About the Role:
DreamBox is currently seeking a Security Engineer I to advance our security program within the Technology Group and across the entire company. This role requires an individual who is at home working with all elements within a successful security program: from providing awareness training to staff, to creating and updating security policy documents, to reviewing and acting on the output from security dashboards. DreamBox makes a promise our customers: we will protect your sensitive information. The ideal candidate for this position will be able to bring together people, policy and tools to help us continue to meet that promise with confidence.

As a Security Engineer I, you will continuously review our security posture, analyze our systems, and voraciously consume security guidance from experts, vendors, security tools and government regulators. You’ll bring together those sources and add your own insights to keep DreamBox several steps ahead of bad actors. You’ll add energy and range to our security awareness program, fighting those most feared opponents of the security team: apathy, ignorance, and inertia. Throughout all of this, you’ll ensure that we maintain the rigor and precision that turns good security planning into actual security.

We need you to provide the kind of mental agility that lets us see things from the other side, and occasionally to see around corners. How does our outward-facing security look to an attacker? How does our logging and monitoring look to an auditor? How can we keep security measures from irritating our customers? Is our authentication process too cumbersome for internal users? Do developers have the right training and documentation to follow the guidelines we’ve set? Is our privacy policy clear to everyone? Can you foresee implications from pending regulations? Are there new threats or patterns in the news that should be part of our planning? Does the odd traffic in the logs yesterday mean we’re under attack? Or did someone’s DNS server just have a glitch? If you have the background and brain power to field those kinds of questions, we’d like to talk to you.
What You’ll be Doing:

• Identify and define system security requirements to develop information security plans and policies
• Participate in security vulnerability and penetration testing
• Assist with implementing information security plans and policies
• Assist in response to and recovery from a security breach
• Prepare and present awareness training to internal staff on information security standards, policies and practices
• Participate in incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage
• Configure and troubleshoot security infrastructure devices
• Develop technical solutions to automate security testing and audit tasks
• Stay up to date with latest security technology and trends
• Perform regular audits and provide reports

About You:

• 1 year or more of experience in an information security role
• Experience planning, researching and developing security policies, standards and procedures
• Broad and detailed experience with computer forensic tools, technologies and methods, including anti-virus software, intrusion detection, firewalls and content filtering
• Preference to candidates who have a security certification, such as CISSP, ISSEP, or Certified Ethical Hacker (CEH)
• Git and various hosted Git implementations (GitHub, BitBucket)
• Outstanding interpersonal and communication skills
• Robust problem-solving skills
• Knowledge of potential attack vectors such as XSS, injection, hijacking, social engineering, and so on
• Working knowledge of compliance standards such as FERPA, COPPA, GDPR, and ISO 27000.
• Familiarity with risk assessment methodology and risk analysis preparation
• Familiarity with AWS Cloud configuration, particularly monitoring and security components
• Intermediate-level setup and configuration of vulnerability detection software, such as Nexpose, Nessus, Threat Stack, or AWS Inspector
• Advanced-level expertise with Microsoft Word and Excel, including templating and style sheet use