< Back to All Jobs

Lead Information Security Engineer

Location: Denver, CO or Remote

This person reports to: CTO

 

Who We Are: 

Aspenware empowers mountain resorts and ski areas to deliver the ideal digital guest experience. Our guest-facing ecommerce and registration software is the most capable in the industry and is used by millions of skiers worldwide to process hundreds of millions of dollars in annual sales. The resorts we work with trust the innovation and thought leadership that Aspenware provides, and they leverage the operational advantages of our platform to grow their businesses.

We are a talented and high-performing team and welcome the opportunity to learn from one another. 

Aspenware makes hiring decisions based on how well candidates align with our Core Values. Aspenware employees are… 

Dependable: We take ownership. We are accountable and adaptable. We have a can-do attitude and are willing to pivot. 

Innovative: We are thought leaders who bring creativity and a desire for innovation to everything we do. We are continually improving ourselves and our surroundings. 

Talented: We are smart and good at what we do. We are focused, confident, and we get stuff done using a combination of our abilities and resourcefulness. 

Caring: We care about our co-workers and our clients. We are mindful of and inspired by the impact our work has on our communities. 

 

What You Will Do: 

The Lead Information Security Engineer will be responsible for the security of Aspenware’s operational enterprise and will partner with engineering teams to improve the security of our products and cloud environments. You will manage Aspenware’s security operations, IT vendor relationships, and efforts to mitigate existing and emerging cybersecurity threats. You will assess, prioritize, and remediate security risks to improve Aspenware’s overall cybersecurity posture.  

This is a key role at Aspenware and reports directly to the Chief Technology Officer. You will work closely with the CTO, other engineering leaders, and business stakeholders to represent the security needs of our platform. 

You Should: 

  • Take ownership of the security of the Aspenware enterprise  
  • Partner with engineering teams to help ensure the security of our products, cloud infrastructure, and technical platform  
  • Understand key security attack vectors and protect Aspenware from malicious actors who wish to abuse our platforms. 
  • Effectively identify and contain security incidents, communicating both suspected and confirmed incidents to business leaders 
  • Perform in-depth investigations when the suspicion of a threat emerges.  
  • Ensure compliance and meet disclosure obligations 
  • Develop mitigation and remediation plans to address critical risks 
  • Identify opportunities to improve existing security processes, policies, and tooling 
  • Help cultivate and foster a culture of security across the entire organization by driving awareness and promoting a cohesive narrative around security 
  • Develop and document network security reference architectures, design patterns, roadmaps, and other architectural artifacts aligned with policies, standards and industry best practices 
  • Work closely with our DevOps team to manage cloud security in Azure: 
  • Evaluate Azure cloud and hybrid security services, tools, and appliances in the areas of (but not limited to): intrusion detection, intrusion prevention, packet capture, and quarantine 
  • Assess network/cloud security posture and recommend modifications for enhancements, improvements, and mitigations 
  • Collaborate with enterprise partners and incident response teams regarding requirements and deployment of security services, tools, and appliances 
  • Manage security vendor relationships with respect to security requirements and technical support 
  • Work internally and with external vendors to provide oversight for computers, devices, and networks in a remote work environment 

 

Who You Are: 

You are passionate about cybersecurity and have a track record in improving the security posture of software engineering organizations. You take pride in staying on top of and ahead of information security techniques, standards, and trends. You are a lifelong learner who is constantly educating and challenging yourself to stay ahead of the cybersecurity curve. 

 

You Ideally Have: 

  • 4+ years of experience in a cybersecurity role within a software development organization 
  • 8+ years in technical roles – as a software engineer, information security analyst or similar  
  • Masters or bachelor’s degree in Information Systems with a focus in cyber security or equivalent experience or certifications  
  • Experience with NIST CSF, ISO27001, PCI, or similar standards/certifications 
  • Ownership over a past organization’s pursuit of security certifications 
  • Experience with OWASP or similar standards. Familiarity with DevSecOps 
  • Experience with security management for SaaS software organizations 
  • Direct experience with cloud security  
  • Hands-on experience establishing and configuring security controls for Microsoft Azure and Microsoft 365 components 
  • Understanding of DDOS and other infrastructure threats at the edge 
  • Strong understanding of security as it relates to CDN, API management, and load balancing technologies 
  • Strong understanding of Azure monitoring capabilities 

 

What’s In It for You: 

  • 4 weeks of PTO to start and increases with seniority 
  • 8 paid holidays 
  • 6 days of sick time 
  • Paid parental leave for both primary and secondary parents 
  • Medical, dental, and vision insurance 
  • Life insurance 
  • 401k plan with a 5% match 
  • Annual all-company ski day 
  • Seasonal Ski Pass – Ikon Pass 
  • National Park Pass for the entirety of your employment 
  • Annual Wellness Stipend 
  • Flexible work environment – work from home or the office! 

 

Salary: the salary range for this position is $130,000.00 – $150,000.00 

In accordance with the Colorado Equal Pay for Equal Work Act, the approximate salary range is listed above. The actual offer will be determined by various factors including experience, skills, and internal equity among our team. 

 

Aspenware provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training 

Apply for this Job

Please fill out the following details and attach a resume.
Fields marked with a (*) are required.
  • Hidden





  • Accepted file types: pdf, Max. file size: 6 MB.

    Please upload your resume in pdf form (max 6M upload size)
  • Help us reduce spam by verifying that you're not a bot.


Back to All Jobs