Founded in 1985, SelectQuote provides solutions that help consumers protect their most valuable assets: their families, health and property. The company pioneered the model of providing unbiased comparisons from multiple, highly rated insurance companies allowing consumers to choose the policy and terms that best meet their unique needs. Two foundational pillars underpin SelectQuote’s success: a strong force of highly trained and skilled agents, who provide consultative needs analysis for every consumer, and proprietary technology that sources and routes high-quality leads. The company has three core business lines: SelectQuote Senior, SelectQuote Life and SelectQuote Auto and Home. SelectQuote Senior, the largest and fastest-growing business, serves the needs of a demographic that sees 10,000 people turn 65 each day with a range of Medicare Advantage and Medicare Supplement plans.
The IT Security Engineer will serve as the principle architect and subject matter expert for the SQ IT Security implementation. The candidate researches future technologies and industry trends; gathers functional requirements for cyber security operations, conducts proofs of concept for new capabilities, analyses of alternatives and develops and recommends future enterprise security architecture strategy.
The IT Security Engineer Act as team leader and mentor, setting team objectives in coordination with the Information Security Director and developing and implementing training plans to develop internal capabilities
The IT Security Engineer Career-level (fully competent) experienced professional able to carry out a full range of professional duties. Works independently with guidance on more complex issues. Provides professional know-how to enhance the knowledge and skill base of the organization. Uses advanced analytical, technical and problem solving skills to adapt policies and programs and develops models to support smaller projects. The role focuses on providing analyses and applying results to improve business operations.
- Work with cross-functional teams to define and implement enterprise wide patching processes and measure patching compliance for multiple platforms that ensure a secure environment (data center, cloud, end user and applications).
- Design and implement security solutions for proactive threat hunting and research of potential malicious activity and incidents across multiple platforms using advanced threat network and host-based tools.
- Experience applying threat and data modeling, advanced data correlation, and statistical analysis to develop alerts, notable events, investigative dashboards, and metrics driven reports
- Design and implement processes for data mining across multiple log sources to uncover and investigate anomalous activity, items of interest and produce compliance artifacts.
- Provide security expertise in areas including, but not limited to, System Development Life Cycle (SDLC), scope of work language for partner engagements and security assessment of new hardware/software procurements.
- Deploy and Configure Cloud based tools such as CSPM, CIEM, CWPP, Cloud Data Security products and Infrastructure as Code templates
- Develop operational processes around Cloud Security Tools such as RACI documents and run books for response to cloud alerts.
- Participate in requirement calls with various business teams to understand their processes the scope of internal project initiatives and design and develop complex cyber security solutions for enterprise scale and growth.
- Function as a team lead and mentor, setting team objectives in coordination with the Information Security Director and developing and implementing training plans to develop internal capabilities
- Participate in internal and external audits as well third party SQ security assessments.
- Lead incident response training exercises including tabletop exercises with stakeholders in the broader organization
Training & Experience:
- Experience in Security Incident Response is required
- Experience in Vulnerability Management is required
- Experience in operating vulnerability scanning tools such as Nessus, Qualys, etc. is required.
- Understanding of common vulnerabilities and exploits is required
- Knowledge of the cyber threat landscape including types of adversaries and the motivations that drive them is required.
- Experience with implementing or operating Security Orchestration, Automation and Response (SOAR) technologies is desired
- Experience preparing and/or presenting reports and briefings is required.
- Leadership and ability to communicate situations to all levels including senior management is required
- Must be able to translate technical security concepts into lay terms
- Must be comfortable presenting in front of technical and non-technical audiences
- Ability to effectively work with people in other departments and/or outside of the enterprise
- Operational Technology Cyber risk management experience is strongly desired
- Knowledge of the function and operation of SIEM technologies such as QRadar, Splunk, LogRhythm, etc. is required
- Familiarity with the MITRE ATT&CK framework is desired
- Experience with threat hunting and cyber intelligence is desired
It’s an exciting time to join SelectQuote. We became a publicly traded company in 2020 with the first 100% virtual IPO (non-biotech) in American history. We have also been recognized nationally on the 2021 Top Workplaces USA list and by the Kansas City Business Journal as a 2020 Best Places to Work honoree.
Full-time employees are eligible for medical, dental, vision, voluntary short-term disability, company-paid long term disability, company-paid life insurance and accidental death & dismemberment (AD&D), 401(k) + company match and 100% vesting after 4 years, discretionary profit sharing, employee stock purchase program (espp), paid time off, floating holidays, paid maternity leave, paid parental bonding leave, tuition reimbursement, jury duty pay, work from home stipend, and other paid leaves vary based on work location.