Senior Offensive Security Engineer – Infrastructure & Cloud (Senior Security Engineer) - Ivalua : Job Details

Senior Security Engineer role at Ivalua. You will engineer, implement, review and monitor technical security controls to protect and enhance the security of our hosting and corporate infrastructure, networks and applications. You will also help with operational security aspects including security reviews on infrastructure changes, reviewing firewall rules, analyzing results from vulnerability or penetration testing, investigating security events by analyzing logs and forming actionable plans.

Location: New York City, NY. Company overview: Ivalua is a global provider of cloud-based procurement solutions focused on digital transformation to improve supply chain sustainability, resilience, and supplier collaboration.

• Perform technical security design, architecture, change and/or configuration audits/reviews on hosting and corporate infrastructure systems including Azure cloud environments, servers, network devices, endpoints, and security technologies deployed (CNAPP, MDM, WAF, DDoS, etc.).
• Act as the main point of contact for network and cloud vulnerability management activities, including scanning, internal/third-party penetration testing, red teaming, and analysis and retesting of findings.
• Collaborate with the SOC team to enhance detection and response capabilities.
• Support security initiatives for securing Azure environments (EntraID Conditional Access, CSPM, Infrastructure as Code, NSG rules review, etc.).
• Provide support to the GRC team on technical security controls related to compliance initiatives (e.g., FedRAMP, PCI, NIST 800-53 r5, IRAP, SANS CIS 20) and respond to technical security questions from customers and prospects.
• Act as SME on infrastructure and cloud security topics; expand and share knowledge and collaborate with internal teams to review and improve IT and security operational processes.

• 5+ years of hands-on experience in infrastructure and network security engineering/architecture; familiarity with CNAPP, CSPM, MDM, IAM, DDoS.
• 5+ years of hands-on experience in network and/or cloud penetration testing.
• Bachelor's degree in a related field preferred or equivalent experience.
• Experience with scripting (e.g., Python, PowerShell).
• Knowledge of Active Directory concepts, protocols, services, tiering, key attacks, and hardening best practices.
• Cryptography concepts, encryption algorithms, keys and certificates management.
• Hands-on experience with Azure cloud services and security tools (EntraID, Key Vault, Azure Sentinel, NSG, Azure Firewall, etc.).
• Experience with security incident response and investigation.
• Ability to foster collaborative relationships with technology and other stakeholders.
• Experience with security standards and compliance programs (OWASP, NIST, FedRAMP, PCI, SANS CIS 20).
• Information security qualification or progress toward certifications (e.g., OSCP, eJPT, AZ-500, GIAC GPEN or similar).
• Ability to handle multiple tasks, prioritize and meet deadlines.

• Ability to handle multiple tasks, prioritize and meet deadlines.
• Ability to foster collaborative, open working relationships with technology and other stakeholders.

If your application fits this position's needs, the Talent team will reach out to schedule an initial screening call. Our recruitment process includes personalized interviews with internal stakeholders relevant to the role and may include virtual or on-site interviews.

• Hybrid working model (3 days in the office per week).
• Dynamic, international team focused on product innovation and technology.
• Competitive compensation with comprehensive benefits.
• Training and career development opportunities.
• Inclusive, diverse workplace with strong values and respect for pay equity.