RevSpring
Job Summary
RevSpring
is looking for a builder‑style Security Engineer to own, integrate, and automate the full lifecycle of security tools—SIEM, CSPM, EDR/XDR, SOAR, IAM, and vulnerability management—while aligning controls to risk and industry frameworks. The role will drive compliance initiatives, conduct risk assessments, and manage frameworks such as NIST, HITRUST, ISO 27001, and PCI‑DSS, all while supporting emerging threat detection through an offensive‑defensive security mindset. Positioned at the intersection of engineering, architecture, and strategy, this high‑impact position is a key part of building the security backbone for a critical‑communications organization.
Essential Functions Tool Ownership & Security Architecture
Own the lifecycle of security platforms including EDR/XDR, SIEM, SOAR, CSPM, IAM, and vulnerability management.
Integrate and automate security tools and workflows across IT, cloud, and SOC environments.
Continuously tune alerting, dashboards, and policies to reduce noise and improve signal quality.
Maintain security control maps and maturity metrics.
Security Maturity & Measurement
Build and maintain RevSpring’s Security Tool Maturity Roadmap.
Track and report key performance indicators (KPIs) and return on investment (ROI) for all tools.
Map control capabilities to frameworks such as NIST CSF, HITRUST, ISO 27001, and CIS Controls.
Identify coverage gaps and eliminate redundant tools.
Security Engineering & Compliance
Conduct regular security risk assessments and audits across systems, applications, and networks.
Design and implement new security solutions, collaborating closely with infrastructure, cloud, and AppSec teams.
Support and maintain compliance with HIPAA, HITRUST, PCI‑DSS, SOX, NIST, and GLBA.
Formulate and manage IT security incident response strategies.
Automation & Enablement
Develop scripts and integrations using Python, PowerShell, Bash, and REST APIs to automate security operations.
Embed security controls into CI/CD pipelines and infrastructure as code.
Maintain documentation, runbooks, and diagrams to support repeatable security improvements.
Governance & Cross‑Functional Collaboration
Partner with procurement, risk, and compliance teams to manage tool renewals, licensing, and governance.
Communicate security tool performance, maturity, and improvements to leadership in clear, data‑driven ways.
Translate complex technical issues into business‑relevant language.
Minimum Requirements Specific Job Skills
Strong understanding of at least three areas of the modern security stack: SIEM, EDR/XDR, SOAR, CSPM, IAM, or vulnerability management.
Experience in cloud security (AWS, Azure, or GCP) and implementing security controls across cloud platforms.
Experience with security assessments, architecture design, and risk‑based security implementation.
Familiarity with standards/frameworks: NIST CSF, HITRUST, ISO 27001/27002, COBIT, ITIL, CIS.
Proficient in scripting/automation (e.g., Python, PowerShell) and integrating APIs.
Experience with penetration testing, ethical hacking, or advanced threat detection tools.
Ability to support compliance requirements and perform security reviews for internal and external stakeholders.
Experience building or managing a security tool governance or maturity framework.
Certifications such as GDSA, GCIA, AWS Security Specialty, CISSP, CISM, or similar.
Familiarity with MITRE ATT&CK, secure coding practices, and modern DevSecOps workflows.
Strong project management, reporting, and stakeholder communication skills.
Analytical mindset with the ability to break down complex problems.
Strong written and verbal communication skills — technical and non‑technical audiences.
Proven ability to work independently and as part of a team.
Flexible and adaptable to evolving business and technical priorities.
Passion for continuous learning and measurable security outcomes.
Education N/A
Experience 3–7 years of hands‑on experience in Security Engineering, SOC Engineering, or DevSecOps.
Supervision N/A
Certifications N/A
Language Skills Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from a variety of both internal and external sources.
Physical Capabilities The physical capabilities described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.
RevSpring is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. RevSpring does not discriminate against any group in hiring or employment practices. Nothing in this job description constitutes a contract for employment. This Job Description may not describe all of the job responsibilities and standards assigned to this position. The duties may change from time to time.
#J-18808-Ljbffr
is looking for a builder‑style Security Engineer to own, integrate, and automate the full lifecycle of security tools—SIEM, CSPM, EDR/XDR, SOAR, IAM, and vulnerability management—while aligning controls to risk and industry frameworks. The role will drive compliance initiatives, conduct risk assessments, and manage frameworks such as NIST, HITRUST, ISO 27001, and PCI‑DSS, all while supporting emerging threat detection through an offensive‑defensive security mindset. Positioned at the intersection of engineering, architecture, and strategy, this high‑impact position is a key part of building the security backbone for a critical‑communications organization.
Essential Functions Tool Ownership & Security Architecture
Own the lifecycle of security platforms including EDR/XDR, SIEM, SOAR, CSPM, IAM, and vulnerability management.
Integrate and automate security tools and workflows across IT, cloud, and SOC environments.
Continuously tune alerting, dashboards, and policies to reduce noise and improve signal quality.
Maintain security control maps and maturity metrics.
Security Maturity & Measurement
Build and maintain RevSpring’s Security Tool Maturity Roadmap.
Track and report key performance indicators (KPIs) and return on investment (ROI) for all tools.
Map control capabilities to frameworks such as NIST CSF, HITRUST, ISO 27001, and CIS Controls.
Identify coverage gaps and eliminate redundant tools.
Security Engineering & Compliance
Conduct regular security risk assessments and audits across systems, applications, and networks.
Design and implement new security solutions, collaborating closely with infrastructure, cloud, and AppSec teams.
Support and maintain compliance with HIPAA, HITRUST, PCI‑DSS, SOX, NIST, and GLBA.
Formulate and manage IT security incident response strategies.
Automation & Enablement
Develop scripts and integrations using Python, PowerShell, Bash, and REST APIs to automate security operations.
Embed security controls into CI/CD pipelines and infrastructure as code.
Maintain documentation, runbooks, and diagrams to support repeatable security improvements.
Governance & Cross‑Functional Collaboration
Partner with procurement, risk, and compliance teams to manage tool renewals, licensing, and governance.
Communicate security tool performance, maturity, and improvements to leadership in clear, data‑driven ways.
Translate complex technical issues into business‑relevant language.
Minimum Requirements Specific Job Skills
Strong understanding of at least three areas of the modern security stack: SIEM, EDR/XDR, SOAR, CSPM, IAM, or vulnerability management.
Experience in cloud security (AWS, Azure, or GCP) and implementing security controls across cloud platforms.
Experience with security assessments, architecture design, and risk‑based security implementation.
Familiarity with standards/frameworks: NIST CSF, HITRUST, ISO 27001/27002, COBIT, ITIL, CIS.
Proficient in scripting/automation (e.g., Python, PowerShell) and integrating APIs.
Experience with penetration testing, ethical hacking, or advanced threat detection tools.
Ability to support compliance requirements and perform security reviews for internal and external stakeholders.
Experience building or managing a security tool governance or maturity framework.
Certifications such as GDSA, GCIA, AWS Security Specialty, CISSP, CISM, or similar.
Familiarity with MITRE ATT&CK, secure coding practices, and modern DevSecOps workflows.
Strong project management, reporting, and stakeholder communication skills.
Analytical mindset with the ability to break down complex problems.
Strong written and verbal communication skills — technical and non‑technical audiences.
Proven ability to work independently and as part of a team.
Flexible and adaptable to evolving business and technical priorities.
Passion for continuous learning and measurable security outcomes.
Education N/A
Experience 3–7 years of hands‑on experience in Security Engineering, SOC Engineering, or DevSecOps.
Supervision N/A
Certifications N/A
Language Skills Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures or governmental regulations. Ability to write reports, business correspondence and procedure manuals. Ability to effectively present information and respond to questions from a variety of both internal and external sources.
Physical Capabilities The physical capabilities described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel; reach with hands and arms; and talk or hear. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.
RevSpring is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. RevSpring does not discriminate against any group in hiring or employment practices. Nothing in this job description constitutes a contract for employment. This Job Description may not describe all of the job responsibilities and standards assigned to this position. The duties may change from time to time.
#J-18808-Ljbffr