Sitecore is the global leader in experience management software that enables context marketing. The Sitecore® Experience Platform™ manages content, supplies contextual intelligence, automates communications, and enables personalized commerce, at scale.
It empowers marketers to deliver content in context of how customers have engaged with their brand, across every channel, in real time before, during, and after a sale.
More than 5,200 brands including American Express, Carnival Cruise Lines, easyJet, and L’Oréal have trusted Sitecore for context marketing to deliver the personalized interactions that delight audiences, build loyalty, and drive revenue.
Sitecore is experiencing spectacular growth all over the world. To build on Sitecore’s success and growth, we’re looking for a skilled Security Operations Manager to work as part of our IT Department.
The position can be based at Sitecore offices in Manchester, NH or Gatineau, Canada
The candidate will be responsible for supporting Sitecore’s IT security operations, the continuous monitoring and risk assessment of the IT corporate environment, and the remediation of assets in the event of audit findings or security events.
The candidate will work with the security / IT team to manage the organization’s security scanning tools, Security Operations Center program, assessment / analysis of the collected data, and the tracking and reporting of suspicious activity.
The successful candidate with have good business judgment, strong technical expertise, strategic thinking and the ability to work independently as well as collaboratively in a collegial, fast-paced team environment.
Support the enterprise vulnerability assessment program, which includes scanning of IT assets using commercial vulnerability assessment tools
Collaborate with others on global Security Team to perform regular security reviews by conducting assessments of systems, processes and infrastructure and making recommendations to minimize risks identified based on OWASP, PCI and SOC compliance as well as contractual requirements.
Manage IT security policies and implement programs for companywide initiatives supporting overall security profile and education.
Work with stakeholders to ensure IT policies are effective and followed.
Support and manage aspects of the enterprise security event monitoring program which includes management of Security Operations Center program and SIEM solution for corporate assets
Work as an active member of the company’s Security Incident Response Team with real time decision making for ongoing information security incidents as they occur
Work with auditors and internal stakeholders to remediate and resolve potential security issues in response to internal audits.
Act as an internal consultant to IT Infrastructure and Application teams in designing and implementing security solutions.
Perform pre-production penetration tests of IT environment
Provide guidance and implement security policy and procedures for infrastructure and Application teams
Maintain a comprehensive understanding of the company’s threat landscape in order to support the global Security Team in the selection, deployment, and operations of security infrastructure including vulnerability management, WAF, Network Monitoring, DDoS prevention and IPS / IDS.
Direct the installation and use of security tools (firewall, data encryption) to protect company data.
Collaborate with the Company’s security teams in reviewing system-related information security plans to ensure alignment with security strategies within enterprise, network, product and data governance
Qualifications and Education Requirements
8 years relevant security experience
Willingness to work as part of a global team
Knowledge of DLP and FIM strategy
Enterprising and has the ability to make decisions independently
Platforms : Office 365, Windows OS, Firewalls, Azure, Business Applications (Netsuite, Workday, Salesforce)
Knowledge of Security Tools including : Enterprise grade SIEM (e.g., Sumo Logic, QRadar),Network Vulnerability Assessment Tools (e.
g., Qualys, Nessus),Application Security Tools (e.g., Veracode),Data Loss Prevention Tools
Okta 2 factor authentication
Working knowledge of security standards, including ISO 27001, SOC 2, CSA STAR, Microsoft SDL, BSIMM
Awareness of global data protection regulations
An ideal mix of consulting and in-house operations experience
Strong communicator, with an ability to sell security
Effective problem solver, who has the ability to navigate the distributed organization
Ability to make decisions independently
Certifications : CISSP, CISM, CIPT or similar strongly preferred.
Sitecore is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without unlawful regard to race, color, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability, veteran status or any other local legally protected characteristic.