CLEAR helps create safer, easier experiences everywhere you go. We believe you are you and by using your biometrics – your eyes, face, and fingerprints – we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet. CLEAR is currently available in 50+ airports, venues and more. Now with Health Pass, CLEAR securely connects a person’s digital identity to multiple layers of COVID-related insights to help reduce public health risk and restore peace of mind.
We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List for the third year in a row and winner of the SXSW Interactive Innovation Award, CLEAR is providing innovative technology options for businesses and our 5+ million members to help create a safer environment no matter where you go.
We’re looking for an outstanding and passionate Principal Security Engineer. Successful candidates will be strong software developers and architects with an eye toward security and the ability to become evangelists and leaders.In this role, your primary focus will be ensuring and maintaining our high standards of security, specifically with regards to member data.
CLEAR is a fast and nimble company, so the ideal candidate will be able to leverage automation and data analysis to embed continuous security practices into our development and operational workflows. This role is hands on and technical while requiring a heads-up nature to identify gaps and drive the creative application of state-of-the-art security practices and controls
What You Will Do:
- Partner with the company’s Software Engineering, DevOps, and IT teams.
- Perform security risk assessments, threat modeling, security testing, and code review
- Automate security testing, code tools and pipelines, and create secure libraries and code launchpads to be used throughout the company
- Work side by side with and educate developers on security best practices.
- Lead internal and external penetration tests and code security audits
- Triage issues with internal stakeholders for remediation.
- Establish security standards and specifications to balance the needs of a more secure product offering with the needs of the business.
- Help develop and enable a secure by default culture
Who You Are:
- 7+ years of experience in software development with interest or experience in security/secure coding
- Ability to architect and design software applications
- Has excellent interpersonal communication skills and can take very technical issues and make them understandable to all audiences.
- Personal passion for security and cutting edge security concepts.
- Experience coding web applications and web services.
- Proficient in reading many different programming languages.
- Able to evaluate, deploy, and manage software tools and build strong vendor relationships.
- Experience with a public cloud based provider (AWS Azure, or GCP)
- Knowledge of containers (e.g Kubernetes, Docker, ECS).
- Experience integrating with continuous integration tools and pipelines
- Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details to business leaders.
- Experience leading teams or projects or have functioned as a software development lead
- Understanding of and/or experience with OWASP Top 10
- Previous experience on a Security team, coordinating responses to security incidents and/or writing and presenting application security assessment reports.
- Background in application security including knowledge of internet security issues and threat landscape
- Experience with mobile platform-specific security, privacy, and permission concepts for iOS & Android mobile platforms. (Intricate understanding of WebViews, TouchID API, Frida, Radare, etc.).
- Knowledge of TCP/IP, HTTP, RESTful APIs and experience supporting service-oriented, asynchronous, and distributed application architectures.
- Familiarity with one or more industry standards and regulations such as PCI, HIPAA, NIST 800-53, FedRAMP and ISO27001.
- Participates in CTFs or actively contributes to the security community through exploitation development.