Kustomer is hiring a
Security & Privacy Engineer

Summary

Kustomer is seeking a Security and Privacy Engineer to join their team and oversee security operations, ensure compliance with critical standards, and lead key security-related projects. The ideal candidate should have 5+ years of experience in security and privacy engineering, deep knowledge in GitHub security and CI/CD pipeline enhancements, proficiency in various programming languages, excellent problem-solving skills, strong communication abilities, and the ability to mentor peers.

Requirements

• 5+ years in security and privacy engineering with a proven track record in adhering to key compliance standards (SOC2, ISO27001, GDPR, HIPAA, US Privacy PCI DSS)
• Demonstrates deep knowledge in GitHub security and CI/CD pipeline enhancements
• Proficient in Python, Java, Ruby, Node, and/or Go

Responsibilities

• Security Tooling Oversight: Direct ongoing optimization of security tools, with a focus on Lacework, to enhance threat detection and prevention capabilities
• Bug Bounty Program Management: Elevate the bug bounty program, pinpointing and mitigating vulnerabilities effectively
• Compliance Mastery: Spearhead efforts to achieve and maintain compliance with critical standards (SOC2, ISO27001, GDPR, US Privacy, PCI DSS) using Vanta as the primary framework
• GitHub Security Excellence: Commit to elevating GitHub security standards, ensuring continuous improvement and high-quality security practices
• CI/CD Security Innovation: Drive enhancements in CI/CD pipeline security, integrating best practices and cutting-edge security measures
• DLP Alerting Ownership: Manage the Data Loss Prevention (DLP) alerting process with a proactive approach to identifying and mitigating risks
• Security Project Leadership: Guide and execute key security-related projects, providing expert direction and leveraging technical know-how to protect corporate assets
• Application Security Program Development: Craft and oversee a comprehensive application security strategy to safeguard information integrity, confidentiality, and availability
• Secure Coding and Development Practices: Foster secure coding standards, integrate security measures into the development lifecycle, and ensure thorough source code testing and remediation
• Security Policy and Training Programs: Formulate and update security policies, standards, and guidelines; launch security awareness training programs for all relevant stakeholders
• Privacy Management: Manage and enforce privacy policies compliant with GDPR, CCPA, HIPAA, and other frameworks, ensuring data protection and confidentiality
• Risk Management Framework: Establish a structured approach for information security risk assessments, including treatment and oversight of remediation efforts
• Incident Response Management: Handle security incidents with precision, minimizing impact on corporate IT assets and the company's reputation
• Threat Intelligence and Advisory: Keep abreast of emerging threats, advising management on effective response strategies to mitigate risks
• Technical Problem Solving: Execute creative security solutions and conduct thorough technical troubleshooting to address and mitigate security vulnerabilities
• Security Evaluation and Testing: Lead efforts in vulnerability assessments, penetration testing, and threat modeling to identify risks and validate the effectiveness of security measures

Benefits

• Competitive salaries
• Stock options
• 100% healthcare coverage
• 401K
• WiFi and Mobile reimbursement
• Generous vacation policy