Senior Cyber Security Engineer

Are you ready to build the future of our company?

About Mercury Financial

Mercury Financial is an innovative and growing financial services company with locations in both Austin, TX and Wilmington, DE. Our mission is to help customers build and maintain their financial future by offering them credit cards they can afford and understand. After only a few years, we've had great success building a significant credit card program, but we are aiming higher, which means we have lots of challenging problems for you to help us solve. Come onboard, work with some of the most talented individuals who thrive on collaboration and teamwork; and help us continue to build something special.

Location

Mercury Financial is headquartered in the progressive and entrepreneurial tech hub of Austin, Texas. Our physical location is situated in a beautiful park like setting called the Domain. The Domain's ideal location and exceptional amenities, amazing restaurant selection and convenient parking, are all perfect for after work happy hours!

What it's like to work here:

We foster a collaborative and innovative culture where you will be empowered to do your best work. All of our employees bring everything they have to their job and are part of a larger team working towards a greater goal. We do right by our employees, our partners, and our customers.

What a day is like:

• Monitor and support alerts from PagerDuty, Splunk, Imperva, PhishER, hCaptcha, JupiterOne and infrastructure running on AWS

• Identify, contain and resolve cyber security incidents

• Identify security flaws and vulnerabilities

• Develop response procedures for security incidents

• Produce detailed incident reports

• Participate in daily stand-up meetings

• Lead research processes and functional IT teams or projects to solve complex issues

• Support information security audits with technical evidence

• Drive tickets in Jira through different phases until reaching closure

• Solve complex problems, taking a broad perspective to identify innovative solutions

• Contribute to departmental business planning and solution design

• Communicate difficult concepts and negotiates with others to conclude on goal-centric points of view

• Interpret challenges and recommend best practices to improve processes

• Provide resolution support to wide array of issues that are complex in scope

• Use expert-level cyber security knowledge base to complete tasks

You're perfect for this role if you have:

• 8+ years' experience working with systems deployed on AWS

• 6+ years' technical experience in Incident Management for AWS Cloud solutions

• 2+ years' experience with network security, intrusion detection and response, security incident management (SIEM)

• 2+ years' experience using Splunk for Incident Management and processes supported by Identity Management, Phishing handling, On-Call systems, End point Detection and response, AWS cloud security tools

• Proven experience in:

• Incident Management (2+ years)

• Risk Management techniques (2+ years)

• Vulnerability Management

• Web Application Firewalls

• SOAR playbooks and workflows

• Experience as a subject matter expert or stakeholder

• Previously supported information security audits in any of the following frameworks or regulations: PCI DSS, NIST, ISO 27001

• Experience analyzing threats of cloud and application components (such as, findings from Security Assessments)

• Intrinsic understanding of software development life cycles

• Excellent oral and written communication skills

• Knowledge of current and emerging security technologies, threats, and techniques for exploiting security vulnerabilities in the code or application

• The ability to work independently, and on a team, requesting guidance in complex situations, when needed

• Capacity to lead functional teams or projects to solve complex problems and deliver solutions

Preferred Qualifications:

• Familiarity with Java (including npm and Maven), Docker & Kubernetes

• Familiarity with some of the following:

• SAST (Static Application Security Testing)

• DAST (Dynamic Application Security Testing)

• SCA (Software Composition Analysis)

• SBOM (Software Bill of Materials)

• Image Scanning

• IaC (Infrastructure as Code)

• Threat Modeling

• PenTesting (Web App, Mobile, External)

• CSA (Cloud Security Assessment)

Academic Background:

• Not required, but typically holds BsC or MsC college/university degree in Information Security, Cybersecurity, Computer Science or Software Engineering

• Holds at least one of the following Information Security certifications: CCSP, C|EH, OSCP, GCIH, CISSP, CISA, CISM

• Ideally, holds AWS Certified Security certification or an akin certification

Why you'll like working here:

This isn't a place where you will fill a seat and keep your head down. This is a place where everybody is expected to help build something. This is a place where you can be involved and lead in your areas of expertise. So, how much do you believe in yourself? If you believe in your skills, in your drive and determination, we'll give you the resources and room to show the world what you can do. Here are just a few of the benefits we offer:

• Employer insurance coverage for employee & dependents

• Life insurance

• 401K with generous employer match

• Wellness program

• Monthly Company Events

• Hybrid Work Model

Mercury Financial is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.