Senior Security Engineer

Summary

Join ActBlue's Security Team as a Senior Security Engineer and play a crucial role in protecting our platform, donors, and partner organizations. You will partner with engineers to conduct security reviews, lead vulnerability assessments, and spearhead incident response efforts. This role involves designing and implementing security automation, improving our ability to address potential incidents, and contributing to our on-call rotation. You will leverage your expertise in various tech stacks (Ruby on Rails, React, AWS, etc.) and apply your understanding of attacker TTPs to identify and mitigate security risks. The position is full-time, remote, and offers a competitive salary and comprehensive benefits package. ActBlue is committed to fostering an inclusive and belonging remote-first culture.

Requirements

• Performs reviews that demonstrate deep domain expertise in the majority of stacks that make up our platform, infrastructure, and business systems
• Applies your nuanced understanding of attacker tools, techniques, and processes (TTPs) when performing offensive security reviews and possesses an extensive array of defenses/mitigations for them when performing security reviews to provide requirements to stakeholders
• Independently designs, implements detections in our SIEM/SOAR stack to drive for better signal-to-noise or more efficient responses
• Serves on our on-call rotation, assists in training other members on on-call response
• Builds programs/processes/tech that are structured to measure success in a manner that efficiently furthers security objectives
• Experience with OWASP principles
• Understanding of modern TTPs used to target B2C online businesses
• Experience deploying tools that make it easier for engineers to build safely
• Experience and passion for hunting for vulnerabilities and driving remediations
• Proficiency in Ruby, JavaScript, and/or Python

Responsibilities

• Partner closely with engineers to lead security reviews that support our software and infrastructure engineers early in their engineering process
• Lead vulnerability assessments and offensively-focused ad hoc security reviews to identify and prioritize potential security risks and vulnerabilities
• Lead incident response activities, including investigation, containment, and recovery efforts
• Ideate, implement, iterate and operate security automation aimed at supporting our engineers during their building processes, reducing the time it takes to remediate discovered vulnerabilities, and improving our team’s ability to address potential incidents

Benefits

• Flexible work schedules and an unlimited time-off policy
• Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families; plus fully-paid health reimbursement arrangement to use for out-of-pocket expenses and fully-paid short- and long-term disability
• Fully paid basic and AD&D life insurance and a voluntary supplemental life insurance option
• Dependent and health care flexible spending account options
• Employee Assistance Program (EAP) benefits for employees
• Automatic 2% Employer-paid 401K contribution, plus up to an additional 6% match on employee contributions
• A minimum of three months paid medical, family and parental leave (for all new parents, adoptions included)
• Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees
• Additional perks include quarterly snack deliveries and digital subscriptions to the Boston Globe & New York Times