At Nextiva, we create connected communication tools that help businesses stay in touch with their customers and teams. Over 100,000 companies rely on Nextiva for phone service and customer management tools. We’re not your parent’s phone company.

Founded in 2008, Nextiva took on the trillion-dollar telecom industry and succeeded in changing the game by making technology more accessible and affordable for everyone. Companies solve their toughest challenges using our VoIP innovations and signature Amazing Service®.

Today, Nextiva is the fastest-growing, privately held provider of cloud communications. We don’t study industry trends; we create them. Business leaders look to Nextiva to equip their teams in the office and while working from home. Nextiva is not just a tech company — we’re the backbone of the economy.

By joining our global team, you’re saying yes to an opportunity to be part of a tech company with massive growth potential and exciting opportunities ahead. 

We’re actively looking for amazing people like you to join our team!

The Information Security Engineer is responsible for implementation, operation, monitoring and administration of a variety of tools and processes to protect company information in accordance with the Information Security Program and related policies. The engineer conducts Incident Response and investigates and assesses threats and responds to enterprise security events and incidents. The engineer performs vulnerability assessments and supports mitigation efforts across the organization, supports penetration testing, and supports internal and external audit.

Key Responsibilities:

• Establish and maintain strong working relationships with the departments involved with information security (Operations, Development, IT, Legal, Human Resources, and others)
• Participate in the development of Information Security Program policies, processes, procedures, standards, guidelines, and the training of staff.
• Recommend and implement improvements to the effectiveness of the Information Security Program.
• Provide direction to employees according to established policies and management guidelines for system, application and network security.
• Operate, manage, monitor and improve technical security controls across the enterprise, including AV, IDS, vulnerability scanning, WAF, code scanning, web proxies, encryption and audit log monitoring.
• Perform periodic internal security reviews and risk assessments; support internal and external information security audits.
• Manage vulnerability assessment and testing tools to identify security vulnerabilities and weaknesses and ensure consistency and compliance with established standards and security policies.
• Implement custom WAF rules and policies in security tools to mitigate threats and reduce risk. Review reports for anomalies. Take appropriate action to address alerts and report findings.
• Respond to security incidents, conduct root cause analysis of incidents, recommend corrective actions and ensure corrective action completion.
• Document information security monitoring, scanning and testing procedures.
• Keep up to date with the security field, including emerging vulnerabilities.
• Perform other duties to support the technical and operational security of the organization as required.

Qualifications:
Includes required, preferred and percentage of travel, if applicable

• Bachelor’s degree in an IT related field or equivalent experience and 1-3 years of experience in working in IT security, IT systems or network engineering, software development, QA, or a related role.
• Desired certifications – one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+.
• Some amount of coding/scripting and API experience - Python/Java/Powershell/Bash etc. And (2) some penetration testing experience
• Working knowledge of, and experience in, desktop and server environments, including Mac, Windows, and Linux operating systems.
• Experience with IT technologies related to security, including Active Directory Group Policies, LDAP, SSO, SSL, encryption and hashing algorithms, and key management practices.
• Flexibility to work off-hours to support global project teams and maintenance windows.
• Ability to support 24x7 on-call for incident response on a rotating basis.
• Other desired experience:
  • Familiarity with GDPR, CCPA, HIPAA or PCI privacy and security requirements and ISO 27001, SOC 2, NIST or CIS 20 frameworks.
  • General knowledge of security implications of threats and vulnerabilities related to networks, servers, operating systems, applications, and databases.
  • Experience conducting security assessments, technology reviews and application requirements analysis from a security design perspective.
  • Experience using SIEM and log management tools.

Competencies:

• Strong analytical problem-solving skills and attention to detail.
• Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans, organizes, schedules and executes on tasks and projects in an efficient and productive manner.
• Ability to form productive relationships across the organization to accomplish information security objectives.
• Ability and willingness to learn all aspects of the information security field.
• Professional verbal and written communication skills in English.
• Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat.
• Able to assess, document, and prioritize identified security flaws and vulnerabilities based on risk.

Typical Office Environment: Requires extensive sitting with periodic standing and walking. May be required to lift up to 35 pounds unassisted. May be required to lift over 35 pounds using assistive device and/or team lift. Requires significant use of personal computer, phone and general office equipment. Needs adequate visual acuity, ability to grasp and handle objects. Needs ability to communicate effectively through reading, writing, and speaking in person or on telephone.

So, why Nextiva? 

Nextiva is a trailblazer in the Voice over IP (VoIP) and Unified Communications as a Service (UCaaS) industries. We’re outpacing our competitors, and it’s an exciting time to join our team. If you’re looking to join a fast-paced tech company with massive potential, Nextiva is the place for you. Our 1,000+ team members worldwide embrace our promise of Amazing Service. We’re passionate about upholding our energetic culture of forward-thinking, caring, and simplicity. Nextiva seeks diverse individuals who share our values and vision to help take us to the next level. Nextiva provides an impressive benefits package and has a resilient company culture. Glassdoor named us one of the Best Places to Work in 2020 nationwide. Employees rate Nextiva a 4.9/5 on Comparably, and we’ve earned many more accolades along the way. 

Help us redefine the future of business communications. Apply today!

Nextiva is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Nextiva participates in the E-Verify Program where and as required by law. For additional information about E-Verify visit USCIS. 

#LI-TN1

#LI-Remote