Data Security Engineer
The Technical Services Division of the National Association of Insurance Commissioners (NAIC) has an exciting opportunity for a Data Security Engineer. We are looking for a team member who would enjoy working for an organization that strives every day to support the public good and make a difference. Are you driven to utilize your skills while delivering excellent service to build long-lasting rapport? If so, this is a perfect opportunity for you!
This position is based in the NAIC’s state-of-the-art offices in Town Pavilion in the heart of downtown Kansas City, Missouri which includes great restaurants and top-notch entertainment venues. This is a full-time position in a positive and flexible environment. This is a full-time, remote position. Candidate must live within 100 miles of the KC office and attend team and company meetings as scheduled by manager.
The Data Security Engineer is a member of the Security Operations Center (SOC). They utilize a variety of cloud and on-premises technologies to architect various security controls. They ensure that the proper security services are deployed to detect, analyze, respond to, and contain advanced attacks.
Primary Security Responsibilities:
- Assesses security vulnerabilities and proposes safeguards related to data routing, modeling, transformation, warehousing, and platforms.
- Works with cross-functional teams to understand new solutions and to ensure maintenance of legacy implementations.
- Works with business owners and strategic partners to integrate security measures for analytic platforms.
- Securing of binaries and artifacts across the supply chain for strong application lifecycle management.
- Understands RBAC from a least access perspective.
- Provides support for the Cloud security and governance technologies, to include design, implementation, reporting, monitoring and documentation of procedures.
- Mentors other Security team members from a data perspective on vulnerability and benchmark risks and communicates decisions to data and application architects.
- Evaluates platform log information for what data will be most beneficial when investigating an issue, and therefore requires collection via the SIEM.
- Investigates data measures related to disaster recovery and business continuity and proposes solutions or changes to protect the organization’s assets.
- Implements and understands Data Protection tooling and best practices
- Serves as in-house expert on data-related security controls (e.g., SOC 1, SOC 2 , SIG, etc.).
- Establishes data monitoring protocols.
- Documents security policies and procedures.
- Maintains knowledge of credential handling in vault/wallet technologies to ensure adequate security and auditing.
- Supports security design and review of new or re-engineered applications, following OWASP Top 10 guidelines.
- Understands static and dynamic security code scanning.
- Able to lead vendor discussions in re-examining our current toolset or investigating new tools to accomplish the aforementioned objectives.
- Reviews penetration test results and renders an opinion on the importance and difficult to implement corrective action.
- Interfaces with SOC and security auditors on database related controls or polices.
- Other duties may be assigned.
- May be called upon to travel to remote offices or organization sanctioned meetings in support of security initiatives.
- This position must be accessible 7x24 as issues arise but is not part of an on-call schedule.
- May be called upon to supervise or direct the activities of NAIC acquired consultants.
- Ability to generate infrastructure through Terraform.
- Strong SQL skills for report generation and data comparison.
- Familiar with Java and Java Script.
- Actively seeks proficiency in information security and shows aptitude to master techniques and technologies such as application security, cryptography, threat modeling, and penetration testing.
- Experience with Linux, and Microsoft Windows.
- Ability to work on their own and in a team environment.
- Ability to comprehend installation/technical manuals.
- Must have very intuitive troubleshooting skills to look at the broad picture.
- Able to converse with employees at all levels of the organization on technical issues.
- Strong communication and interpersonal skills and fortitude to accomplish projects.
- Strong sense of ownership and drive.
- Delivers extraordinary customer experience.
- Bachelor’s degree (B.A. or B.S.) from four-year College or university in a computer related field and 8 years of experience with database products (i.e., Oracle, AWS RDS, etc.) to include security technologies (e.g., LDAP, SAML, Terraform, etc.), and/or equivalent combination of education and experience.
- SQL and Terraform.
- Shell scripting or automation of tasks using a scripting language such as PowerShell or Python.
- Code repositories (e.g., GitLab), CI/CD pipelines, and containerization (e.g., Docker).
- Cloud technologies, to include PaaS and SaaS, ideally AWS.
- Understanding of secure-cloud configuration, (CloudTrail, AWS Config, etc.), especially infrastructure as code (e.g., Terraform).
AWS Certified Solutions Architect
Offer range $118,800 - $151,200, commensurate with education and experience.
Why Work at the NAIC/NIPR?
- Flexible Work Environment
- 37.5 Hour Work Week
- Tuition Reimbursement
- Referral Bonuses
- Choice of Insurance Plans
- Vacation Buy Back
- Infants in the Work Place
- Adoption Assistance
- Parental Leave
- Employee Recognition Programs
- Days Off for Community Service
- Student Loan Repayment Program
- Fitness Center
For consideration, please apply online at: http://careers.naic.org
Applicants for all positions are considered without regard to age, race, creed, color, religion, sex, sexual orientation, gender identity or expression, national origin or ancestry, marital status, pregnancy, genetic information, military or veteran status, disability, or any other basis protected by applicable law.