Business Runs on IT. IT Runs on BMC Software.
Business runs better when IT runs at its best. That's why more than 20,000 IT organizations – from the Global 100 to the smallest businesses – in over 120 countries rely on BMC Software (NASDAQ: BMC) to manage their business services and applications across distributed, mainframe, virtual and cloud environments. With the leading Business Service Management platform, Cloud Management, and the industry’s broadest choice of IT management solutions, BMC helps customers cut costs, reduce risk and achieve business objectives.
We are seeking an Information Systems Security professional to join our SaaS team, to help build and secure BMC’s cloud platform and security frameworks.
About the SaaS Team
The BMC SaaS Team is a critical group that is responsible for the design, architecture, configuration, security and availability of our SaaS product portfolio. We work closely with our product teams, architects, and customers to provide the highest levels of availability, security, and quality. Being nice is a requirement as you will be working on a high-speed and collaborative team.
About the Job
- Assist with the development and continued improvement of the Information Security program.
- Implement, build, and maintain security solutions to mitigate the risks of BMC’s SaaS business .
- Coordinate compliance requirements for third party attestations, such as SSAE 16, FedRAMP, CSA, ISO 27001, HIPAA, PCI DSS, and others as needed.
- Drive remediation efforts in response to internal/external audits and third party assessments.
- Establish and maintain security best practices including security incident management, vulnerability management, and other associated processes.
- Lead Computer Security Incident Response Team (CSIRT) to respond to various security incidents.
- Conduct and participate in information security risk assessments.
- Work with product architecture teams and make recommendations on SaaS Security.
- Work closely with datacenter partners to ensure our systems meet BMC SaaS Security requirements.
- Recommend, review, and approve processes, standards, and changes.
- Maintain existing security controls and frameworks.
- 3+ years as a senior information security engineer in a SaaS organization/product
- Ability to deliver results quickly and efficiently with iterative approaches
- Experience implementing security controls according to frameworks that meet regulatory compliance and industry certifications (FedRAMP, ISO 27001, SSAE 16 SOC 1 & 2, PCI DSS, FDA 21 CFR Part 11, HIPAA, etc.)
- Have a CISSP certification that is current and verifiable
- Effective communication skills and ability to speak directly with external customers as needed
- Experience creating policies, standards, and procedural documentation
- Knowledge of security tools like QRadar, McAfee, Retina and Whitehat security technologies a plus
- Experience with securing Java applications running in Apache Tomcat
If you know about the following it’s a plus
- BMC Products including Remedy, BPPM (Patrol), Bladelogic, End User Experience Manager (Coradiant)
- Experience with highly regulated industries like pharmaceuticals and finance
- Knowledgeable of networking concepts including firewalls, VPNs, load balancers, IDS/IPS, VLANs
- ITIL Practices & Agile methodologies
- Experience with foreign data privacy laws in EMEA, APAC, and Australia
BMC Software, is an Affirmative Action/Equal Opportunity Employer. M/F/D/V encouraged to apply.