Security Engineer II

Summary

Join Garner's dynamic team as a Security Engineer and play a crucial role in protecting our digital assets. You will design, implement, and operate security tooling and services; monitor for suspicious activity and respond to security incidents; conduct vulnerability assessments and remediation; ensure compliance with security standards; develop security awareness training; document incidents and report metrics; evaluate and integrate new security technologies; and collaborate with cross-functional teams. This fully remote position requires in-depth knowledge of cloud infrastructure security, strong understanding of vulnerabilities and attack vectors, proven experience with Terraform and cloud IAM, and experience with SIEM and DLP tools. The ideal candidate will have 4+ years of experience in a security engineering role, preferably in a fast-paced environment. Garner offers a competitive salary ($150,000-$180,000), equity incentives, and benefits including flexible PTO, medical/dental/vision, 401(k), and Teladoc.

Requirements

• Ability to work autonomously while collaborating with cross-functional teams, can successfully manage multiple projects simultaneously, and effectively communicate technical information to non-technical stakeholders
• In-depth knowledge of auditing cloud infrastructure for security risks, creating solutions that defend against those risks, and designing processes that provide systemic prevention against the risks
• Strong understanding of common application and infrastructure security vulnerabilities and attack vectors as well as techniques for their detection, prevention, and mitigation
• Strong understanding of and proven ability with Terraform in a cloud environment
• Strong understanding of cloud IAM principles and best practices
• Experience with using a SIEM to detect indicators of compromise, identifying the impact, and generating incident reports
• Independent ability to write scripts or automated tooling
• Understanding of network security principles, protocols, and technologies
• Experience with threat modeling cloud-native applications (NodeJS and Python) and data pipelines
• Experience with writing scripts or automation in any of the following languages: Bash, JavaScript, Python, or Golang
• Experience with IAC related tooling, such as Terraform or Pulumi
• Experience with deploying and managing Data Loss Prevention (DLP) tools in a regulated environment
• Proven experience (4+ years) in a security engineering role, preferably in a fast-paced environment such as a technology company or HealthTech company

Responsibilities

• Security Engineering: Design, implement, and operate security tooling and services in cloud (including IAC related components) and on-premises ecosystems including, but not limited to, AWS and GCP, Snowflake, Wiz, Okta
• Incident Detection and Response: Monitor security landscape for suspicious activity, investigate potential security incidents, and coordinate incident response efforts to mitigate threats and minimize their impact
• Vulnerability Management: Assist regular vulnerability assessments and penetration tests, analyze results, and collaborate with relevant teams to prioritize and remediate security vulnerabilities in a timely manner
• Security Compliance: Ensure compliance with relevant security standards, regulations, and best practices (e.g., HITRUST, SOC 2, ISO 27001) through continuous monitoring, auditing, and enforcement of security policies and procedures
• Security Awareness and Training: Develop and deliver security awareness training programs for employees, educate stakeholders on security best practices, and promote a culture of security awareness throughout the organization
• Security Incident Documentation and Reporting: Document security incidents, their resolution, and lessons learned for future reference. Prepare and present regular reports on security metrics, incidents, and trends to management and relevant stakeholders
• Security Tool Evaluation and Integration: Research, evaluate, and recommend new security technologies, tools, and processes to enhance the organization's security posture and capabilities. Integrate new security solutions into existing infrastructure as needed
• Collaboration and Communication: Work closely with cross-functional teams, including IT, engineering, and compliance, to align security initiatives with business objectives, identify security requirements, and ensure the effective implementation of security controls

Benefits

• Flexible PTO
• Medical/Dental/Vision plan options
• 401(k)
• Teladoc Health