Senior Cyber Security and Compliance Engineer, Data Management

Requisition #
Work From Home (Virtual)


Founded in 1951, Iron Mountain Incorporated (NYSE: IRM) is the global leader in storage and information management services. Iron Mountain is committed to storing, managing and transforming what our customers value most, from paper records to data to priceless works of art and culture. Providing a full suite of solutions – records and information management, data management, digital solutions, data centers and secure destruction – Iron Mountain enables organizations to lower storage costs, comply with regulations, recover from disaster, and protect their data and assets from a complex world. Visit the company website at for more information.


Iron Mountain is an equal opportunity employer, and does not unlawfully discriminate on the basis of race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, U.S. Military or veteran status or other legally protected classifications in making employment decisions.


Iron Mountain Data Management organization is seeking experienced technologists to join our team dedicated to building Cloud-scale data services focused on providing Infrastructure data services to Iron mountain public Cloud at a service provider grade. The ideal candidate will be familiar with distributed systems security, network architecture, infrastructure management systems as well as security and key compliance frameworks.


Iron Mountain has an immediate opening for Senior Cyber Security and Compliance Engineer. In this role you will be responsible for building and engineering the Cloud security infrastructure including maintaining multi-vendor security and compliance, auto detection and monitoring services, supporting Iron Mountain Public Data Cloud


About the position

As Senior Cyber Security and Compliance Engineer the successful candidate will be a key member of the Data Management Office of the CTO group. This is a hands-on role - candidates should be ready to design, build, and maintain secure systems. They should also be comfortable in the role of an internal security consultant, communicating thoughtfully with the rest of the team about security design concerns and trade-offs. The position will include a mix of high-level security architecture design and engineering, day-to-day operational security tasks, and building and maintaining security infrastructure. The ideal candidate should be results driven; be detail oriented, and possess superior problem solving and consultative skills. The individual should have the ability to work in a diverse team environment and be able to prioritize projects and/or deliverables.


Principal duties and responsibilities

  • Primary role: Certified security professional. Secondary role: solid understanding of Governance, Risk and Compliance (GRC) methodology. Both will be demonstrated by a combination of work experience, training and certification programs.
  • Hands-on experience in Firewall management.
  • Strong foundation in data protection and encryption technology.
  • Work experience in Cloud Multi-Tenancy environment.
  • Understanding in compliance audit and controls such as PCI, HIPA, SOX, FedRAMP, FISMA, ISO7200
  • Research, design, engineer, monitor and support the implementation of information security solutions for the organization.
  • Identify security deficiencies or gaps and design cost-effective solutions to mitigate them.
  • Document security standards, solutions, data flows, procedures, and other technical information as directed.
  • Contribute to automation and facilitation of security solutions and services combined.
  • Provides expert technical advice to technical staff within the appropriate technical discipline.
  • Availability to work on-call and non-standard hours when necessary.
  • Provide management level updates as required.
  • Mentor other members of the technical staff.
  • Good understanding in Cross platform Virtualization and Cloud technologies
  • Service Automation, Orchestration engines – nice to have




  • Experience with security technologies and services including network firewalls (vendors like Check Point, Palo Alto, Cisco, Juniper, Dell), web application firewalls (Imperva, F5, Akamai), proxy solutions, load balancers, intrusion detection and prevention (IDS/IPS), packet capture and analysis, mobile security, network access control, PKI, Anti-Virus/Anti-Malware, SIEM, to name but a few.
  • Strong experience with enterprise networks, routing, and switching.
  • Detailed knowledge of transport (TCP/UDP) and application layer (HTTP, FTP, etc.) protocols.
  • Experience with securing Web and Mobile Applications, Application Security best practices, Secure SDLC, software security designs, OWASP and SANS.
  • Some knowledge of Software Defined Networking would be advantageous. Specifically how SDN can be leveraged to automate the delivery of security services.
  • Familiar with DevOps, and product development/release methodologies like Agile, Lean, Scrum
  • Experience with scripting languages such as; Perl, Python, PHP, Bash, or PowerShell.
  • Experience leveraging security technology APIs to programmatically automate manual tasks (combined with a strong desire to automate).
  • Cloud service provider experience - preferable
  • Strong hands on experience and successful implementation and management large enterprise security technology.
  • Strong hands on experience with Cloud base infrastructure.
  • Strong interpersonal, written, and oral communication skills
  • Able to conduct research into data center infrastructure issues and products as required
  • Highly self-motivated and directed, with keen attention to detail, and proven analytical and problem-solving abilities
  • Able to effectively prioritize tasks when under pressure
  • Experience working in a team-oriented, collaborative environment


Education Required:


    • Minimum Bachelor’s degree in a technology field, or equivalent experience required.


Experience Required:


  • Minimum of 7 years of experience in Cloud and enterprise class security environments.

Professional Qualification:

  • CCSP, GIAC, CISA, and/or CISSP certification preferred.


Compliance Obligations:


It is the responsibility of every Iron Mountain employee:

  • to comply with all applicable laws, rules, regulations, and company policies
  • to exhibit ethical behavior in accordance with our Code of Ethics and Business Conduct 
  • to complete required training within the allotted time frame