We’re Blue River, a team of innovators driven to radically change agriculture by creating intelligent machinery. We empower our customers – farmers - to implement more sustainable solutions: optimize chemical usage, reimagining routine processes, and improving farming yields year after year. We believe that focusing on the small stuff – pixel-by-pixel and plant-by-plant - leads to big gains. By partnering with John Deere, we are innovating computer vision, machine learning, robotics and product management to solve monumental challenges for our customers.
Our people are at the heart of what we do. Through cross-discipline collaboration, this mission-driven and daring team is eager to define the new frontier of agricultural robotics. We are always asking hard questions, rapidly iterating, and getting our boots in the field to figure it out. We won’t give up until we’ve made a tangible and positive impact on agriculture.
As an Information Security Engineer, you will play a key role in driving Blue River organization-wide security processes such as design, risk management, mitigation planning, compliance with security standards, audits and overall security operations! This role will focus on current security measures, finding opportunities for strengthening infrastructure designs, development practices, guiding teams the best security practices, and testing methods in a cloud SaaS environment. This includes ensuring that all aspects of company cybersecurity enforce to the adopted cybersecurity framework.
Within Blue River, build relationships and collaborate with other engineers across to ensure all security efforts are aligned. Additionally, you will collaborate with Deere Information Security to identify and implement best practices appropriate for Blue River’s operational goals. As well as, have the critical responsibility to identify, document and communicate sophisticated security and technical issues, in a simplified, non-technical way to a broad audience ranging from engineering to senior leaders. The successful candidate will be a specialist in the design, use and measurement of secure practices and security testing tools. The ideal candidate will have a validated background in writing detailed technical specifications for security solutions for on-prem and cloud infrastructure.
- Ensure alignment to all regulatory and security standard methodologies (NIST, CIS20)
- Analyze information security systems and application; as well as design security solutions that implement security consistently across internally developed and cloud-based applications.
- Recommend and develop security measures to protect information against unauthorized modifications or loss
- Act as an authority to interpret the results from vulnerability scans (SecureWorks, Qualys) and work with the SysAdmin to remedy vulnerabilities
- Champion security, privacy and data protection standard methodologies and develop and document application security policies and standards
- Evaluate/apply new and emerging security technologies and solutions
- Supervise and ensure compliance to standards, policies, and procedures by conducting incident response analysis; Supervise and track progress of found vulnerabilities and maintain a historical log
- Perform security reviews and prepare and present reports and metrics to management
- Other security-related projects may be assigned according to skills
- Bachelor’s Degree in Computer Engineering, Computer Science, Information Technology or equivalent experience
- Minimum of 5+ years of work experience in an IT security role with a proven track record in auditing, reviewing and crafting security solutions
- Crafting and building secure systems, networks, and infrastructure
- Defining enterprise, infrastructure, or application security architecture and security standards
- Experience and knowledge of the following security frameworks and standards: NIST CSF, CIS20
- Confirmed experience in security integrations using OAuth, OpenID Connect, SAML, and LDAP
- Strong practical knowledge of concepts such as least privilege, zero trust, encryption, network design, access controls, and incident containment
- Advanced-level knowledge of all layers of the OSI model and concepts that can be used to secure each
- Broad knowledge of network and security tools and vulnerability scanning tools (e.g., Qualys)
- Ability to connect with and work with multi-functional teams employees at all levels of the organization
- Ability to communicate technical concepts to nontechnical users
Additional Desirable Knowledge, Skills and Abilities:
- Knowledge of cloud-based infrastructure (AWS) and how they affect security needs
- Proven knowledge of web applications and a level of familiarity with malicious code and common techniques used by hackers
- Cloud hosted knowledge such as GitHub, Artifactory, Jenkins etc. is a plus
- Proven grasp of computer file systems and architecture
Blue River offers competitive compensation and benefits, including a great 401(K) match. We believe in a work life balance and offer generous Paid Time Off and Sick Leave as well as Paid Parental Leave and an adoption benefit. Subsidized lunches, flexible work hours, CalTrain passes (with mobile Wi-Fi!) and a collaborative and supportive environment also contribute to making Blue River a great place to work.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.