Information Security Architect at DISCO
DISCO is a legal tech software company. Our objective is to own the legal tech market and become the leader in legal as Salesforce has done in the sales technology space. Given the massive growth of data over the last 20 years, poorly built legal technology products have severely decreased lawyers' ability to practice the law.
Our fundamental mission includes building a unified technology platform for the practice of law, composed of 7+ products released over the next 10 years. Great technology can solve problems of scale in data, in law, and in business operations that have distracted lawyers from doing what they went to law school to do. DISCO is fixing the law by automating the parts of the practice that can be automated so that great lawyers can focus on tasks that really do require human legal judgment.
To date, we have substantially disrupted the legal tech market with a lawyer inspired consumer-grade interface and a cloud-enabled technology platform that offers unprecedented performance and cost savings. Thoughtful product planning and product design are core tenets in our “product first” business strategy and culture.Your Impact
Security is an ever-changing landscape, and we’re looking for individuals who can move just as fast, be flexible, and adapt to change. We are on a mission to protect our customer’s sensitive data by thoughtful automation of traditionally manual efforts so that we can focus on meaningful security improvements and monitoring.What You'll Do
Ensure we are building a secure technology platform by:
- Running the Security Guild and evangelizing Security across all aspects of DISCO Product Delivery
- Establishing and documenting Security Best Practices for our architecture
- Working with leadership to define Security Policies for the Product Delivery organization
- Working with engineering teams to define appropriate Security Procedures
- Integrating with security management systems like JupiterOne and Fossa to monitor security practices across the Product Delivery organization
- Researching information security technologies and standards to stay up to date
- Assessing adherence to security policies and procedures for all systems
Who You Are
- 5+ years experience in the Information Security, Network Security or Cyber Security domains
- Experience working with business owners and 3rd party vendors to implement appropriate security controls
- Experience with Security governance processes, tools, reporting, policy development, and documentation
- Experience writing automation (eg Python scripts) and vulnerability management
- Experience performing code reviews and executing penetration tests
- Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
- Strong communication skills to drive projects across multiple programs, manage stakeholder expectations, and ensure projects are on task
- Experience working in a fast-growing software product organization with design and development teams
- Experience with security architecture frameworks in cloud-based environments (e.g. AWS, Google, Azure, etc)
- Established systems and practices around one or more of the following standards/frameworks: HIPAA HITRUST, NIST 800-53, GDPR, California Privacy (CCPA), Texas Medical and Identity Privacy Acts
- Experience administering and maintaining cloud-based security tools
- Used an Asset Database to govern compliance and security concerns
- Experience protecting controlled unclassified information in non-Federal systems and organizations (e.g. NIST 800-171)
- Security-related certification such as Certified Information Security Manager (CISM)
- Experience with automation evidence collection and documentation publication
Compliance: SOC 2 Type II, ISO 27001/017/018
Cloud Provider - AWS: EC2, Lambda, Aurora, Redshift, DynamoDB, ECS, SQS, SNS, Kinesis, S3, CloudFront, CloudFormation, SageMaker, KMS, CodePipeline, etc.
Visibility: ELK Stack for logging, Datadog, New Relic, Sentry.io, JupiterOne, Fossa
DSL-based Search: multiple large scale Elasticsearch Clusters searched using our Disco Query Language (DQL)
Event Bus: Kafka and Schema Registry
3rd Party Vendors: Redis, Auth0 for Cloud Identity Federation (SSO, SAML, etc.)
AI: MinHash, FastText, Word2Vec, Convolution Neural Nets, Algorithmia (Lambda with GPUs) for training, PyTorch, Recurrent Neural Networks, Latent Dirichlet Allocation for Topic Modeling, etc.
Deployment: Terraform, Docker (via ECS), Consul for: App Config, Service Discovery, Shared Secrets
Transport Mechanisms: Protobuf, Avro, HTTP Rest/JSON
CI/CD: Jenkins, CodePipeline, GitHub, ArtifactoryWhy Join DISCO’s Product Delivery Team
We intend to build a multi-billion dollar business and think you should come along for the ride because:
- We were the first movers to a cloud-based platform that has caused mass disruption within our market.
- Our CEO is a true market visionary. He graduated with a computer science degree at the age of 15 and followed with a JD from Harvard Law School at the age of 19. His unparalleled insights into the fundamental issues in legal and the potential of technology and artificial intelligence to change our market at its core provide the guiding light for DISCO’s long-term strategy.
- We believe that product delivery professionals including product managers, product designers and engineers differ from one another by at least a factor of 10. At DISCO, we only hire the top 1%, pay them well, and with equity, everyone has effectively been getting a raise each and every day. Given our product first mindset, product professionals are very much stars of the show. Our logo, the circle and square, represents the best lawyers and the best product professionals in the world.
- We measure product delivery velocity by dollars of revenue per line of code, vs simply lines of code. This drives a very thoughtful and deliberate product design and development process that ensures we’re going to make money when we ship products. We hire many more product managers and designers per engineer than most companies to ensure that our engineers have a disambiguated product intent when they are building.
- As a rule, we don’t commit to external product delivery dates as we believe that unnecessarily constrains our creativity from both a product and technology point of view.
- At DISCO respect isn’t earned it is assumed. Good humans inherently treat everyone respectfully. This is a very important concept at DISCO.
- Given the high caliber of talent, the cutting-edge cloud-based technology stack, and thoughtful and novel product and design approach, you’ll find yourself learning at a rate you’ve not likely experienced in your career. Given that we only hire professionals that are passionate about their craft, you’ll truly enjoy building a great software product and get in the best “career shape” of your life.
- Over the next 4 years, we’ll be growing our product delivery organization. There will be incredible growth opportunities along the way.
- We use the “2 Pizza Team” organization design where small autonomous teams own a piece of a product or platform and ship software at rates comparable to a very lean and scrappy startup. We achieve consistency across these teams in the areas of design, product-wide use cases and technical concerns through a strategically focused set of overlay functions.
- Finally, while we’re an incredibly fast-growing organization, as a rule, we do not work crazy long hours. We believe in continuous product delivery, continuous product planning and design, continuous regular sleep schedules, continuous regular vacation, and continuous fun if you’re passionate about your craft.
If you want to win while getting better than you’ve ever been, come to DISCO.
DISCO is a recognized leader in legal technology. Founded in 2013, DISCO’s mission is to create great technology to modernize the practice of law. Our solutions apply artificial intelligence and cloud computing to help lawyers and legal teams improve legal outcomes for their clients. Corporate legal departments, law firms, and government agencies around the world use DISCO for ediscovery, case management, compliance, disputes, and investigations.
DISCO recently raised $100 million, for a total of $235 million in venture capital. The company’s valuation is $785 million -- a demonstration of investor confidence in legaltech as a category of enterprise cloud computing, and a validation that DISCO is disrupting the broader cloud computing industry. We are using our investment to enhance our cloud technology platform and AI-powered products and services, and to continue to expand our presence outside of North America.
Are you ready to revolutionize the practice of law? Join us!Perks of DISCO
- Open, inclusive, and fun environment
- Benefits, including medical, dental and vision insurance, as well as 401(k)
- Competitive salary plus stock options
- Flexible PTO
- Opportunity to be a part of a company that is revolutionizing the legal industry
- Growth opportunities throughout the company
We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.