As an information security DevSecOps Engineer on the Acima Information Security team, you will be a vital member of a technical and hands-on security team supporting Acima’s product offerings and the cloud infrastructure/services used. This security engineering team is responsible for designing, deploying, implementing, automating, and operationalizing our business units security infrastructure, platforms, and toolsets.
You will actively participate in the hands-on efforts to help protect and defend our network boundaries by keeping our computers, networks, and cloud systems hardened against malicious activity and providing security services that protect sensitive customer information.
Security Engineers perform hands-on work with all layers and pieces of the technology stack and actively monitor our systems for attacks and intrusions in both on-prem and cloud environments. You will utilize your experience to own and resolve complex security incidents, implement security toolsets as well as automate and operationalize these toolsets to maximize our risk management capabilities. You will address policy questions and resolve security issues of a technical nature and will work with our software engineers to proactively identify and fix security flaws and vulnerabilities in our production environments.
- Drive the development, implementation, installation, and operationalization of information security toolsets, platforms, infrastructure, and services used to monitor and protect our team and business units. Such platforms and services could include: Code analysis (SAST/DAST/IAST) toolsets, vulnerability management for containers and cloud platforms, Log management/SIEM and security monitoring & detection, etc.
- Ensure the systems and platforms in our purview are integrated with the appropriate log management and performance monitoring capabilities and that alerting and automation processes are in place to address issues.
- Conduct technical, operational, and security/risk evaluations to identify coverage gaps in existing information security controls, corporate and production infrastructure, architecture, and processes. With your findings, propose suitable mitigations or compensating controls that address the concerns that fit the cultural and business needs of the team and organization.
- Respond to and investigate security incidents. Coordinate with leadership and Acima’s security operations team regarding findings and mitigations.
- Work with and support our Application Security Engineers' efforts to secure the product offering and the cloud platforms used to deliver the offering.
Five years of relevant industry experience in information/cybersecurity. You should have hands-on, in-depth experience and a thorough understanding of:
- Using, managing, and securing popular cloud services (SAAS, IAAS, etc.)
- Security concepts in AWS and security tools such as Inspector, GuardDuty, Macie, Config, CloudFormation, CloudWatch, CloudTrail, Trusted Advisor, WAF, etc., while familiar with third-party alternatives (and when it is beneficial to use them).
- Implementing, Integrating, and tuning network and cloud security infrastructure, applications (web and mobile), as well as security tools and platforms, and the automation to operationalize them.
- Integrating security in the continuous integration, continuous delivery, and continuous deployment (CI/CD) pipeline for Networking as code and Infrastructure as code (running unit tests, running security tools, managing secrets and using tools such as Vault). You should also understand how to use configuration management and automation tools such as Jenkins, Ansible, etc.
- Monitoring, evaluating, and interpreting vulnerabilities/CVEs, risk, and security assessments, cloud platform/system/device/IDS/IPS logs, threat analysis and malware.
- Excellent oral and written communications skills for working with a diverse professional clientele with varying levels of technical expertise. Ability to interact with internal and external customers, leadership, and co-workers in person, virtually, and in writing.
- Researching highly technical topics and deriving logical conclusions using well-thought-out processes, eliminating bias and logical fallacies.
- combining information from various sources into clear, concise technical documents that explain the background and procedures for detecting and mitigating risk.
During your career, you should have been exposed to and have an understanding of:
- Information security architecture, mitigation of threats, and compensating controls.
- Proven methods for analyzing and interpreting information from Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), or SecOps systems
- Digital forensics procedures and tools, malware analysis, and reverse engineering.
- Implementing and working with industry standards and guidelines relevant to the role and our industry, such as ISO, ITIL, NIST, SANS, CIS, ACIPA SOC1/SOC2/SOC3, and PCI.
- Possess and nurture a hacker mentality: Being able to visualize issues and possible solutions outside the box.
- Bachelor's degree, a combination of experience and/or an Associate's degree, or an equivalent combination of education, training, and work or volunteer experience. Having (or planning to have) information security and cloud-related technology certifications are a plus.
Acima Digital is a young and dynamic leasing company that provides consumers financing options for life necessities that otherwise would not be available to them. We help with financing options from tires/wheels to furniture and appliances. Acima blends the use of innovative online technology with a fast and easy application process for thousands of retailers nationwide. Customers love us because we make the impossible possible. Retailers love us because we make it easy for them.
- Flexible schedules: Hybrid (mix of office and home office)
- DTO (discretionary time off).
- Medical insurance with United Healthcare (IHC network) Acima pays 85% of the employee premium.
- Health Savings Account (HSA) with company contribution.
- Dental insurance (Cigna) and Vision insurance (United Healthcare)
- Paid holidays
- 401K match 6%/3%
- Free Dev lunches every Friday for locals
- Fully stocked snack bar with beverages
- Onsite gym and bike locker
- College tuition reimbursement program (STEM)
- Free car charging