Tech Risk Security Operations Engineer I

Incident Response Monitoring of security events in the SIEM and other security feeds, taking appropriate action based on the company security policy Identify incidents and lead investigations, reporting, documentation, and resolution Creation of reports, dashboards, and metrics for security operations based on detected incidents/events AppSec Perform security code reviews and threat modeling Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security Participate in and support application design/security reviews, threat modeling, including code review and security testing (including APIs) Developing and maintaining documentation of application security controls Support and consult with development and engineering teams in the areas of application security Create Security guidance/documentation for development/engineering teams BS in Computer Science, Software Engineering, Cybersecurity, or an equivalent technical degree 2+ years experience working in information security Strong knowledge of information security principles, standards, and best practices Demonstrated problem-solving, analytical skills, and technical troubleshooting skills Strong written, oral, and interpersonal communication skills Ability to effectively prioritize and execute tasks Experience with security tools such as SIEM, EDR, Anti-virus, IPS, etc

Experience performing threat modeling and secure code reviews on applications and systems Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10 Familiarity with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i

e

DevSecOps) Knowledge of standard approaches and tools for performing static application security testing (SAST), dynamic application security testing (DAST), and software component analysis (SCA) is a must Programming/development experience using C#,

NET is a plus Application penetration testing experience with BurpSuite, Zap, etc

is a big plus We are Allvue Systems, the leading provider of software solutions for the Private Capital and Credit markets

Whether a client wants an end-to-end technology suite, or independently focused modules, Allvue helps eliminate the boundaries between systems, information, and people

We re looking for ambitious, smart, and creative individuals to join our team and help our clients achieve their goals

Working at Allvue Systems means working with pioneers in the fintech industry

Our efforts are powered by innovative thinking and a desire to build adaptable financial software solutions that help our clients achieve even more

With our common goals of growth and innovation, whether you re collaborating on a cutting-edge project or connecting over shared interests at an office happy hour, the passion is contagious

We want all of our team members to be open, accessible, curious and always learning

As a team, we take initiative, own outcomes, and have passion for what we do

With these pillars at the center of what we do, we strive for continuous improvement, excellent partnership and exceptional results

Come be a part of the team that s revolutionizing the alternative investment industry

Define your own future with Allvue Systems! Incident Response Monitoring of security events in the SIEM and other security feeds, taking appropriate action based on the company security policy Identify incidents and lead investigations, reporting, documentation, and resolution Creation of reports, dashboards, and metrics for security operations based on detected incidents/events AppSec Perform security code reviews and threat modeling Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security Participate in and support application design/security reviews, threat modeling, including code review and security testing (including APIs) Developing and maintaining documentation of application security controls Support and consult with development and engineering teams in the areas of application security Create Security guidance/documentation for development/engineering teams BS in Computer Science, Software Engineering, Cybersecurity, or an equivalent technical degree 2+ years experience working in information security Strong knowledge of information security principles, standards, and best practices Demonstrated problem-solving, analytical skills, and technical troubleshooting skills Strong written, oral, and interpersonal communication skills Ability to effectively prioritize and execute tasks Experience with security tools such as SIEM, EDR, Anti-virus, IPS, etc

Experience performing threat modeling and secure code reviews on applications and systems Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10 Familiarity with continuous integration and continuous deployment (CI/CD) pipelines as well as how security fits into the delivery process (i

e

DevSecOps) Knowledge of standard approaches and tools for performing static application security testing (SAST), dynamic application security testing (DAST), and software component analysis (SCA) is a must Programming/development experience using C#,

NET is a plus Application penetration testing experience with BurpSuite, Zap, etc

is a big plus