GlossGenius is hiring a
Senior Security Engineer in Canada

Summary

The role is for a Security Engineer to help design and drive the maturation of the Detection and Response program at GlossGenius. The position requires 4+ years of experience in security engineering or adjacent positions, knowledge of AWS and Kubernetes, and hands-on experience performing security investigations. The employee will work remotely from anywhere in Canada and report to the Head of Engineering, Service Lines.

Requirements

• 4+ years of experience in security engineering or adjacent positions involving cloud-based infrastructure environments and distributed corporate environments
• Hands-on experience performing security investigations, including log analysis, normalization, data correlation, and creating feedback for improving detections
• Knowledge of AWS and Kubernetes, or similar cloud-infrastructure products, particularly in regards to event and activity monitoring
• Experience working with corporate and endpoint protection tools, such as EDR, threat intel platforms, IDPs, and email security, and have spent time performing investigative, response, and remediation work using such tools

Responsibilities

• Design and implement roadmaps for detection engineering, security response and automation, and threat management for GlossGenius
• Implement and maintain systems and infrastructure for the collection, normalization, and enrichment of security related logs
• Develop and optimize our detection capabilities leveraging detection as code, scripting, risk-based authentication, automation, and user-driven security handling
• Create playbooks and repeatable processes to ensure consistency of response and distribution of knowledge
• Implement response and investigation automation across the corporate and production environments to improve our effectiveness and reduce the time to remediation
• Provide guidance and mentorship for junior members of Security and our partner teams
• Participate in a shared on-call rotation for Security

Preferred Qualifications

• Domain knowledge in the configuration and management of SIEM- and SOAR-type tools, experience with data lakes is a plus
• You have past experience performing threat hunting and/or evaluation in companies with cross-functional security teams, preferably using common industry frameworks such as STRIDE, ATT&CK, or DREAD
• You can write scripting and basic tooling for filling gaps around integrations and automation, preferably using Python

Benefits

• Flexible PTO
• Competitive health & dental insurance options, with premiums covered by GG
• Generous, fully-paid parental leave policy
• Retirement Savings Plan
• Professional Development - employees receive a yearly stipend for approved learning and educational-related expenses
• Home office support
• Team Bonding opportunities - as a distributed team, being able to build meaningful bonds both virtually and in person is incredibly important to us! We are constantly evaluating how we accomplish this and currently, teams are given opportunities to gather in person throughout the year