Sr. Security Engineer

2U partners with leading colleges and universities to deliver the world’s best online degree programs. Our Platform, a fusion services and technology, enables schools to attract, enroll, educate, support and graduate students around the world. Our company culture is united by our No Back Row® philosophy; the idea that when we each lean in and do our part, we are better individually and collectively.

As 2U continues to grow and partner with premier universities, application security has become a significant focus for the Technology group.

* Design, test, and deploy various security solutions for 2U’s internal and external systems * Implement effective methods in anomaly-based attack detection/prevention and attack surface reduction * Automate the static code analysis (SCA) process to detect security vulnerabilities before code is deployed * Hack into test environments during red-team exercises * Strike a balance between building things and breaking things * Provide consultation on information security designs to various departments at 2U * Promote secure coding practices within the software development teams * Work on improvement of existing tools and development of new tools * Automate security log analysis as much as possible * Analyze, escalate and remediate security incidents, identify false positives, correlate suspicious activity, etc. * Analyze regular vulnerability assessment / patching reports and escalate based on risk

* You are adept at using scripting languages to automate tasks (Python preferred) * When you hear the term “firewall” you don’t think of a wall engulfed in flames * You understand modern web application architecture and how to secure it (OWASP) * Have a solid understanding of networking protocols and operations engineering (specifically Linux) * You are interested in the unending list of newly released vulnerabilities, attacks and security research * Willing to learn by tinkering (and let’s be honest, you know how to Google like a pro) * ELK, Powershell, Microsoft Network components (Active Directory, DNS etc.) * Familiarity with the following security domains: Incident Management/Forensics (Windows Desktop Servers and Linux Ubuntu; Vulnerability Management (Qualys, Amazon Web-Services integrations); Application Security:Web-app security scanners (Burp Suite), Auditing code for vulnerabilities; Compliance (PCI) * Knowledge of security standards, principles, techniques and technologies (OWASP, ISO27001, NIST etc.) * SANS certifications and participation in Bug Bounty programs are a huge plus * You’ve binge-watched Mr. Robot at least once