Lead Security Engineer

About Gartner IT:   

Join a world-class team of skilled engineers who build creative digital solutions to support our colleagues and clients.  We make a broad organizational impact by delivering cutting-edge technology solutions that power Gartner.  Gartner IT values its culture of nonstop innovation, an outcome-driven approach to success, and the notion that great ideas can come from anyone on the team.  

About the Role:  

The Lead Security Engineer will be responsible for supporting Gartner’s AppSec function. This individual will play an integral role in, executing daily vulnerability Assessments functions; working closely with Information Security partners, and technology stakeholders to identify risks/vulnerabilities and collaborate with key stakeholders on remediation, developing and tracking risk/vulnerability remediation and prioritize effort across our various business units, partnering to implement security tools, technologies and controls with an appropriate balance of security, business, and user experience, while providing education and training; and engineer automation solutions and/or security tool integrations to assist with day-to-day AppSec responsibilities.  

What you’ll do:   

• Collaborate with business stakeholders to design secure applications, test applications for security weakness, and partner on remediation of identified issues.  

• Mentor engineers and security champions on practical threat modeling techniques 

• Triage and prioritize security risks, vulnerabilities, and exceptions in alignment with business impact and risk tolerance. 

• Coordinate the orchestration, automation, and management of security technologies and platforms.  

• Own day-to-day life cycle management, including identification, threat assessment, threat modeling and risk avoidance. 

• Create reasonable and actionable reports showing direct impact to the security posture.  

• Define and implement meaningful metrics to measure the effectiveness of security controls through KRIs and security scorecards.  

• Serve as a subject-matter-expert for Application Security; act as a first point of contact for critical issues, security risk assessments and triaging CI/CD issues with Partners and stakeholders. 

• Evaluate business and technical requirements to identify and implement tools, processes, and technologies to improve our security posture in our environments.  

• Use data to drive prioritization, highlight systemic issues, and influence roadmap decisions 

What you’ll need:  

Ideal candidates will have 6-8 years of experience in a Security Engineering role with proven experience in DevSecOps, Cloud Security, and Application Security. Candidates should have strong independent critical thinking, problem-solving skills, and the ability to consistently evaluate and pivot based on the current organizational priorities. 

Must Have:  

• Experience using vulnerability scanning technologies, AST platforms, and cloud security tooling.  

• Formal experience with threat modeling.  

• Experience leading projects, initiatives, and resources through direct and indirect leadership.  

• Deep knowledge of Assessing and prioritization of Risk with an ability to think like a bad actor and use that context to conduct threat models.  

• Cloud experience (AWS, Azure, GCP) 

• Infrastructure as Code (IaC) and Policy as Code (PaC) Concepts.  

Nice to Have:  

• Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001/27013, NIST 800-53.  

• Ability to automate tasks and code solutions to repetitive problems. 

• Scripting or programming experience (Java, .NET, HTML, Ruby, PHP, Perl, C#, Python, JavaScript, PowerShell, Bash)   

• Experience with penetration testing and web application assessment.  

Who you are:  

• Proven communication, collaboration, and critical thinking skills.  

• Ability to build trusting, meaningful relationships with peers, stakeholders, partners and suppliers.  

• Ability to define and communicate risk in a business-relevant language to both non-technical and technical audiences.  

• Ability to apply expert knowledge to solve complex business/technical issues strategically.  

• Desire for life-long learning and continuous personal/professional development

Don’t meet every single requirement? We encourage you to apply anyway. You might just be the right candidate for this, or other roles! 

What you will get:

• Competitive compensation.

• Limitless growth and learning opportunities.

• Ongoing mentorship and apprenticeship; Leadership courses, development programs, technical courses, certification opportunities and more!

• A collaborative and positive culture - join a diverse team of professionals that are as smart and driven as you.

• A chance to make an impact – your work will contribute directly to our strategy.

• Enjoy the flexibility of working from home and the energy of collaborating with peers in our dynamic offices.

• 20+ PTO days plus holidays and floating holidays in your first year.

• Extensive medical, dental insurance and vision plan.

• 401K with corporate match, immediate vesting.

• Health-and-wellness-related allowance programs.

• Parental leave.

• Tuition reimbursement.

• Employee Stock Purchase Plan.

• Employee Assistance Program.

• Gartner Gives Charity Match.
  And much more!

​#LI-RG2

#LI-Hybrid

#LI-Technology