Senior Security Engineer

Per Executive Order 14042, new or prospective Comscore, Inc. employees in the United States, must provide proof of complete vaccination, or approved exemption on the first day of their employment.

The senior security engineer plays a strategic role in defining and implementing the organization's security strategy, architecture, and practices. The senior security engineer will collaborate with a diverse set of stakeholders, including Application Engineering, DevOps, Infrastructure Engineering, Security, Compliance, Privacy and Data Governance. The senior security engineer will be required to effectively translate business objectives and risk management strategies into specific security solutions enabled by security technologies and services.

Roles and Responsibilities

The senior security engineer will be responsible for the following activities and functions:

• Research, evaluate, recommend, and implement security solutions, standards, and best practices to protect Comscores business from potential threats.
• Conduct security risk assessments of cloud and internal systems, applications, and IT infrastructure as part of the overall risk management practice of the organization.
• Conduct vulnerability assessments and other security reviews of systems, and prioritize remediation based on the risk profile of the asset.
• Review and assess security and infrastructure logs for indicators of compromise (IOCs) or other anomalous behavior within networks, applications, or users.
• Conduct code reviews to determine security flaws or other issues that would impact the confidentiality, integrity, or availability of systems.
• Coordinate with DevOps teams to educate on and advocate for secure coding practices.
• Support the testing, validation, and improvements of internal security controls.
• Assist with penetration testing and other "red" team exercises.
• Develop recommendations and standard to protect cloud environments. Conduct periodic audits.
• Establish incident response playbooks and procedures.
• Monitor security vulnerability information from vendors and third parties.

Qualifications/Experience

• Bachelor's degree in security, software engineering, information systems, or equivalent work experience.
• Minimum of five years IT security, DevOps, and network security experience.
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
• Knowledge of security-related solutions, such as Next-Generation Firewall, Endpoint Detection and Response (EDR), Intrusion Detection/Prevention (IDS/IPS), Security Incident and Event Management (SIEM), Web Application Firewall (WAF), Denial of Service (DOS), Data Loss Prevention (DLP), Cloud Security Access Broker (CASB), Data Encryption, Application Security Testing (DAST, SAST, OSA), Identity and Access Management (IAM).
• Proficiency in AWS architecture and CLI. At least two years of experience working with Amazon Web Services.
• Proficiency working with Windows Active Directory infrastructure and policy management.
• Proficiency in scripting languages (Power Shell, Python, Perl).
• Proficiency in API integration or development.
• Experience in pentesting and application security testing.
• Knowledge of network infrastructure, including application delivery controllers, load balancers, routers, switches, firewalls, and associated network concepts and protocols.
• Experience with common information security management frameworks, such as ISO 27001/2 and National Institute of Standards and Technology (NIST) frameworks.
• Experience with Dev Sec Ops practices.
• Strong written and verbal communication skills.
• Strong analytical and problem-solving skills
• Continuous improvement mindset.
• Strong team-oriented interpersonal skills.
• Strong customer/client focus, with the ability to manage expectations, provide a superior customer/client experience and build long-term relationships.
• Ability to work independently with minimal supervision.

CISSP certification preferred.

About Comscore

At Comscore, were pioneering the future of cross-platform media measurement, arming organizations with the insights they need to make decisions with confidence. Central to this aim are our people who work together to simplify the complex on behalf of our clients & partners. Though our roles and skills are varied, were united by our commitment to five underlying values: Integrity, Velocity, Accountability, Teamwork, and Servant Leadership. If youre motivated by big challenges and interested in helping some of the largest and most important media properties and brands navigate the future of media, wed love to hear from you.

Comscore (NASDAQ: SCOR) is a trusted partner for planning, transacting and evaluating media across platforms. With a data footprint that combines digital, linear TV, over-the-top and theatrical viewership intelligence with advanced audience insights, Comscore allows media buyers and sellers to quantify their multiscreen behavior and make business decisions with confidence. A proven leader in measuring digital and set-top box audiences and advertising at scale, Comscore is the industrys emerging, third-party source for reliable and comprehensive cross-platform measurement. To learn more about Comscore, please visit

EEO Statement: We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, disability status, sexual orientation, gender identity, age, protected veteran status or any other characteristic protected by law.

To comply with federal law, Comscore participates in E-Verify. Successful candidates must pass the E-Verify process after hire.