Callaway Golf Company is a leader in total performance, premium golf equipment and active lifestyle products while also being a great place to work! We are passionate and push the limits of innovation. We dare to be great while acting with integrity and respect. We stay hungry, yet humble. All while having fun and making golf enjoyable for everyone!
Our company is a blend of experience and diverse backgrounds, and our leaders have a strong history of building and selling successful initiatives. We are working to build a truly groundbreaking company, and we want top-notch people to join us in that mission.
This position is responsible for ensuring that the Company’s technology and data are secure from malicious attacks that may breach or expose the Company’s IT systems, employee information, or intellectual property. This position performs security engineering tasks including detection and analysis of cyber security threats, forensic investigations, network security design, vulnerability scans and remediation, and would assist in managing and carrying our IT security projects and initiatives.
ROLES AND RESPONSIBILITIES
- Understand company business processes and identify vulnerabilities, if any.
- Implement industry-accepted best practices to enhance system/product security.
- Identify and classify company assets and data in terms of compliance, privacy, and competitive IPs.
- Perform security assessments to identify gaps and areas of risks.
- Continuously monitor and analyze security events to identify potential threats and procedures.
- Conduct regular vulnerability scanning, testing, and mitigation.
- Develop scripts, tools, methodologies and best practices to improve offensive capabilities.
- Demonstrate advanced knowledge of operating systems internals and cloud platforms.
- Help maintain and scale intrusion detection and incident response capabilities.
- Participate in incident response activities as an incident responder, a subject matter expert, and/or a liaison to product teams.
- Automate incident response and vulnerability management workflows.
- Assist in building our detection abilities via system monitoring and log analysis.
- Provide domain expertise on protective controls including system, network, encryption, and authentication services.
- Work with the infrastructure and product teams to ensure that they have secure-by-default systems.
- Works with external law enforcement, management, physical security, Human Resources, Legal, and Finance as necessary to provide technical expertise regarding information security events and incidents.
TECHNICAL COMPETENCIES (KNOWLEDGE, SKILLS, ABILITIES)
- In-depth knowledge and expertise in one or more security disciplines with emphasis on Endpoint Protections, Vulnerability Management, Threat Monitoring, Data Loss Prevention, Identity and Access Management.
- Extensive understanding of modern security engineering concepts and security-by-design principles.
- Deep understanding of one or more security frameworks (NIST, MITRE, etc.) and how to incorporate them.
- Able to recommend and/or implement cloud security controls (in AWS, Azure).
- Develop and deploy security integrations, policies, automation, and best practices (using bash, python).
- Knowledge of networking concepts and solutions (firewalls, iptables, syslog, IDS/IPS, WAF).
- Ability to design and build enterprise monitoring capabilities.
- Expert knowledge of Security Information & Event Management systems (SIEMs) such as Splunk, SecureWorks, or Elk Stack.
- Ability to implement and maintain security platforms, IDS/IPS, anti-virus software, log management, authentication systems, content filtering, etc.
- Strong awareness of current cyber security trends and hacking techniques.
EDUCATION AND EXPERIENCE
- Bachelor’s degree in Computer Science or equivalent work experience.
- 3+ years of experience as a security engineer or similar role
- Experience building zero-trust infrastructure
- Experience operating in any Cloud Provider like (AWS, GCP, Azure)
- Experience with IAM-related solutions like Okta, Active Directory, Azure AD
- Experience with network security, especially using technologies such as Cisco
- Experience with red team / penetration test processes & tools (incl. social engineering)
- Experience with vulnerability management processes & tools
- Experience with data loss/leakage prevention processes & tools
- CSSP, CCSP, CISSP, or similar certification required.
- SOX and PCI DSS 3.1 compliance experience a plus.
Callaway Golf is an Equal Opportunity Employer.