Information Security Engineer
Ovative/group, Minneapolis, MN, United States
About Ovative Group:
Ovative Group is an independent, full-funnel media, measurement, and creative firm. Leveraging our deep industry expertise, we help brands like Best Buy, Domino's, American Eagle, The Home Depot, Post, Disney, Tumi, Michael Kors, Boost Mobile, and UnitedHealth Group transform their media and measurement programs. The result? Profitable growth that speaks for itself.
At Ovative, we don't just track data, we redefine success. How do we do it? Our proprietary MarTech platform, EMRge helps businesses transform marketing into a driver of sustainable growth. Powered by Enterprise Marketing Return (EMR), our differentiated approach to holistic media buying, planning, and measurement, EMRge is the first MarTech platform to measure businesses holistically. We're all about raising the bar every day, and it shows. Our work has been recognized by organizations like Digiday, Google, Inc. 5000, USA Today, and Search Engine Land.
Responsibilities:
Security Operations and Incident Response
Monitor security tooling and alerts across endpoint, cloud, and network environments; triage and escalate as appropriate
Perform log analysis and investigation to identify and scope the impact of security incidents
Support incident response and business continuity plan execution, including tabletop exercises and post-incident reviews
Support managed detection and response (MDR) partner relationships and act on partner recommendations
Participate in root cause analyses for security findings; identify contributing factors and implement permanent fixes
AI Security
Support the growth and innovation driven by gen AI technologies across the business
Participate in testing and reviewing new AI vendors and tools
Research AI security approaches like MCP servers, agent policy/proxy server, etc. and recommend AI security tooling and security design
Provide support and training for security hygiene in using AI tools, agents, frameworks like spec kit, OWASP Gen AI Security, etc.
Threat and Vulnerability Management
Monitor threat info feeds to monitor and understand the current threat landscape and inform the team to act on
Operate and monitor vulnerability scanning tools; track and remediate or document exceptions
Prioritize remediation efforts based on risk scoring and asset criticality
Coordinate with engineering and IT teams to ensure timely patching and hardening of cloud and endpoint systems
Support penetration testing engagements: coordinate logistics, track findings, and drive remediation to closure
Security Tooling & Automation
Administer and tune security tools including SIEM, vulnerability scanners, EDR, and cloud security posture management (CSPM) platforms
Build and maintain automation and scripts (Python, Bash, or similar) to streamline security operations and reduce manual toil
Evaluate and recommend new security tools in partnership with the Head of Information Security
Skills and Qualifications
Two-year or four-year degree in computer science, information security, technology, or related field; or 3+ years of equivalent experience
2+ years of experience in a security operations, site reliability engineering, or other relevant role
Experience with vulnerability management tools and remediation workflows
Working knowledge of GCP and/or Azure security services and configurations
Familiarity with IAM, secrets management, and network security concepts in cloud environments
Proficiency in shell scripting and Python, TypeScript, Go, or similar programming languages
Experience with modern DevSecOps practices and technologies (Github, Jira, Confluence)
Experience operating across cloud-native security and enterprise productivity environments (GCP, Azure, M365)
Strong analytical and problem-solving skills; high attention to detail
Ability to communicate and champion security concepts and practices clearly to developers, data engineers, data scientists, and technical and non-technical engineering leadership
Preferred Qualifications
Security certifications (CCSP, CEH, GSEC, GCIH, etc.)
Experience with IaC tools such as Terraform, Ansible, or Puppet
Hands-on experience with CSPM (Wiz, Lacework, etc.) and SIEM platforms
Experience with containerization technologies (Kubernetes, Docker)
Familiarity with DevSecOps practices and software development lifecycle
Experience securing personal information or other regulated data
Exposure to security administration of BigQuery, Databricks, or similar data platforms
Pay Transparency
At Ovative, we offer a transparent view into three core components of your total compensation package: Base Salary, Annual Bonus, and Benefits. The salary range for this position below is inclusive of an annual bonus. Actual offers are made with consideration for relevant experience and anticipated impact. Additional benefits information is provided below.
For our Sr. Analyst positions, our compensation ranges from $75,000 to $93,000, which is inclusive of a 15% bonus.
Benefits of Working at Ovative Group:
We provide strong, competitive, holistic benefits that understand the importance of your life inside and out of work.
Culture:
Culture matters and we've been recognized as a Top Workplace for ten years running because of it. We demand trust and transparency from each other. We believe in doing the hard and complicated work others put off. We're open in communication and floor plan. We're flat - our interns sit next to VPs, our analysts work closely with senior leaders, and our CEO interacts with every single person daily. Put together, these elements help foster an environment where smart people can support each other in performing to their highest potential.
Ovative is committed to fostering an inclusive environment where everyone can participate and thrive. We do not tolerate discrimination of any kind, including on the basis of race, sexual orientation, gender identity, or gender expression. Our policies reflect this commitment-for example, our medical leave benefits are inclusive of same-sex partners, ensuring equitable care and support for all families.
Compensation and Insurance:
We strive to hire and retain the best talent. Paying fair, competitive compensation, with a large bonus incentive, and phenomenal health insurance is an important part of this mix.
We're rewarded fairly and when the company performs well, we all benefit.
Tangible amenities we enjoy:
Access to all office spaces in MSP, NYC, and CHI
Frequent, paid travel to our Minneapolis headquarters for company events, team events, and in-person collaboration with teams
Generous paid vacation policy
401k match program
Top-notch health insurance options, inclusive of same sex partners
Family formation benefits including reimbursement options for fertility, pregnancy, and parenting needs
Monthly stipend for your mobile phone and data plan
Sabbatical program
Charitable giving via our time and a financial match program
Shenanigan's Day
Working at Ovative won't be easy, but if you like getting your hands dirty, driving results, and being surrounded by the best talent, it'll be the most rewarding job you'll ever have. If you think you can make us better, we want to hear from you!
Ovative Group is an independent, full-funnel media, measurement, and creative firm. Leveraging our deep industry expertise, we help brands like Best Buy, Domino's, American Eagle, The Home Depot, Post, Disney, Tumi, Michael Kors, Boost Mobile, and UnitedHealth Group transform their media and measurement programs. The result? Profitable growth that speaks for itself.
At Ovative, we don't just track data, we redefine success. How do we do it? Our proprietary MarTech platform, EMRge helps businesses transform marketing into a driver of sustainable growth. Powered by Enterprise Marketing Return (EMR), our differentiated approach to holistic media buying, planning, and measurement, EMRge is the first MarTech platform to measure businesses holistically. We're all about raising the bar every day, and it shows. Our work has been recognized by organizations like Digiday, Google, Inc. 5000, USA Today, and Search Engine Land.
Responsibilities:
Security Operations and Incident Response
Monitor security tooling and alerts across endpoint, cloud, and network environments; triage and escalate as appropriate
Perform log analysis and investigation to identify and scope the impact of security incidents
Support incident response and business continuity plan execution, including tabletop exercises and post-incident reviews
Support managed detection and response (MDR) partner relationships and act on partner recommendations
Participate in root cause analyses for security findings; identify contributing factors and implement permanent fixes
AI Security
Support the growth and innovation driven by gen AI technologies across the business
Participate in testing and reviewing new AI vendors and tools
Research AI security approaches like MCP servers, agent policy/proxy server, etc. and recommend AI security tooling and security design
Provide support and training for security hygiene in using AI tools, agents, frameworks like spec kit, OWASP Gen AI Security, etc.
Threat and Vulnerability Management
Monitor threat info feeds to monitor and understand the current threat landscape and inform the team to act on
Operate and monitor vulnerability scanning tools; track and remediate or document exceptions
Prioritize remediation efforts based on risk scoring and asset criticality
Coordinate with engineering and IT teams to ensure timely patching and hardening of cloud and endpoint systems
Support penetration testing engagements: coordinate logistics, track findings, and drive remediation to closure
Security Tooling & Automation
Administer and tune security tools including SIEM, vulnerability scanners, EDR, and cloud security posture management (CSPM) platforms
Build and maintain automation and scripts (Python, Bash, or similar) to streamline security operations and reduce manual toil
Evaluate and recommend new security tools in partnership with the Head of Information Security
Skills and Qualifications
Two-year or four-year degree in computer science, information security, technology, or related field; or 3+ years of equivalent experience
2+ years of experience in a security operations, site reliability engineering, or other relevant role
Experience with vulnerability management tools and remediation workflows
Working knowledge of GCP and/or Azure security services and configurations
Familiarity with IAM, secrets management, and network security concepts in cloud environments
Proficiency in shell scripting and Python, TypeScript, Go, or similar programming languages
Experience with modern DevSecOps practices and technologies (Github, Jira, Confluence)
Experience operating across cloud-native security and enterprise productivity environments (GCP, Azure, M365)
Strong analytical and problem-solving skills; high attention to detail
Ability to communicate and champion security concepts and practices clearly to developers, data engineers, data scientists, and technical and non-technical engineering leadership
Preferred Qualifications
Security certifications (CCSP, CEH, GSEC, GCIH, etc.)
Experience with IaC tools such as Terraform, Ansible, or Puppet
Hands-on experience with CSPM (Wiz, Lacework, etc.) and SIEM platforms
Experience with containerization technologies (Kubernetes, Docker)
Familiarity with DevSecOps practices and software development lifecycle
Experience securing personal information or other regulated data
Exposure to security administration of BigQuery, Databricks, or similar data platforms
Pay Transparency
At Ovative, we offer a transparent view into three core components of your total compensation package: Base Salary, Annual Bonus, and Benefits. The salary range for this position below is inclusive of an annual bonus. Actual offers are made with consideration for relevant experience and anticipated impact. Additional benefits information is provided below.
For our Sr. Analyst positions, our compensation ranges from $75,000 to $93,000, which is inclusive of a 15% bonus.
Benefits of Working at Ovative Group:
We provide strong, competitive, holistic benefits that understand the importance of your life inside and out of work.
Culture:
Culture matters and we've been recognized as a Top Workplace for ten years running because of it. We demand trust and transparency from each other. We believe in doing the hard and complicated work others put off. We're open in communication and floor plan. We're flat - our interns sit next to VPs, our analysts work closely with senior leaders, and our CEO interacts with every single person daily. Put together, these elements help foster an environment where smart people can support each other in performing to their highest potential.
Ovative is committed to fostering an inclusive environment where everyone can participate and thrive. We do not tolerate discrimination of any kind, including on the basis of race, sexual orientation, gender identity, or gender expression. Our policies reflect this commitment-for example, our medical leave benefits are inclusive of same-sex partners, ensuring equitable care and support for all families.
Compensation and Insurance:
We strive to hire and retain the best talent. Paying fair, competitive compensation, with a large bonus incentive, and phenomenal health insurance is an important part of this mix.
We're rewarded fairly and when the company performs well, we all benefit.
Tangible amenities we enjoy:
Access to all office spaces in MSP, NYC, and CHI
Frequent, paid travel to our Minneapolis headquarters for company events, team events, and in-person collaboration with teams
Generous paid vacation policy
401k match program
Top-notch health insurance options, inclusive of same sex partners
Family formation benefits including reimbursement options for fertility, pregnancy, and parenting needs
Monthly stipend for your mobile phone and data plan
Sabbatical program
Charitable giving via our time and a financial match program
Shenanigan's Day
Working at Ovative won't be easy, but if you like getting your hands dirty, driving results, and being surrounded by the best talent, it'll be the most rewarding job you'll ever have. If you think you can make us better, we want to hear from you!