Drive for and enable proactive identification, analysis, and remediation of security vulnerabilities in our software codebases and cloud infrastructure systems
Respond to manage our pen testing and bug bounty programs
Focus on selecting, integrating, and operating apps and tools that multiply individual efforts by automating preventative strategies, to help drive down manual, reactive tasks
Work in partnership with Software Architecture, Risk/Compliance, the SRE team, and other partners, to integrate security capabilities into the software development lifecycle (SDLC).
Participate in security reviews, threat modeling, and security improvement workshops
Promote awareness of, and adherence to, secure coding best practices and standards
Influence the strategy and implementation of security solutions, advocating for DevSecOps principles and identifying effective and efficient security guardrails
Prioritize secure, scalable, observable code and infrastructure with a bias towards continuous improvement
Design, develop, integrate, and maintain our core security tooling (e.g. SAST/DAST, SCA, etc.), driving adoption and iteration to provide clear value to engineering teams
Maintain great communication with engineers and colleagues to help bridge the gap between compliance requirements and security solution implementation and iteration
Participate in the team’s on-call rotation as needed, acting as the primary security subject matter expert for high-severity or escalated security incidents
Partner with the IT team to provide security consultation and technical expertise with ad hoc projects and requests
Act as the primary technical subject matter expert for the cybersecurity remediation project, working in lockstep with the SRE Manager and SRE team to implement solutions and track progress toward successful, timely completion.

Requirements

At least 3 to 5 years of full-time experience in a security engineering or similar role in a group/team environment
Familiarity with common web application and network security concepts, threats, and vulnerabilities (e.g., OWASP Top 10)
Experience with security best practices across different technology stacks (e.g., server-side, client-side, mobile)
Proven ability to design and implement secure architectures in a cloud-native environment, including experience conducting threat modeling and security design reviews
Embracing the Agile and feature-driven development processes

Benefits

Generous Paid Time Off (Accrual rate of 15 days for the first year and then 20 vacation days per year beginning on your 1 year anniversary)
Medical Coverage
Dental Coverage
Vision Coverage
short and long term disability
life insurance all free of charge
Competitive Compensation
401k Matching
Professional Development
Top of the Line Equipment
Referral Program
Parental Leave
Family-Friendly Culture
chance to work side-by-side with thought leaders in emerging tech

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security engineeringvulnerability analysissecure codingthreat modelingDevSecOpsSASTDASTSCAcloud-native architectureAgile development

Soft Skills

communicationcollaborationproblem-solvinginfluenceawareness promotioncontinuous improvementconsultationteamworkadaptabilityleadership