Security Engineer

Summary

Join Writer's dynamic team as a Security Engineer, enhancing our information security and privacy posture. Collaborate with engineering and operations teams on security reviews, threat modeling, and other critical security activities. This role demands a deep understanding of information security principles and strong technical skills. You will report to the Head of Information Security & Compliance and work closely with various teams. Locations include London, New York, Austin, Chicago, San Francisco, and remote options. The position requires significant experience in information security, security architecture, and threat modeling.

Requirements

• At least 5 years of relevant industry experience in information security, with a focus on security architecture and threat modeling
• Proven experience in performing security reviews, threat modeling, and risk assessments; strong understanding of information security principles, including confidentiality, integrity, and availability
• Experience with security tools and technologies, including vulnerability scanners, intrusion detection systems, and security information and event management (SIEM) systems
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams
• Strong problem-solving and analytical skills, with the ability to identify and mitigate complex security risks
• Ability to work in a fast-paced environment, managing multiple priorities and meeting deadlines

Responsibilities

• Design and implement robust security architectures that align with industry standards and best practices; ensure that security controls are integrated into the design and implementation of new systems and applications
• Provide technical guidance and recommendations to engineering and operations teams to enhance the security of our infrastructure; help ensure security is integrated into the secure software development lifecycle (SSLDC)
• Conduct comprehensive security reviews of software applications and systems to identify potential vulnerabilities and security gaps
• Build and maintain threat models for new and existing applications, ensuring that all potential attack vectors are identified and mitigated
• Develop and maintain security automation scripts and tools, such as SAST/DAST, to detect and respond to threats; automate security monitoring and alerting using Splunk, ELK, or Chronicle; develop security-as-code practices using Terraform, Ansible, or Kubernetes security policies
• Harden and secure AWS/Azure/GCP, endpoint, and IAM environments and enforce cloud security best practices
• Perform offensive activities and proactively hunt for vulnerabilities
• Participate in the incident response process, providing technical expertise to manage and resolve security incidents; contribute to the development and maintenance of incident response plans, ensuring that they are up-to-date and effective

Preferred Qualifications

• CISSP, CISA, or CISM certification is strongly recommended, but not required
• ISO 27001/27701/42001, SOC-2, PCI DSS, and GDPR knowledge, experience, and qualifications are highly desirable

Benefits

• Generous PTO, plus company holidays
• Medical, dental, and vision coverage for you and your family
• Paid parental leave for all parents (12 weeks)
• Fertility and family planning support
• Early-detection cancer testing through Galleri
• Flexible spending account and dependent FSA options
• Health savings account for eligible plans with company contribution
• Annual work-life stipends for: Home office setup, cell phone, internet
• Wellness stipend for gym, massage/chiropractor, personal training, etc
• Learning and development stipend
• Company-wide off-sites and team off-sites
• Competitive compensation, company stock options and 401k