Senior Security Engineer
Who You Are
- You have a high degree of personal integrity and reliability, consistently delivering results with a professional attitude.
- You have at least 3 years professional experience working in Information Security, and at least 2 years experience in software development, actively working in Linux, and using cloud technologies.
- You understand application security and can explain the OWASP Top 10. You are knowledgeable in the fundamentals of how to use encryption to protect data.
- You are familiar with build and release automation and dependency management.
- You bring a deep understanding of Networking, DNS, and how the Internet works in general.
- You're comfortable with deploying centralized monitoring solutions.
- You have excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
- Experience handling sensitive health information and understanding of compliance (such as HIPAA) are highly desirable.
- Security certifications such as OSCP, CISSP, CCSP, or GIAC are preferred.
What You'll Do
- You will develop and maintain code and infrastructure to facilitate auditing resources and applications deployed in Amazon Web Services (AWS) and Google Cloud Platform (GCP), as well as other services.
- You will assess security on existing applications and infrastructures to identify, communicate, prioritize, and reduce risks.
- You will handle security events by correlating threat intelligence with security systems and controls.
- You will reduce time-to-detect and time-to-remediate by driving the automation of security event management, vulnerability assessment and intelligence correlation.
- You will provide domain expertise regarding external security events which may impact applications, networks and user environments
- You will maintain and iterate security intelligence strategy to improve threat detection and response. You will play an active role on the Incident Response Team, which includes an on-call component.
- You will strive to make security a value proposition for our users and support customer security requirements and objectives throughout the product portfolio.
- You will define security policies across multiple environments, according to business risk and security threat assessments
- You will be a resource for strategic and tactical security guidance for key engineering projects while driving the incorporation of new security products into existing systems
- You will maturely assess and communicate severity of security issues that our team encounters, understanding that prioritization of fixes can take time and have opportunity cost associated with the work.
Who We Are
- We have an open environment where engineers are given a lot of responsibility and the freedom to make a huge impact.
- We have lots of intelligent people to work with and learn from.
- We work on large scale challenges with a variety of technologies and believe in an ever‐ growing diversity of technology platforms.
- We'll provide you with food, food, and more food.
- We believe in giving prizes, bonuses, and recognition for doing what you enjoy. We have a phenomenal open vacation policy.
- We provide cell phone and fitness reimbursements (plus free parking downtown).
- We use the newest service offerings of public cloud providers, as well as important open source technologies such as Docker and Kubernetes.