Staff Security Engineer

Summary

Join Honeycomb's thoughtfully-expanding security team as a Staff Security Engineer and become a foundational member, helping establish and grow high collaboration and intentional security standards. As an early member, you'll influence tool selection, establish collaboration standards with engineering and product teams, and define Honeycomb's long-term security roadmap. You will contribute to the security team's roadmap, collaborate with product and engineering partners on security reviews and vulnerability remediation, and partner with colleagues to implement necessary security tools. You'll act as a force multiplier by developing threat modeling skills within the engineering organization and help maintain a culture of partnership and iterative improvement. This role involves contributing code to internal applications, responding to information security issues, and engaging with the security community to bring innovative best practices. Honeycomb offers a remote-first work environment and a competitive compensation and benefits package.

Requirements

• Interdisciplinary experience within the security field. You have a strength in application security, but are comfortable working a security incident when needed. You have worked as a full-stack engineer writing code, reviewing pull requests, and supporting vulnerability remediation efforts. You also have an idea of what kinds of detections are important in an early-stage security organization, how to build them, and what information you’ll need to investigate them
• Experience scaling to Enterprise customers. You understand the security expectations of Enterprise customers. We know these customers have more expansive demands, and you’re comfortable helping prioritize maturity initiatives within a security program to help us rise to the challenge
• Comfort with adjusting expectations. You know it’s important to have a planned roadmap, and know it will be disrupted when something goes wrong. You understand how to balance planned security initiatives against the interruptions of vulnerability disclosures and security incidents, and you’re comfortable rebalancing as needed to ensure urgent issues are remediated while keeping your priorities in sight. Plans can change, but when you adjust a delivery plan, you know how to focus on the must-haves, and deliver on what’s truly essential
• A strong sense of teamwork and a willingness to build. You have worked on teams requiring collaboration with cross-functional partners, such as product managers and other engineers, and you understand that your colleagues are not adversaries. You recognize that scalable security is dependent on reducing knowledge silos and leveling up members of the teams around you. You also enjoy pair programming and helping others when they are stuck
• Ability to balance security concerns with delivering value. It’s easy to get caught up in trying to build a perfectly secure solution and lose the context of the value you are delivering. You have experience revisiting scope and working in small iterations to deliver value to our customers quickly

Responsibilities

• Contribute to the long-term roadmap for our Security Team, while strategically providing guidance to colleagues and hands-on technical work as needed to support the development of an early-stage security program
• Collaborate with Product and Engineering partners to define when security reviews are necessary, perform security reviews accordingly, and assist in the development of vulnerability remediation strategies as needed
• Partner with colleagues throughout the organization to determine which tools the Security Team needs to work effectively, and implement those tools accordingly
• Act as a force multiplier through working with engineers to develop threat modeling skills to maintain a high standard of autonomy and within the engineering organization without sacrificing security basics
• Help maintain a culture of partnership, autonomy, sustainability, and iterative improvement
• Partner with Engineering, Product, and IT organizations in our cloud-native environment to promote and develop a more secure production service
• Contribute code to our internal applications and services to address classes of vulnerabilities to evolve our codebases toward secure coding practices
• Respond to information security issues in each layer of our tech stack, in every stage of the software development lifecycle
• Engage with the security community at large to learn about and bring innovative best practice to our Security and Engineering organizations

Benefits

• Base pay (range) of $210,000 - $235,000 USD
• A stake in our success - generous equity with employee-friendly stock program
• It’s not about how strong of a negotiator you are - our pay is based on transparent levels relative to experience
• Time to recharge - Unlimited PTO and paid sabbatical
• A remote-first mindset and culture (really!)
• Home office, co-working, and internet stipend
• 100% employee/75% for dependents coverage for all benefits
• Up to 16 weeks of paid parental leave, regardless of path to parenthood
• Annual development allowance