Security Engineer

Summary

Join our team as a Security Engineer and play a crucial role in enhancing our information security and privacy posture. You will design and implement robust security architectures, provide technical guidance to engineering and operations teams, conduct security reviews, build threat models, and develop security automation scripts. The ideal candidate will have at least 5 years of relevant experience, a strong understanding of information security principles, and excellent communication skills. This role involves collaborating with various teams to manage and resolve security incidents. The position is based in London, New York, Austin, Chicago, San Francisco, or remotely.

Requirements

• At least 5 years of relevant industry experience in information security, with a focus on security architecture and threat modeling
• Proven experience in performing security reviews, threat modeling, and risk assessments; strong understanding of information security principles, including confidentiality, integrity, and availability
• Experience with security tools and technologies, including vulnerability scanners, intrusion detection systems, and security information and event management (SIEM) systems
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams
• Strong problem-solving and analytical skills, with the ability to identify and mitigate complex security risks
• Ability to work in a fast-paced environment, managing multiple priorities and meeting deadlines

Responsibilities

• Design and implement robust security architectures that align with industry standards and best practices; ensure that security controls are integrated into the design and implementation of new systems and applications
• Provide technical guidance and recommendations to engineering and operations teams to enhance the security of our infrastructure; help ensure security is integrated into the secure software development lifecycle (SSLDC)
• Conduct comprehensive security reviews of software applications and systems to identify potential vulnerabilities and security gaps
• Build and maintain threat models for new and existing applications, ensuring that all potential attack vectors are identified and mitigated
• Develop and maintain security automation scripts and tools, such as SAST/DAST, to detect and respond to threats; automate security monitoring and alerting using Splunk, ELK, or Chronicle; develop security-as-code practices using Terraform, Ansible, or Kubernetes security policies
• Harden and secure AWS/Azure/GCP, endpoint, and IAM environments and enforce cloud security best practices
• Perform offensive activities and proactively hunt for vulnerabilities
• Participate in the incident response process, providing technical expertise to manage and resolve security incidents; contribute to the development and maintenance of incident response plans, ensuring that they are up-to-date and effective

Preferred Qualifications

• CISSP, CISA, or CISM certification is strongly recommended, but not required
• ISO 27001/27701/42001, SOC-2, PCI DSS, and GDPR knowledge, experience, and qualifications are highly desirable

Benefits

• Generous PTO, plus company holidays
• Comprehensive medical and dental insurance
• Paid parental leave for all parents (12 weeks)
• Fertility and family planning support
• Early-detection cancer testing through Galleri
• Competitive pension scheme and company contribution
• Annual work-life stipends for:Home office setup, cell phone, internet
• Wellness stipend for gym, massage/chiropractor, personal training, etc
• Learning and development stipend
• Company-wide off-sites and team off-sites
• Competitive compensation and company stock options