cybersecurity, software development, or systems administration)Bachelor's Degree in a technical discipline such as Cyber Security, Information Technology, Computer Science, or Information Systems - or equivalent professional experience Have at least one current Industry recognized security certifications; CISSP, CISM, CISA, GIAC or commensurate experienceExcellent communication and interpersonal skills, with the ability to communicate and collaborate effectively with cross-functional teams, matrixed organizations, and technical / and non-technical stakeholdersDemonstrated experience with the security, development and/or management of systems compliant to NIST 800-53, NIST CSF, or ISO 27001-2022 security control frameworksExceptional knowledge and understanding on the creation/implementation and securing of cloud technologies such AWS and AzureKnowledge of Information Security risk assessment methodologies and standardsHighly flexible, self-motivated and eager to learn, with a strong passion for cyber securityExcellent verbal and written English communication skills Preferred Qualifications
Our ideal candidate would also have the following preferred skills, experience, or education:
Advanced knowledge regarding common attacks, attack methods, and defense architectures.Experience in securing multi-tenant compute services, microservices and modern APIsWorking knowledge of common web and container-based vulnerabilitiesExperience with Information Security policies and procedure development and implementationExperience developing technical documentation, including reports, proposals, statements of work, and whitepapersWhere:
The EverCommerce team is distributed globally, with teams in the U.S., Canada, the U.K., Jordan, New Zealand, and Australia. With a widely distributed team, we are used to working remotely across different time zones. This role can be based anywhere in the United States (Denver, CO is preferred) – if you’re close to one of our offices, we can set you up in-office or you can work 100% remotely. Please note that you must be eligible to work without sponsorship to qualify for this position, and this role may require travel to our Corporate Headquarters in Denver, Colorado, or to other office locations around North America.
Benefits and Perks:
Continued investment in your professional developmentDay 1 access to a robust health and wellness benefits package, including an annual wellness stipend.401k with up to a 4% match and immediate vestingFlexible and generous (FTO) time-offEmployee Stock Purchase Program Compensation: The target base compensation for this position is $130,000 to $160,000 USD per year plus annual bonus opportunity in most US locations. Final offer amounts are determined by multiple factors including location, local market variances, and candidate experience and expertise, and may vary from the amounts listed above.
EverCommerce is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, age, marital status, veteran status, or disability status. We look forward to reviewing your credentials and getting to know more about your experience!