- Ensuring applications, networks, systems and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001 and the RMS Information Security Policy.
- Developing, implementing and monitoring enterprise information security architectures and solutions for on-premise and Azure hosted infrastructure for both corporate and customer environments.
- Analyzing infrastructure, networking, and system design from a security perspective and providing recommendations and approvals for implementation decisions.
- Analyzing network traffic patterns, system logs, SIEM and endpoint security tools for unusual or suspicious activity.
- Defining, implementing, and executing incident response playbooks in conjunction with the Security Operations Center.
- Working closely with the Security Operations Center to develop new data feeds and services for continuous monitoring and detection capabilities, including the writing of data parsers, installation of data connectors and log collectors, and tuning and aggregating multiple security alerting sources.
- Developing scripting and automation to increase operational productivity and effectiveness.
- Reviewing firewall policy rules and performing security risk assessments and approvals for network and system configuration changes.
- Assisting in the development and automation of threat management, vulnerability management, and incident management processes.
- Working closely with cross-functional teams to embed security, logging, auditing, and support for all corporate and cloud operations.
- Performing assessments of security tools, vendors, and solutions to support information security roadmap initiatives.
- Design, implement, and deploy data protection solutions to align with GDPR, FedRAMP, NIST, CIS Benchmarks, as well as organizational Information Security policies, especially for cloud-hosted data environments.
- Ensure applications, networks, systems, and cloud services are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001, C5 and organizational Information Security Policies.
- Minimum 7+ years of experience in Information Security with an emphasis on network and system security
- At least one security-related certification, such as CISSP, GIAC, CompTIA Security+, required. CISSP strongly preferred.
- Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment
- Experience in DevOps/DevSecOps environments and maintaining security in CI/CD processes highly desired
- Solid understanding of Microsoft Azure architecture and services
- Detailed understanding of Microsoft Office 365 application security, especially related to email and One Drive
- Deep understanding of VPN, PKI, IPAM and MFA technologies required
- Demonstrated proficiency in system hardening techniques for Microsoft Windows, Linux, and Mac OSX
- Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2
- Hands-on technical proficiency with IDS/IPS and SIEM tools. IBM QRadar, Splunk, and Graylog expertise highly preferred.
- In-Depth knowledge of TCP/IP addressing and standards including network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN and DMZ management
- Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.
- Experience in creating detailed solution design documents & diagrams
- Demonstrated experience in investigating security issues related to the Internet, server, desktop, laptop, tablet and other mobile device security issues; OS patching, hardening and anti-virus
- Demonstrated ability to facilitate automation and integration through scripting in PowerShell, Python, Perl, etc., highly preferred.
There's a 5% chance that a hurricane will cause $60 billion of insured losses next year and a 1% chance an earthquake will cause $50 billion of insured loss in the next 12 months. At RMS, we build the simulation models that allow insurers and investors to understand portfolio risks due to catastrophes: natural catastrophes (hurricane, earthquake, flood), terrorism, pandemic, and changes in life expectancy.
We are one of the most exciting companies you've probably 'never' heard of, unless you're one of our hundreds of clients in the (re)insurance, banking or hedge fund sector. We lead an industry we helped pioneer and ultimately our work makes a true impact on the world at large. How we understand and manage risk affects everybody and our passion is nothing less than creating a more resilient world through a better understanding of catastrophic events.
We are evolving our vision by delivering future solutions in the cloud, our cutting-edge risk management platform 'RMS(one)' for the global risk market. RMS(one) will create a holistic and integrated view across the enterprise with one platform for all models, all points of view, and all data. All will be run as equal partners on RMS(one).
RMS has 1,200 employees in 11 countries, including offices in Newark (CA-USA), Noida (India), London (UK), Hoboken (NJ-USA), and Zurich (Switzerland).
To find out more, visit or follow us on Facebook, LinkedIn or @rmsjobs on Twitter.
RMS is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity without regard to race, color, creed, gender, religion, marital status, registered domestic partner status, age, national origin or ancestry, physical or mental disability, genetic characteristics, sexual orientation, or any other classification protected by applicable local, state, or federal law.
RMS is enrolled in E-Verify® and will be participating in E-Verify in addition to our Form I-9 process. .
To all recruitment agencies: RMS does not accept unsolicited agency resumes and will not responsible for the payment of placement fees related to unsolicited resumes submitted to open positions, job aliases, or to our employees.