About Us

Evernote is looking for a Security Engineer to join our Security Team.  You will be a generalist across the various security functions, with a focus on securing our production infrastructure.  Your role will be a mix of analyst, operations, threat modeling and engineering work and you will report directly to Evernote's Director of Security.

Your teammates will be senior security professionals who are passionate about providing practical security mentorship. Our customers trust us with billions of their notes, projects, and ideas and we are here to protect them.

 Job Responsibilities

• Assist in the specification, design, implementation and documentation of security solutions.
• Perform security analysis utilizing SIEM technologies
• Provide support for Security Operations and Incident Response
• Collaborate with business and technology leaders to ensure the successful remediation of identified security weaknesses
• Assist with Information Security program development, developing procedures that align to security policies, standards, guidelines, etc.
• Automation of repeated tasks using tools and scripts

 Required Skills

• Working knowledge of TCP/IP, the OSI model, DNS, HTTP, VPN, routing & switching, and load balancer technologies for virtual and physical networks
• Solid understanding of common security threats, attack vectors, vulnerabilities, exploits and defense in depth strategies
• DevOps/SecDevOps experience
• Working knowledge of incident, problem, and change management
• Curious, inquisitive, innovative, lifelong learner and self-starter
• Strong documentation and communication skills
• BA/BS preferred with 3+ years of overall information security engineering and technology operations experience

 Preferred Skills

• Proficiency in a Scripting Language (Python, Golang, Bash)
• Experience working with containers and container orchestration (Kubernetes, DC/OS, etc.)
• Industry intermediate-level certification(s) preferred (Examples: CCSP, CISA/CISM, CISSP)
• Knowledge of Cloud Security Controls and Concepts
• Operational experience with security logging, event correlation, and SIEM technologies.
• Understanding of configuration management tools
• Knowledge of forensic practices and chain of custody processes
• Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls

We are committed to an inclusive and diverse Evernote. We believe that different perspectives lead to better ideas, and better ideas allow us to better understand the needs and interests of our diverse, global Evernote Community. We welcome people of different backgrounds, experiences, abilities and perspectives and are an equal opportunity employer.

California privacy notice: Read our privacy policy for job applicants here.