Senior InfoSec Engineer

Who we are: Vivid Seats is the largest independent online ticket marketplace, sending tens of millions of fans to live events. We believe in the power of experiences and are fiercely dedicated to building products that inspire human connections. Named as one of Built In Chicago’s top 10 places to work in 2021, we believe that our People are our greatest competitive advantage. To support our People, we have built a company culture that empowers our employees to embrace challenges, encourages unity through collaboration, and seeks to constantly evolve by leveraging data and inspiring innovation.

The Opportunity: As an InfoSec Senior Engineer, you’ll be responsible for partnering with platform engineering teams to drive security practices and principles related to cloud-based infrastructure and with the service desk team to ensure that security controls are functioning as expected in the local IT architecture. This role designs and implements security controls such as networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security information and event management, encryption, proxies, cloud-based security control services. These controls are designed and implemented for cloud providers and local IT architectures.

This role will also be responsible for the detection, response and remediation of cyber related attacks. This role must have experience in the area of incident response and will participate in incident response activities. This role integrates new technologies from a logging and incident response perspective and will work with a managed security service provider (MSSP) to respond to alerts, onboard new event sources and alerting use cases.

This is a hands-on technical position best suited for a professional with security engineering and operations experience and a background collaborating with multiple groups (project, business, architecture, and operational teams) across an organization.

How your role contributes to the success of Vivid Seats:

• Integrate with internal engineering teams providing frameworks to build, design and implement products across the organization securely.
• Design, deploy and support internal security controls and network architectures.
• Assist in the prompt investigation of security alerts and be prepared to isolate and remediate incidents pursuant to established procedures.
• Support incident response operations and development of standard operating procedures, run books and related templates.
• Provide training to the Vivid Seats community, fostering a security positive culture.
• Support and assist in developing ongoing roadmap for security related projects.
• Establish standard, repeatable practices to maintain a security program based on a well-defined security framework.
• Mentor engineers, encourage team members and champion technology security across engineering teams.
• Tackle some of the most difficult challenges securing an e-commerce marketplace by effectively embedding prudent security practices and features that maximize value and protect sensitive data.
• Partner with a team of Product Owners, Quality Engineers and Engineers to ensure security throughout the software development lifecycle.
• Ensure compliance with society, regulatory and industry standards for application security.

 How your role expectations will progress as a Senior Engineer in the first 30, 60, and 180 days:

30 days in:

• Complete new hire orientation, gaining the resources you need to be successful.
• Learn how ticket marketplaces operate and how you’ll contribute to providing great experiences for our customers.
• Acclimate to team and company norms, business objectives and Vivid Seats values.
• Develop basic understanding of applications, tech stack and development process.
• Understand our existing security practices, frameworks and tools.

90 days in:

• Enhance our approaches, methods or technologies associated with our security controls environment.
• Engineer and support security controls and respond to alerts.
• Partner with platform engineering team to understand AWS environment and to introduce security controls and best practices associated with build and deploy pipelines and AWS related infrastructure (EKS, ECS, EC2, security groups, VPC, IAM, etc).
• Build, maintain and leverage internal and external relationships to achieve progress and advance security objectives.
• Apply technical learnings that align with the product roadmap and technology strategy to improve our overall security posture.
• Support and assist in developing ongoing roadmap for security related projects.

180 days in:

• Design and implement process improvements that positively impacts the team and our overall security posture.
• Mentor others and lead your team, playing an active role in elevating the skill sets of those you work with.
• Guide the team's work so that it fits into the larger team and engineering group objectives.
• Improve security in core systems and applications managed by the team and contribute to engineering group objectives.
• Continuously evaluate the organization’s existing security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.

What You’ll Bring:

• 5 years of combined experience in information security engineering, operations and technology with at least 3 years of experience focusing on information security.
• Extensive knowledge of current and emerging IT security technologies and techniques covering all levels of cloud and local IT architecture.
• Understanding of AWS concepts, services and related controls.
• Security operations experience including alert review and incident response.
• Knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPS\IDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, cloud services, mobile devices, etc.
• Vulnerability management experience across multiple operating systems, databases, and applications, remediating issues with technical staff.
• Experience in TCP/IP networking, firewalls and virtual private networks (VPN).
• Understanding of current encryption standards and implementation procedures.
• Ability to work with engineering teams to weigh business risks and enforce appropriate security measures.
• Ability to work both independently and collaboratively with peers, across teams and with management.
• Experience with incident management and threat remediation including threat analysis, isolation, identification, and eradication.
• Ability to handle multiple tasks and projects simultaneously.
• Knowledge and experience with control frameworks such as ISO, NIST CSF, and PCI.
• Passion for technology and information security.
• A. or B.S. in Computer Science, Information Management, or relevant field
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Forensic Investigator (CFI), GFCA Certified Forensic Analyst (GIAC) or other similar credentials.

Our Commitment:
We are an equal opportunity employer that values the critical importance of a diverse workforce and sense of belonging. Many of our roles have flexible requirements and we encourage you to apply regardless of whether you meet every qualification.

Vivid Seats provides competitive compensation; bonus incentives; FLEX PTO; mental health days; medical, dental, and vision insurance; 401K matching; monthly credits and discounts for attending live events; remote work and snack allowances; and a variety of additional workplace perks.