Company Summary:
Zoro is an eCommerce company that’s on a mission to help business owners get everything they need to run their businesses and thrive–from office supplies to power tools. But we’re way more than a website. We’re a team of great people with an award-winning culture. Check us out and see for yourself!
Job Summary:
This individual will serve as a key contributor and security expert for Zoro and be part of the team for evaluating, implementing, and managing security tools designed to protect, detect, and monitor the cloud infrastructure and SaaS applications Zoro utilizes. They will also be assessing, recommending, and designing security controls for existing systems and applications operating in our environment.
Duties and Responsibilities:
- Assist in designing and developing cloud security solutions
- Create documentation for security tools and services
- Author, review, and enhance new and existing security policies
- Create and maintain security procedures
- Maintain currency with security industry standards, technology changes, trends, and best practices
- Review and approve security infrastructure change requests
- Work with the SOC for security incident remediation
- Research and design ways to achieve risk reduction
- Participate in security incident response
- Partner with 3rd party security tooling and analysis vendors
- Partner with Zoro's Governance, Risk, and Compliance organization
- Identify gaps against security best practices and work to remediate them
- Partner with engineers remediating security findings
- Participate in week-long security on-call rotations
Core Skills
- Strong background in modern cloud security tooling and processes
- Familiarity with major current security tools vendors
- Understanding of PCI, NIST, and other compliance frameworks
- Deep understanding of symmetric and public key encryption mechanisms
- Strong understanding of core internet protocols (tcp/ip, tls, http, REST interfaces)
- Strong understanding of core internet services (dhcp, dns, email, httpd, sshd, sftp)
- Strong understanding of infrastructure security protocols (DNSSEC, DKIM, SPF, DMARC)
- Understanding of risk mitigation and processes
- Understanding of Data Loss Prevention mechanisms
- Demonstrated high degree of curiosity and ownership
- Strong communication and analysis skills
- Highly collaborative team-oriented style
Minimum Qualifications:
- Experience in securing public hybrid cloud infrastructure
- Strong foundation in AWS and GCP
- Possess expert level proficiency in SIEM systems
- Bachelor’s degree in Information Systems or related degree, or equivalent job experience
Preferred Qualifications:
- Background in software development
- Background in server and platform engineering
- Background in databases, infrastructure and networking
- Working understanding of microservices and MACH architectures
- Working understanding of docker and Kubernetes
Zoro Values and Inclusive Culture:
Zoro is dedicated to fostering an environment where people of all backgrounds and beliefs are represented and valued. We aim to empower all of our employees to learn about, raise awareness of, and promote diversity and inclusion through all of our workplace interactions. Zoro is a place where everyone can learn, grow, and thrive. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status.
We are proud to be an equal opportunity workplace.