M+E Technology Job Board

Sr. InfoSec Engineer

  • Full Time
  • Emeryville, CA
  • Applications have closed

Gracenote

Gracenote is an entertainment data and technology provider powering the world’s top music services, automakers, cable and satellite operators, and consumer electronics companies. Do to the growing complexity in software and systems it has become increasingly difficult to reason about the security of a System. At Gracenote we have created the Performance, Scalability and Reliability group to try and figure out how to make our software better. By causing our systems to break in a controlled environment, we hope to be able to better engineer our systems to be both more secure, and also scalable and more resilient to failure.

Why we need you:

We have a lot of talented engineers who know all about data, but do not necessarily understand the security implications of what they do. What we need are engineers who are passionate about security and understand how an attacker thinks. In addition to hands on development on security tools, the InfoSec Engineer will also serve as an advocate for good security processes, and help shepherd others in the organization through all facets of the security world.

These tasks include Security Audits, Zero Days and Incident Response. An ideal candidate for this role is passionate about InfoSec and excited to share what they know. This position demands an extensive knowledge of risk management, information security and computing technologies.

Furthermore, the Engineer must keep abreast of regulatory/legal changes, and evolving industry practices to help Gracenote be more secure in an ever changing environment.

Ideal Attributes:

A minimum of 6 years of Information Security experience.
A strong development background.
Ability to apply information security policies, standards, and guidelines to the systems development life cycle.
Demonstrated understanding of methods and models within information security to include risk analysis and mitigation, policies, regulatory environment, technologies, architecture and best-practices.
Strong grasp of threats to networks, operating systems and applications and the ability to demonstrate the tools used to compromise systems.
Demonstrated ability to work in a highly collaborative manner with the Network, System, Database, and Application Development groups to understand their objectives and propose security solutions that ensures that these objective are met in a secure manner that aligns with the company’s security policies and standards.