Tech Risk Security Operations Engineer I

We are Allvue Systems, the leading provider of software solutions for the Private Capital and Credit markets. Whether a client wants an end-to-end technology suite, or independently focused modules, Allvue helps eliminate the boundaries between systems, information, and people. We’re looking for ambitious, smart, and creative individuals to join our team and help our clients achieve their goals. Working at Allvue Systems means working with pioneers in the fintech industry. Our efforts are powered by innovative thinking and a desire to build adaptable financial software solutions that help our clients achieve even more. With our common goals of growth and innovation, whether you’re collaborating on a cutting-edge project or connecting over shared interests at an office happy hour, the passion is contagious. We want all of our team members to be open, accessible, curious and always learning. As a team, we take initiative, own outcomes, and have passion for what we do. With these pillars at the center of what we do, we strive for continuous improvement, excellent partnership and exceptional results. Come be a part of the team that’s revolutionizing the alternative investment industry. Define your own future with Allvue Systems!

Incident Response

• Monitoring of security events in the SIEM and other security feeds, taking appropriate action based on the company security policy
• Identify incidents and lead investigations, reporting, documentation, and resolution
• Creation of reports, dashboards, and metrics for security operations based on detected incidents/events
  
  

AppSec

• Perform security code reviews and threat modeling
• Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security
• Participate in and support application design/security reviews, threat modeling, including code review and security testing (including APIs)
• Developing and maintaining documentation of application security controls
• Support and consult with development and engineering teams in the areas of application security
• Create Security guidance/documentation for development/engineering teams
  
  

BS in Computer Science, Software Engineering, Cybersecurity, or an equivalent technical degree

• 2+ years’ experience working in information security
• Strong knowledge of information security principles, standards, and best practices
• Demonstrated problem-solving, analytical skills, and technical troubleshooting skills
• Strong written, oral, and interpersonal communication skills
• Ability to effectively prioritize and execute tasks
• Experience with security tools such as SIEM, EDR, Anti-virus, IPS, etc.
• Experience performing threat modeling and secure code reviews on applications and systems
• Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10
• Familiarity with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i.e. DevSecOps)
• Knowledge of standard approaches and tools for performing static application security testing (SAST), dynamic application security testing (DAST), and software component analysis (SCA) is a must
• Programming/development experience using C#, .NET is a plus
• Application penetration testing experience with BurpSuite, Zap, etc. is a big plus