Ivalua
Senior Cloud/Infrastructure Security Engineer New York City, NY
Ivalua, New York, New York, us, 10261
Senior Cloud/Infrastructure Security Engineer
New York City, NY Senior Security Engineer (New York City - NY) Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions. COMPANY OVERVIEW At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. Our team is dedicated to serve our clients post going-live the best way we can to secure an exceptional client experience. With over 10 global team members, Infosec team needs to work with IT and R&D teams to keep our enterprise-class SaaS service secure from a variety of threats. ROLE: This is an exciting opportunity for a Senior Security Engineer role at Ivalua. You will engineer, implement, review and monitor technical security controls to protect and enhance the security of our hosting and corporate infrastructure, networks and applications. You will also help with operational security aspects which will include performing security reviews on infrastructure changes, reviewing firewalls rules, analyzing results from vulnerability or penetration testing reports, investigating security events by analyzing logs and identifying actionable plans to address in the infrastructure. WHAT YOU WILL DO WITH US Perform technical security design, architecture, change and/or configuration audits/reviews on our hosting and corporate infrastructure systems including Azure cloud environments, servers, network devices, endpoints, and security technologies deployed (CNAPP, MDM, WAF, DDoS, etc.) Act as the main SPOC for the network and cloud vulnerability management activities to perform scanning, internal and third-party penetration testing and red teaming as well as analysis and retesting of the reported security findings Collaborate with the SOC team to enhance our detection and response processes and capabilities Support the security initiatives for securing our Azure environments (EntraID Conditional Access, CSPM, Infrastructure as Code, NSG rules review etc.) Provide support to the GRC team on the technical security controls related to compliance initiatives (such as FedRAMP, PCI, NIST 800-53 r5, IRAP, SANS CIS 20) and the technical security questions from customers and prospects Act as the SME on infrastructure and cloud security topics, expand and develop sharing of technical knowledge and collaborate with multiple internal teams to review and improve the technical architecture and efficiency of IT and security operational processes YOUR PROFILE If you have the below experience and strengths this role could be for you: Skills and Experience: 5+ years of hands-on experience on infrastructure and network security engineering / architecture, protocols and technologies like CNAPP, CSPM, MDM, IAM, DDoS 5+ years of hands-on experience in performing network and/or cloud penetration testing Experience with scripting (such as Python, PowerShell etc.) Knowledge of Active Directory (key concepts, protocols, services, tiering, main attacks, best practices for hardening etc.) Knowledge of Cryptography concepts, encryption algorithms, protocols, keys and certificates management Hands-on experience with security concepts on Azure cloud environments and services (Azure EntraID, Azure Key Vault, Azure encryption, Azure Sentinel, NSG, Azure firewall etc.) Experience with security incident response and investigation Ability to foster collaborative, open and working relationships with technology and other stakeholders Experience with security standards and compliance programs such as OWASP, NIST, FedRAMP, PCI, SANS CIS 20 An Information Security qualification or evidence of starting to work towards e.g. OSCP, eJPT AZ-500, GIAC GPEN or similar certification Ability to handle multiple tasks, prioritize and meet deadlines Soft Skills : Ability to handle multiple tasks, prioritize and meet deadlines Ability to foster collaborative, open and working relationships with technology and other stakeholders WHAT HAPPENS NEXT If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today! Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you! Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role. Interviews will be conducted virtually via video or on-site with face-to-face meetings. LIFE AT IVALUA Hybrid working model (3 days in the office per week) We're a team dedicated to pushing the boundaries of product innovation and technology Sustainable Growth, Privately Held A stable and cash-flow positive Company since 10 years Snacks and weekly lunches in the office Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity Unlock and unleash your full professional potential with our exceptional training and career development program Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued Regular social events, competitive outings, team running events, and musical activities, United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/ Experience life at Ivalua - check out our captivating video ! Gain insight into our unique company culture and get a glimpse of what it's like to work with us. Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents. The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience. Title: Senior Security Engineer Range minimum: USD 112000 Range maximum: USD 208000 Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation. #LI-PDE #LI-HYBRID Create a Job Alert Interested in building your career at Ivalua? Get future opportunities sent straight to your email. Apply for this job
* First Name * Last Name * Email * Phone Resume/CV Enter manually Accepted file types: pdf, doc, docx, txt, rtf Enter manually Accepted file types: pdf, doc, docx, txt, rtf This role will require a Hybrid work schedule of 3 days of the week working in the office - Tuesday and Thursday in the office is required with the 3rd day based on Department preference. Are you able to work this Hybrid work schedule? * Select... What is your expected Base Salary (not including bonus) for this position? A narrow range or single number is greatly appreciated. * Select... Candidates for this position must demonstrate they qualify as a “U.S. Person” as defined under the U.S. export control laws as this position involves access to technology that is subject to U.S. export controls.Can you please confirm whether you fulfill this requirement? * Select... We are interested in profiles who have redteam experience. Do you fulfill this requirement? * Select... Do you have at least 5+ years experience in penetration testing? * Select... Do you have at least 5+ years experience Azure cloud security (EntraID, Key Vault, NSG etc.)? * Select... Do you have at least 5+ years experience in Technical security review (new changes, new tools, new technologies, new configurations, new software installation etc.) * Select... Voluntary Self-Identification
For government reporting purposes, we ask candidates to respond to the below self-identification survey.Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiringprocess or thereafter. Any information that you do provide will be recorded and maintained in aconfidential file. As set forth in Ivalua’s Equal Employment Opportunity policy,we do not discriminate on the basis of any protected group status under any applicable law. If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection.As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measurethe effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categoriesis as follows: A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability. A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service. An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense. An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985. Select... Voluntary Self-Identification of Disability
Form CC-305 Page 1 of 1 OMB Control Number 1250-0005 Expires 04/30/2026 Voluntary Self-Identification of Disability Form CC-305 Page 1 of 1 OMB Control Number 1250-0005 Expires 04/30/2026 Why are you being asked to complete this form?
We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years. Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp . How do you know if you have a disability?
A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability.
Disabilities include, but are not limited to: Alcohol or other substance use disorder (not currently using drugs illegally) Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS Blind or low vision Cancer (past or present) Cardiovascular or heart disease Celiac disease Cerebral palsy Deaf or serious difficulty hearing Diabetes Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders Epilepsy or other seizure disorder Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome Intellectual or developmental disability Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD Missing limbs or partially missing limbs Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS) Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities Partial or complete paralysis (any cause) Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema Short stature (dwarfism) Traumatic brain injury
Disability Status Select... PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.
#J-18808-Ljbffr
New York City, NY Senior Security Engineer (New York City - NY) Founded in 2000, Ivalua is a leading global provider of cloud-based procurement solutions. COMPANY OVERVIEW At Ivalua we are a global community of exceptional professionals, who believe that digital transformation revolutionizes supply chain sustainability and resiliency to unlock the power of supplier collaboration. We achieve this through our leading cloud-based spend management platform that empowers hundreds of the world's most admired brands to effectively manage all categories of spend and all suppliers to increase profitability, improve ESG (environmental, social, and corporate governance) performance, lower risk, and improve productivity. Driven by our passions and fueled by our shared ambitions, we empower and challenge each other to create meaningful experiences for our colleagues, customers, partners, and communities. Our team is dedicated to serve our clients post going-live the best way we can to secure an exceptional client experience. With over 10 global team members, Infosec team needs to work with IT and R&D teams to keep our enterprise-class SaaS service secure from a variety of threats. ROLE: This is an exciting opportunity for a Senior Security Engineer role at Ivalua. You will engineer, implement, review and monitor technical security controls to protect and enhance the security of our hosting and corporate infrastructure, networks and applications. You will also help with operational security aspects which will include performing security reviews on infrastructure changes, reviewing firewalls rules, analyzing results from vulnerability or penetration testing reports, investigating security events by analyzing logs and identifying actionable plans to address in the infrastructure. WHAT YOU WILL DO WITH US Perform technical security design, architecture, change and/or configuration audits/reviews on our hosting and corporate infrastructure systems including Azure cloud environments, servers, network devices, endpoints, and security technologies deployed (CNAPP, MDM, WAF, DDoS, etc.) Act as the main SPOC for the network and cloud vulnerability management activities to perform scanning, internal and third-party penetration testing and red teaming as well as analysis and retesting of the reported security findings Collaborate with the SOC team to enhance our detection and response processes and capabilities Support the security initiatives for securing our Azure environments (EntraID Conditional Access, CSPM, Infrastructure as Code, NSG rules review etc.) Provide support to the GRC team on the technical security controls related to compliance initiatives (such as FedRAMP, PCI, NIST 800-53 r5, IRAP, SANS CIS 20) and the technical security questions from customers and prospects Act as the SME on infrastructure and cloud security topics, expand and develop sharing of technical knowledge and collaborate with multiple internal teams to review and improve the technical architecture and efficiency of IT and security operational processes YOUR PROFILE If you have the below experience and strengths this role could be for you: Skills and Experience: 5+ years of hands-on experience on infrastructure and network security engineering / architecture, protocols and technologies like CNAPP, CSPM, MDM, IAM, DDoS 5+ years of hands-on experience in performing network and/or cloud penetration testing Experience with scripting (such as Python, PowerShell etc.) Knowledge of Active Directory (key concepts, protocols, services, tiering, main attacks, best practices for hardening etc.) Knowledge of Cryptography concepts, encryption algorithms, protocols, keys and certificates management Hands-on experience with security concepts on Azure cloud environments and services (Azure EntraID, Azure Key Vault, Azure encryption, Azure Sentinel, NSG, Azure firewall etc.) Experience with security incident response and investigation Ability to foster collaborative, open and working relationships with technology and other stakeholders Experience with security standards and compliance programs such as OWASP, NIST, FedRAMP, PCI, SANS CIS 20 An Information Security qualification or evidence of starting to work towards e.g. OSCP, eJPT AZ-500, GIAC GPEN or similar certification Ability to handle multiple tasks, prioritize and meet deadlines Soft Skills : Ability to handle multiple tasks, prioritize and meet deadlines Ability to foster collaborative, open and working relationships with technology and other stakeholders WHAT HAPPENS NEXT If your application fits this specific position’s needs, our skilled Talent team will reach out to schedule an initial screening call. Get one step closer to achieving your goals – apply today! Our Talent team will guide you through every step of the interview process - from preparation to completion. They're here to support you! Our recruitment process is designed to assess your competencies through a series of personalized interviews with internal stakeholders relevant to the role. Interviews will be conducted virtually via video or on-site with face-to-face meetings. LIFE AT IVALUA Hybrid working model (3 days in the office per week) We're a team dedicated to pushing the boundaries of product innovation and technology Sustainable Growth, Privately Held A stable and cash-flow positive Company since 10 years Snacks and weekly lunches in the office Feel empowered to pursue your goals with improved team collaboration and increased creativity/productivity Unlock and unleash your full professional potential with our exceptional training and career development program Join a dynamic and international team of top-notch professionals who are experts in their respective fields. Collaborate with like-minded individuals who are deeply passionate and highly motivated about their work. Experience a truly diverse and inclusive work environment where your unique contributions are highly valued Regular social events, competitive outings, team running events, and musical activities, United by our values we embrace diversity and equity in the broadest possible sense to create an inclusive workplace. To help our customers make supply chains more efficient, sustainable and resilient, we rely on a global team with a variety of backgrounds, skills and views. We believe in equal opportunity and in diversity as a driver of innovation that cultivates a spirit of inclusiveness, creates a productive and fun place to work, and provides fulfilling career opportunities for all Ivaluans. https://www.linkedin.com/company/ivalua/about/ Experience life at Ivalua - check out our captivating video ! Gain insight into our unique company culture and get a glimpse of what it's like to work with us. Ivalua’s core values include a priority on Care & Grow People. We take matters like pay equity very seriously and strive to reward our employees appropriately and fairly for their talents. The compensation range for this position reflects the cost of labor across our US locations and is based upon careful and continual market research. In addition to location, compensation may also vary based upon job-related knowledge, skills, and experience. Title: Senior Security Engineer Range minimum: USD 112000 Range maximum: USD 208000 Additional compensation / rewards: Ivalua also offers exceptional benefits including medical, dental, vision and transportation. #LI-PDE #LI-HYBRID Create a Job Alert Interested in building your career at Ivalua? Get future opportunities sent straight to your email. Apply for this job
* First Name * Last Name * Email * Phone Resume/CV Enter manually Accepted file types: pdf, doc, docx, txt, rtf Enter manually Accepted file types: pdf, doc, docx, txt, rtf This role will require a Hybrid work schedule of 3 days of the week working in the office - Tuesday and Thursday in the office is required with the 3rd day based on Department preference. Are you able to work this Hybrid work schedule? * Select... What is your expected Base Salary (not including bonus) for this position? A narrow range or single number is greatly appreciated. * Select... Candidates for this position must demonstrate they qualify as a “U.S. Person” as defined under the U.S. export control laws as this position involves access to technology that is subject to U.S. export controls.Can you please confirm whether you fulfill this requirement? * Select... We are interested in profiles who have redteam experience. Do you fulfill this requirement? * Select... Do you have at least 5+ years experience in penetration testing? * Select... Do you have at least 5+ years experience Azure cloud security (EntraID, Key Vault, NSG etc.)? * Select... Do you have at least 5+ years experience in Technical security review (new changes, new tools, new technologies, new configurations, new software installation etc.) * Select... Voluntary Self-Identification
For government reporting purposes, we ask candidates to respond to the below self-identification survey.Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiringprocess or thereafter. Any information that you do provide will be recorded and maintained in aconfidential file. As set forth in Ivalua’s Equal Employment Opportunity policy,we do not discriminate on the basis of any protected group status under any applicable law. If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection.As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measurethe effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categoriesis as follows: A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability. A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service. An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense. An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985. Select... Voluntary Self-Identification of Disability
Form CC-305 Page 1 of 1 OMB Control Number 1250-0005 Expires 04/30/2026 Voluntary Self-Identification of Disability Form CC-305 Page 1 of 1 OMB Control Number 1250-0005 Expires 04/30/2026 Why are you being asked to complete this form?
We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years. Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp . How do you know if you have a disability?
A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability.
Disabilities include, but are not limited to: Alcohol or other substance use disorder (not currently using drugs illegally) Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS Blind or low vision Cancer (past or present) Cardiovascular or heart disease Celiac disease Cerebral palsy Deaf or serious difficulty hearing Diabetes Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders Epilepsy or other seizure disorder Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome Intellectual or developmental disability Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD Missing limbs or partially missing limbs Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS) Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities Partial or complete paralysis (any cause) Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema Short stature (dwarfism) Traumatic brain injury
Disability Status Select... PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.
#J-18808-Ljbffr