Information Security Engineer

Company Description

Strategy (Nasdaq: MSTR) is at the forefront of transforming organizations into intelligent enterprises through data-driven innovation. We don't just follow trends—we set them and drive change. As a market leader in enterprise analytics and mobility software, we've pioneered the BI and analytics space, empowering people to make better decisions and revolutionizing how businesses operate.

But that's not all. Strategy is also leading a groundbreaking shift in how companies approach their treasury reserve strategy, boldly adopting Bitcoin as a key asset. This visionary move is reshaping the financial landscape and solidifying our position as a forward-thinking, innovative force in the market. Four years after adopting the Bitcoin Standard, Strategy's stock has outperformed every company in the S&P 500.

Our people are the core of our success. At Strategy, you'll join a team of smart, creative minds working on dynamic projects with cutting-edge technologies. We thrive on curiosity, innovation, and a relentless pursuit of excellence.

Our corporate values—bold, agile, engaged, impactful, and united—are the foundation of our culture. As we lead the charge into the new era of AI and financial innovation, we foster an environment where every employee's contributions are recognized and valued.

Join us and be part of an organization that lives and breathes innovation every day. At Strategy, you're not just another employee, you're a crucial part of a mission to push the boundaries of analytics and redefine financial investment

Job Description

Job mode: Either work 5 days a week from the Pune office in the EMEA shift, or work remotely in the US shift.

Job Description

• Support the detection, monitoring and tracking of security vulnerabilities at the application, database, server, workstation and OS levels

• Support AWS, Azure, and Google cloud operations in securing the public cloud environments

• Configure and troubleshoot IAM policies, Security Groups, Service Control Policies, Role based access control, and Managed Service Identities

• Tune-in and configure SIEM performance and events data quality to maximize log correlation efficiency

• Work closely with the network team to implement and maintain network access control technologies

• Configure Security Orchestration, Automation, and Response (SOAR) tools, scripts, events, and playbooks

• Expertise in shell scripting and other programming languages, such as Python and Power Shell

• Proficiency in understanding and using regular expressions (regex)

• Solid understanding of REST/SOAP/WSDL/XML (Web Services), HTTP Request Methods.

• Work closely with the compliance team to identify, document and implement various security controls related to NIST, FedRAMP, HiTRUST, and ISO 27001

• Guide the network and operations teams in implementing security best practices

• Work with network, and systems engineering teams to promote automation, automated monitoring and administration functionality

• Implement, and support security solutions including but not limited to Intrusion Detection, Log Management, Data Loss Prevention, Vulnerability Management, Web Content Filtering, and Configuration Management

• Support the efforts to develop operational best practice procedural documentation for operations staff

• Assist in the development and documentation of various systems, policies, procedures, and customer deliverables

• Research new products and make appropriate recommendations

• Develop and design project plans, tasks and timelines and then provide verbal and written status reports as directed

• Conduct on-going security assessments, document and track findings and remediation activities

• Provide on-call support as needed

Qualifications

• BS in Computer Science, Engineering or related field desired

• Minimum 3 years of experience supporting enterprise level environment

• Must have a good understanding of the following: Log correlation, SIEM technologies (AlertLogic, ArcSight, Q1 Radar, Log Rhythm, Splunk, etc.), IDS/IPS technologies, Vulnerability Scanners (Nessus, Qualys, etc.) and other related technologies

• Understanding of common web application vulnerabilities and familiarity with using web application scanning tools such as Burp Suite, ZAP Proxy, Acunetix, etc.

• Understanding of cloud solutions and cloud security best practices in environments such as AWS, Azure and Google Cloud

• Solid understanding of compliance requirements and standards such as PCI-DSS, HIPAA, HiTRUST, ISO 27001, SOX. etc.

• Demonstrated knowledge of one or more of the following systems: Linux, Windows, or Mac OS

• Working knowledge of firewall and web filtering technologies

• Experiences practicing ITIL framework-based processes such as Change, Problem, and Incident management in an enterprise environment

• Excellent verbal and written communication, presentation, and interpersonal skills

• Able to define, document and support systems, policies, and procedures

• Excellent analytic, problem solving and troubleshooting skills

• Good knowledge and experience designing network, system and application security architectures

• Ability to efficiently handle multiple projects with shifting priorities

• Able to anticipate and mitigate risks as well as define architectural solutions