Build the solution that transforms the real estate industry! Want to infuse a $34B sector of the insurance and real estate industry with predictive analytics and a tech-forward customer experience? Yearning for a startup culture within a profitable nationwide company? Join Doma and send an entirely new type of real estate model into the world. About Us
Doma and its family of brands - States Title, North American Title Company (NATC) and North American Title Insurance Company (NATIC) - offer solutions for lenders, real estate professionals, title agents, and homeowners that make closings vastly more simple and efficient, reducing cost and increasing customer satisfaction. Our Values
- Customer Obsessed - We always put our customers first.
- Solution Driven - We solve problems that other people are afraid to.
- People leaders - We grow all of our people into leaders.
- One Team - We believe inclusion and teamwork produce the best results.
- Direct with Respect - We communicate with honesty and respect to our colleagues, customers, and partners.
Reporting to the Director of Information Security & Compliance, the Staff Cybersecurity Engineer will actively participate in the cybersecurity programs strategic design as well as operational execution. Additional facets of participation include control design, implementation, and documentation and working with internal teams and external stakeholders on technical projects, sometimes as the single technical point of contact for one or more cybersecurity projects.
The Staff Cybersecurity Engineer is responsible for performing various hands-on cybersecurity activities including controls analysis and implementation at every layer of the technology architecture (application, database, host, network) and conducting technical application & architecture design reviews and gap assessments to mitigate cyber risk. Additional responsibilities may include participating in cyber event/incident response, selection/implementation of appropriate security solutions, cybersecurity audit remediation follow ups, and other risk analysis activities as needed. The Staff Cybersecurity Engineer promotes an efficient and secure technology environment in alignment with present and future cyber risks. This is a unique opportunity to join a dynamic and growing team with a fantastic organization. In this role you will be exposed to various cutting-edge technologies, including various cloud platforms and the latest cybersecurity technologies to ensure their protection. Are you ready for the challenge? QUALIFICATIONS:
- Bachelor's degree in computer science, information technology, management information systems, or a related study or equivalent experience.
- 8-10+ years Information/Cybersecurity experience with a minimum of 6 years of cybersecurity analyst, engineer, and/or architecture experience.
- Expert-level knowledge of cybersecurity, as well as industry trends.
- Expert-level knowledge and extensive experience working with various cybersecurity aspects of cloud environments including Microsoft Azure, O365, AWS or other similar relevant environments is highly desired.
- Expert-level knowledge and experience working with Microsoft Azure-ATP, Azure Information Protection (AIP), multi-factor authentication, CloudAppSec (MCAS), Defender for Endpoints, EOP-ATP, Sentinel SIEM, is highly desired.
- Strong knowledge and experience working as a cybersecurity engineer working with, securing, and extracting value from various technology systems including AV/EDR, DLP, Email filtering, Firewalls/IPS, MDM, SIEM, Vulnerability management, and Web content filtering systems.
- Expert-level knowledge and extensive experience in developing cybersecurity documentation and standards.
- Extensive experience conducting cyber event and incident analysis and consistently identifying root cause, or leading teams to identify root causes, as part of a CSIRP.
- Having an innate process-orientation and/or extensive experience working within a mature process-oriented culture/environment and being able to translate that skillset, is highly desired.
- Strong knowledge and experience with industry-standard risk/control frameworks: AICPA SOC 1 or 2, CIS Top 20, COSO, NIST, SOX, etc. is a plus.
- Familiarity with SDLC, DevOps, as well secure software development practices and maturity models is a plus.
- Experience evangelizing cybersecurity practices across multiple technical teams.
- Experience in working with geographically distributed and culturally diverse stakeholders.
Event Monitoring & Incident Response:
- Lead the response to incident investigations. Identify the findings and associated mitigation and ensure timely implementation.
- Train and educate company personnel on incident response process, including periodic simulations and tabletop exercises.
Help design, coordinate and oversee the cybersecurity technology stack across relevant tiers (application, endpoint, database, network, etc.)
Other Cybersecurity Operations:
- Help maintain an information cybersecurity phishing awareness program.
- Help with technology-specific litigation hold and eDiscovery services.
LICENSES AND CERTIFICATES:
- Ability to operate autonomously and create new, robust cyber risk analyses and results.
- Ability to communicate effectively regardless of the medium and initiate, lead and organize communications on significant milestones.
- Ability to initiate, lead, and organize communication on significant milestones.
- May independently own the design of specific cybersecurity technology strategies, tactics, and processes and oversee their implementation to achieve established goals.
- Advanced task/time management, process & project management, and business acumen (e.g. negotiation, influence, understand key business drivers etc.).
- Mentorship of team in key cyber risk analysis & project work.
ESSENTIAL JOB FUNCTIONS/DUTIES:
- One or more cybersecurity certifications desired: CISSP, CEH, CHFI, GIAC - GSEC, GCIH, or other relevant certifications a plus.
- Participate in Information Security & Compliance team strategic design as well as day-to-day operational execution.
- Act as the single technical point of contact (sometimes as hands-on SME) for multiple Cybersecurity projects and work in coordination with management/project management to achieve cybersecurity OKRs.
- Act as incident lead to ensure relevant processes are being followed (e.g. CSIRP etc.) and that the incident response team is consistently and accurately identifying root cause of suspicious cyber activity.
- Oversee and participate in cybersecurity operations (event monitoring, incident response, threat & vulnerability management etc.).
- Follow established cybersecurity procedures and recommend improvements and/or develop new policies, processes, or procedures where necessary.
- Develop robust standard operating procedures for the team where gaps are identified.
- Stay abreast of new innovations and trends related to cybersecurity-focused technologies.
- Perform security architecture implementations and reviews as needed.
- Lead the evaluation and analysis of potential new security applications and systems and make recommendations to management.
- Communicate unresolved security exposures, misuse, or non-compliance situations to management.
- Other duties as assigned by supervisor.
We want the work you do here to be the best work of your life. We believe the most valuable investment we can make - and the greatest boost we can give to your career - is to build an outstanding team of colleagues who are passionate about our mission.
We currently offer the following benefits and will continually evolve them with the goal of efficiently attracting, retaining, and leveraging the very highest quality talent.
We believe in Equal Opportunity
- Our passionate, capable team will always be our #1 benefit
- We are proud of the team we have built so far, and we are excited about the team we have yet to add
- Learn something new every day
- Get more done than you would anywhere else
- Competitive salaries
- Top-of-the-line computer equipment
- Multiple Medical, Dental, and Vision Benefits options to allow you to customize to your and your Family's needs
- Paid Time Off
- Health & Dependent Care Flexible Spending Accounts (FSA)
- Short Term & Long Term Disability
- Commuter Flexible Spending Account (i.e. Transit or Parking)
- Supplemental Life and AD&D Insurance
- Auto & Home Insurance Group Life Insurance
- Pet Insurance
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.