[Position-available] Full-time position available: Senior Security Engineer - Waltham, MA

[position-available-mNDKBlG2WHs at public.gmane.org (Help-wanted ads for Linux/UNIX professionals)]

/*Full Disclosure: I work for this company as a Database Administrator,
not a recruiter, however I am paid a referral bonus if someone I refer
is hired. Constant Contact do not publish salary ranges ahead of time.

You can call me at 781.370.8610 if you have more questions.

The link for this posting is

http://www.constantcontact.com/about-constant-contact/careers/sr-security-eng.jsp

and on it there is a button for online application.

 -=Beldon

*/ --=== Posting begins 

Constant Contact, Inc. helps small businesses, associations, and nonprofits
connect with their customers, clients, and members. Launched in 1998,
Constant Contact? champions the needs of small organizations and provides
them with an easy and affordable way to build successful, lasting customer
relationships. Constant Contact's leading email marketing and survey
products?supported by our expert personal coaching and service?help all
types of small businesses and organizations create professional-looking
email newsletters and insightful online surveys, and begin a dialogue with
their customers. Today, more than 300,000 customers worldwide trust
Constant Contact to help them connect with their audience.

Headquartered in Waltham, Mass., with an additional office in Loveland,
Colo., Constant Contact was named Massachusetts Technology Leadership
Council "Company of the Year" in 2008 and is ranked as the 14th fastest
growing company on the Deloitte Technology Fast 50 for New England list.
Constant Contact's Network Systems and Security Engineering team is
responsible for the design, deployment, and management of the network,
systems automation, and information security infrastructures that support
our large production and QA environments. To support our continued growth,
we are seeking an intelligent, motivated, and creative Senior Security
Engineer. This newly created position will report to the Manager of Network
Systems and Security Engineering.

Responsibilities Include 

    * Lead Constant Contact's IT General Controls audit activities,
ensuring compliance with standards such as Sarbanes-Oxley Section 404,
Payment Card Industry Data Security Standards (PCI DSS), and 201 CMR 17.
    * Work with technical and managerial staff to develop
business-appropriate information security policies and procedures, covering
the entire information lifecycle.
    * Lead hands-on audits of system security, using scanning tools such as
Qualys and IDS/IPS tools such as Tipping Point.
    * Respond to security incidents, including identification of the extent
of system compromise, engagement of appropriate parties, and hands-on
forensic investigations as required.
    * Develop internal training programs to assist developers with secure
development guidelines, leveraging external resources such as OWASP.
    * Lead disaster recovery policy development and testing, working across
the business teams to ensure that appropriate procedures are in place.

Requirements

    * Five or more years of experience as a security engineer, including
leadership roles in developing IT security policies and procedures, as well
as hands-on experience auditing complex operation environments.
    * Hands-on experience ensuring compliance with audit standards such as
SOX and PCI. Ability to work with external auditors to ensure compliance.
    * Understanding of web application vulnerabilities, including those
defined by OWASP and WASC. Ability to identify and recommend fixes for web
application security vulnerabilities.
    * Experience with Unix/Linux system hardening strategies, including
understanding of industry standards such as Center for Internet Security
(CIS).
    * Ability to develop strong relationships with internal technical,
legal, and managerial staff to guide evolution of security technologies and
procedures.
    * Understanding of fundamentals of state and federal law as applied to
intellectual property, credit card data, and related issues.
    * Relevant industry certifications such as CISSP or CISA preferred.
    * Familiarity with email security and anti-spam technologies and best
practices preferred, including SPF, SenderID, DKIM, CAN-SPAM, etc.

Apply Now

Constant Contact offers a competitive compensation package that includes
base salary and stock options. Our benefit package is comprehensive and
includes Medical Insurance; Dental Insurance; Vision Insurance; 401(K); 529
College Savings Plan; Flexible Spending Accounts; Paid Vacation/Holidays;
Short Term Disability; Long Term Disability; Tuition Reimbursement;
Adoption Assistance; and, an exciting Stock Option Plan!

If you desire to make a difference, are committed to bringing the highest
quality of service to our customers and are looking for a "once in a
lifetime" opportunity, send us your resume and salary requirements for
consideration.

We are not accepting employment agency referrals for this position.