Security Engineer II

Summary

Join ActBlue's Security Team as a Security Engineer II and play a critical role in protecting our platform, donors, and campaigns from cyber threats. Partner with engineers to conduct security reviews, perform vulnerability assessments, and participate in incident response. You will implement security automation, serve as a primary SME for on-call rotations, and deploy tools to enhance security. This full-time, remote position offers a competitive salary, comprehensive benefits, and flexible work schedule. ActBlue is committed to fostering a diverse and inclusive workplace. Travel may be required occasionally for retreats.

Requirements

• Can perform reviews that demonstrate deep domain expertise in one or more core security domains and secondary specializations, (e.g. infrastructure security, application security, corporate IT security, security operations)
• Has experience performing practical information security attacks utilizing popular attacker tools during offensive security reviews
• Can continuously readily learn and apply lessons learned from new attacks/attackers to your area of focus
• Can proactively utilizes our SIEM/SOAR tooling to inform work and decisions
• Can be a primary SME for our on-call rotation for at least one area of expertise or responsibility
• Can deploy, manage, monitor, and/or provide sustainable operational support for a subset of technology that our team relies on to enforce security requirements and detect threat actors to defend Actblue
• Experience with OWASP principles
• Understanding of modern TTPs used to target B2C online business
• Experience deploying tools that make it easier for engineers to build safely
• Experience and passion for hunting for vulnerabilities and driving remediations
• Proficiency in Ruby, JavaScript, and/or Python

Responsibilities

• Partner closely with engineers to perform security reviews that support our software and infrastructure engineers early in their engineering process
• Perform vulnerability assessments and offensively-focused ad hoc security reviews to identify and prioritize potential security risks and vulnerabilities
• Participate in incident response activities, including investigation, containment, and recovery efforts
• Implement, iterate and operate security automation aimed at supporting our engineers during their building processes, reducing the time it takes to remediate discovered vulnerabilities, and improving our team’s ability to address potential incidents

Benefits

• Flexible work schedules and an unlimited time-off policy
• Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families; plus fully-paid health reimbursement arrangement to use for out of pocket expenses and fully-paid short- and long-term disability
• Fully paid basic and AD&D life insurance and a voluntary supplemental life insurance option
• Dependent and health care flexible spending account options
• Employee Assistance Program (EAP) benefits for employees
• Automatic 2% Employer-paid 401K contribution, plus up to an additional 6% match on employee contributions
• A minimum of three months paid medical, family and parental leave (for all new parents, adoptions included)
• Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees
• Additional perks including quarterly snack deliveries and digital subscriptions to the Boston Globe & New York Times