Senior Security Engineer (#CK297)

Responsibilities: Identify and analyze security gaps in detection as well as protection controls within the companys technical/software infrastructure; Analyze security solutions that will prevent and detect attacks against CK's infrastructure, including evaluation of third party security solutions by creating and conducting tests and verify if the solutions meet the security requirements of the organization; Identify weakness and susceptibility of internal employees to phishing attacks by conducting internal phishing exercises, partner with the compliance team to identify employees that would benefit from additional security education, increasing companywide awareness and educating users on identifying and mitigating phishing email risks; Identify weakness and susceptibility of Internal Employees to password attacks by promoting usage of highly specialized software that detects weaknesses in passwords, identifying internal employees and computers with weak passwords and partnering with the compliance team to raise awareness and educate users on how to create strong passwords; Partner with the security operations center to develop content and tune alerting for important events, including creating security signatures that alert if the organization is being attacked and, if necessary, work with the security operations team to reduce the number of false positives; Configure and administer security solutions, including solutions for vulnerability management, security automation and orchestration platforms Create executive reports of the findings related to phishing and password attacks and security operations and provide it to upper management or responsible stakeholders as applicable;. Stay abreast with emerging threats and work with responsible stakeholders to proactively neutralize them, including development and remediation plans and monitoring Microsoft security advisories and identify whether it is applicable within our environment; Solve frontier security problems at scale in a highly technology-focused team by working with relative stakeholders to automate the remediation of those problems, developing computer scripts, and analyzing third party software that can fulfill those requirements and implementing it. Minimum Requirements: Masters degree (or foreign equivalent) in Computer Science, Computer Engineering, or related subject area, plus one (1) year of experience in job offered, Network Security Engineer, or related occupation. Special Requirements: Academic training or experience must include the following skills: Experience as a dedicated red team operator; Ability to carry out adversary simulation in different environments ranging from traditional AD environments to modern cloud environments such as GCP or AWS; Ability to create threat scenarios and carry out threat emulation engagement based on threat intelligence; Researching and developing prototype of custom offensive and defensive security tools; Familiarity with programming languages (such as Python) to be able to automate vulnerability management functions; Experience in IT infrastructure systems, including Windows, Linux, Mac, enterprise firewalls, routers, switches, Cloud, Docker, and Identity and Access Management systems. To apply, send resume either by email to, or by mail to: Credit Karma, LLC, Attn: Anyssa Dunning, 1100 Broadway, 18th Floor, Oakland, CA 94607. Must reference job title and job code when applying. Background checks reqd.