Security Engineer I
full-time • Remote
security engineer
cloud security
devsecops
grc
At Cision, we believe in empowering every individual to make an impact. Here, your voice is heard, your ideas are valued, and your unique perspective fuels our collective success. As part of our global team, you'll thrive in an environment that champions curiosity, collaboration, and innovation, all while making meaningful contributions to the brands we accelerate.
Join us in shaping the future of communication and building authentic connections that matter. Whether you're solving complex problems or driving bold innovations, your growth is our success, and together, we’ll create the conversations of tomorrow.
Empower your impact at Cision. Be seen, be understood, be you.
This role strengthens and optimizes the organization's security capabilities by reviewing existing tools, applications, and processes to identify gaps. It establishes and maintains cloud security architecture best practices, focusing on cloud platforms and integrates new and existing security platforms. The role collaborates with R&D teams to maintain a secure architecture and analyzes security events for anomalous activity. It contributes to the organization's security posture and ensures a secure environment. The individual works on issues requiring the analysis of relevant factors and exercises considerable judgment within defined procedures to determine appropriate action.
This individual will work across multiple departments to design, implement, and manage security solutions that protect both internal and third party (vendor) systems and customer data. You will play a critical role in ensuring that security practices are aligned with compliance requirements while driving technical solutions for secure systems and data protection across the entire organization.
What You'll Do
What You'll Bring
What We Offer
Responsibilities
• Security Engineering & Architecture: Must have expertise in designing, implementing, and maintaining security architectures across cloud, third-party, and on-premises environments, including evaluating and integrating emerging security technologies.
• DevSecOps: Should possess deep knowledge of embedding security within CI/CD pipelines, establishing security standards, and conducting secure code reviews with development teams.
• Cryptography: Must understand encryption technologies for securing data at rest and in transit, with experience managing cryptographic keys and ensuring compliance with industry standards.
• Identity & Authentication: Requires knowledge of designing and managing secure identity solutions, including Single Sign-On (SSO), Identity Providers (IdPs), and federation protocols such as SAML, OAuth, and OpenID Connect. Familiarity with Okta and Keycloak preferred.
• Secure Coding: Should be proficient in secure coding practices, training teams, and developing standards to prevent vulnerabilities like injection flaws, XSS, and authentication issues.
• Governance, Risk, & Compliance (GRC): Must have a strong grasp of GRC frameworks (e.g., NIST, SOC2, ISO 27001, Cyber Essentials etc) and experience in aligning technical controls with regulatory and audit requirements.
• Threat Management: Requires expertise in performing risk assessments, threat modeling, vulnerability assessments, and mitigation planning to address security risks.
• Incident Response & Monitoring: Should have knowledge of incident response strategies, SOC collaboration, and implementing continuous monitoring tools to ensure compliance and security standards.
• Collaboration & Leadership: Must demonstrate the ability to work with cross-functional teams, mentor junior engineers, and act as a subject matter expert in security technologies, tools, and frameworks.
• Security Engineering & Architecture: Must have expertise in designing, implementing, and maintaining security architectures across cloud, third-party, and on-premises environments, including evaluating and integrating emerging security technologies.
• DevSecOps: Should possess deep knowledge of embedding security within CI/CD pipelines, establishing security standards, and conducting secure code reviews with development teams.
• Cryptography: Must understand encryption technologies for securing data at rest and in transit, with experience managing cryptographic keys and ensuring compliance with industry standards.
• Identity & Authentication: Requires knowledge of designing and managing secure identity solutions, including Single Sign-On (SSO), Identity Providers (IdPs), and federation protocols such as SAML, OAuth, and OpenID Connect. Familiarity with Okta and Keycloak preferred.
• Secure Coding: Should be proficient in secure coding practices, training teams, and developing standards to prevent vulnerabilities like injection flaws, XSS, and authentication issues.
• Governance, Risk, & Compliance (GRC): Must have a strong grasp of GRC frameworks (e.g., NIST, SOC2, ISO 27001, Cyber Essentials etc) and experience in aligning technical controls with regulatory and audit requirements.
• Threat Management: Requires expertise in performing risk assessments, threat modeling, vulnerability assessments, and mitigation planning to address security risks.
• Incident Response & Monitoring: Should have knowledge of incident response strategies, SOC collaboration, and implementing continuous monitoring tools to ensure compliance and security standards.
• Collaboration & Leadership: Must demonstrate the ability to work with cross-functional teams, mentor junior engineers, and act as a subject matter expert in security technologies, tools, and frameworks.
Requirements
• Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (GDPR, HIPAA, PCI-DSS).
• Hands-on experience with security tools such as IDS/IPS, SIEM, vulnerability scanners, and penetration testing platforms.
• Experience with cloud platforms (AWS, Azure, GCP, OCI or Alibaba) and securing cloud-native applications.
• Proficiency in programming languages (e.g., Python, Java, C++) and automation tools (e.g., Terraform, Ansible).
• Strong knowledge of networking protocols, firewalls, VPNs, proxies, and security monitoring tools.
• 5+ years of relevant experience in security engineering and GRC-focused security solutions development.
• Extensive hands-on experience in DevSecOps, integrating security in CI/CD pipelines, and supporting development teams in secure coding practices.
• Proven expertise in cryptography, including encryption, key management, and digital signatures.
• Strong background
• Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (GDPR, HIPAA, PCI-DSS).
• Hands-on experience with security tools such as IDS/IPS, SIEM, vulnerability scanners, and penetration testing platforms.
• Experience with cloud platforms (AWS, Azure, GCP, OCI or Alibaba) and securing cloud-native applications.
• Proficiency in programming languages (e.g., Python, Java, C++) and automation tools (e.g., Terraform, Ansible).
• Strong knowledge of networking protocols, firewalls, VPNs, proxies, and security monitoring tools.
• 5+ years of relevant experience in security engineering and GRC-focused security solutions development.
• Extensive hands-on experience in DevSecOps, integrating security in CI/CD pipelines, and supporting development teams in secure coding practices.
• Proven expertise in cryptography, including encryption, key management, and digital signatures.
• Strong background