Staff Security Engineer

Summary

Join Olo, a leading SaaS platform in the restaurant industry, as a Staff Security Engineer. Reporting to the Security Engineering Manager, you will be responsible for defining security architecture, implementing robust security measures, and leading incident response. This role requires experience in Blue or Purple Team roles and expertise in various security technologies. You will collaborate with cross-functional teams and external parties to mitigate risks and foster innovation. The position offers remote work flexibility within the U.S. or at Olo's NYC headquarters. Olo provides a comprehensive benefits package including paid time off, health insurance, 401k match, and more.

Requirements

• Blue Team, Security Operations, Security Engineering, Security Architecture, DevOps or Operations experience
• Experienced with development and leading of a threat hunting program
• Experience with mentoring and leading members of the security team for incident response, threat detection, and threat hunting activities
• Experience with developing and leading the strategy and implementation of security automation and orchestration for incident response
• Proven experience developing and leading incident response, remediation and mitigation activities, and providing status updates and reports
• Experience with Kubernetes, container, and other microservices technologies
• Experience architecting, deploying, maintaining and administering security technologies. (e.g. Anti-Malware, Intrusion Detection System (IDS), Data Leak Prevention (DLP), File Integrity Monitoring (FIM), Firewalls, Security Information and Event Monitoring (SIEM), Static Inspection, Multi Factor Authentication (MFA), Vulnerability Assessment, Web Proxies and Web Application Firewalls (WAF))
• Experience with cloud providers and Infrastructure-as-Code (IAC) (e.g., Terraform, Ansible, CloudFormation or similar)
• Proficient with AWS security best practices
• Experience with automation, development, or scripting
• Experience with Application Security, modern web protocols and Web Application Firewalls
• Experience with SIEM platforms

Responsibilities

• Define architectural and technology standards that impact information, system and data security across the organization
• Create and update security architecture diagrams and processes utilizing industry standard frameworks
• Write and contribute to architecture RFC documentation
• Coach other engineers in how to develop security automation to further support our internal and cross-functional teams’ workflows
• Define and implement leading security practices for Kubernetes clusters, serverless architectures, API guidelines, and other dev-centric workloads
• Secure AWS IAM and other AWS services using Terraform
• Perform POV/POC evaluations of tooling and provide recommendations based on cost/benefit analysis and risk posture
• Proactively investigate atypical traffic, logs, and supporting data to introduce new and improved security mitigations
• Lead the team in all areas within incident response including: triage, investigation, and management as an incident commander
• Train other engineers in how to best evaluate and tune dashboarding, monitors, and alerting for security-related events while improving operational efficiencies
• Set an example in excellent white-glove service across teams and stakeholders - resolving security support requests, delivering initiatives, and managing day-to-day business operations while mentoring and supporting other engineers
• Drive the implementation of new technologies, processes, and automation of security activities
• Develop highly available, scalable, secure solutions that exceed our internal and external customer needs
• Collaborate cross-functionally, with customers, and with external third-parties to help introduce appropriate risk mitigation controls while influencing stakeholders towards more risk averse approaches
• Build out and contribute to supporting documentation and runbooks

Benefits

• 20 days of paid time off
• 10 separate sick days
• 11 holidays, plus year-end closure
• Health, dental, and vision coverage for yourself and your family
• A 401k match
• Remote-office stipend
• Company equity
• A generous parental leave plan
• Volunteer time off
• Gift matching policy
• Remote work