Senior Security Engineer

Summary

Join Thirty Madison as a Senior Security Engineer and collaborate with a team of experienced professionals to fortify our digital health security infrastructure. You will design and build security solutions, partner with various teams to enhance cloud security posture, and resolve real-world security challenges. Responsibilities include mitigating vulnerabilities, researching threats, bolstering defense mechanisms, defining KPIs, and responding to security incidents. The ideal candidate possesses expertise in SIEM, EDR, CSPM tools, cloud security (AWS), Kubernetes security, incident response, and Infrastructure as Code (Terraform). Competitive compensation includes a base pay range of $152,800 - $210,100, an annual incentive plan, stock options, robust benefits, and stipends. Thirty Madison offers a flexible time off policy and a commitment to diversity and inclusion.

Requirements

• Experience with SIEM, EDR, and CSPM tools (Wiz, SentinelOne, Island)
• Experience in cloud security, especially for AWS, anything to do with IAM, secure configuration of services, AWS native security services like AWS Cloudtrail, SCP’s, AWS Org, Config etc
• Kubernetes Security Expertise: Deep understanding of Kubernetes security, including secure deployments, network policies, S2S authentication & authorization, RBAC, workload identity, admissions controllers, and runtime security
• Expertise responding to complex incidents across endpoint, network, and cloud as well as experience being an Incident Commander/Responder
• Expertise responding to complex incidents across endpoint, network, and cloud
• Capable of understanding an unfamiliar system enough to successfully respond to an incident involving the system
• Experience with Infrastructure as Code. We use Terraform
• Ability to understand the whole solution, not just the technology
• Focus on the end to end lifecycle of solving a problem and solutioning for it and not just implementing a security technology
• Have a well-rounded view for problem solving and a deep care for the patient and your fellow employees' experience as you surpass security challenges
• Hunger to drive decision making, collaboration and to have deeper opinions on security design

Responsibilities

• Design and build the security for the future of our infrastructure
• Partner with the infrastructure team, engineering team, compliance team and within security teams to maintain and further improve our cloud security posture management and help deliver secure products and services for our patients and doctors
• Take care of real world problems and challenges related to infrastructure security and implement sustainable solutions
• Create solutions and processes to identify, resolve and mitigate security vulnerabilities and risks
• Research threats and attack vectors that impact Thirty Madison’s applications and infrastructure
• Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes
• Create solutions and processes to identify, resolve and mitigate security vulnerabilities and risks
• Research threats, attack vectors and real-world problems that impact Thirty Madison’s applications and infrastructure security
• Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes
• Define and maintain key KPIs for a healthy infra/cloudSec program
• Detect and respond to security incidents and participate in an incident on-call rotation for critical and non-critical alerts

Benefits

• The base pay range for this position is $152,800 - $210,100 per year
• Annual Incentive Plan + Stock Option Package
• Robust and affordable Medical, Dental, and Vision plan options
• 401(k) with a match, commuter benefits, and FSA
• Annual $750 vacation stipend and $500 happiness stipend
• Flexible time off policy