Security Engineer Remote Jobs

39 Results

4d

Principal Firmware Security Engineer

Western DigitalRochester, MN, Remote
RustagileDesignpython

Western Digital is hiring a Remote Principal Firmware Security Engineer

Job Description

ESSENTIAL DUTIES AND RESPONSIBILITIES:

  • Development of various cryptography-based security features such as data encryption, Secure Boot, and Device Attestation.
  • Integrate these security protocols and features into the SSD data and control flows to ensure a robust and secure system. Additionally, investigate and resolve any security protocol compatibility issues that may arise.
  • Investigating failures, documenting bug reports, and providing valuable assistance to product teams in identifying and resolving issues.
  • Debugging, optimizing, and validating the Firmware on SoC platforms, as well as bringing up of FPGA and ASIC.
  • Contribute to the Security Development Lifecycle of the Firmware by supporting its development at different stages, including design, threat analysis, implementation, validation, vulnerability testing, certification, and audit.

Qualifications

REQUIRED:

To qualify for this position, an ideal candidate would have/be

  • A degree in Computer Science, Electrical/Computer Engineering, Software Engineering, or a related field.
  • 8+ years of experience in embedded programming, with proficiency in C/C++ and one or more of the following: Python, Rust, Go.
  • Experience in firmware code review, CI/CD test and validation methodology, as well as static and dynamic code analysis. Familiarity with the Agile software development process life cycle is also desired.
  • Proficiency in failure analysis in debugging an embedded firmware application, using debuggers such as Lauterbach.
  • An engineer who can take ownership of given features and manage them from start to finish. Being self-motivated and driven is essential for this role.
  • Good communication skills and be able to work effectively with cross-functional teams.

What Sets You Apart

  • Detailed knowledge of RISC-V Instruction Set Architectures (ISA)
  • Technical expertise in applied cryptography and firmware/hardware security, including knowledge of data encryption, trusted execution environment, secure boot, and device attestation.
  • Knowledge of storage controller architectures and security protocols, such as TCG Opal/Ruby/Pyrite, IEEE 1667, SPDM, and IDE.
  • Familiarity with writing code in Github repository and it’s CI/CD testing framework.

See more jobs at Western Digital

Apply for this job

7d

Senior Security Engineer

LatticeRemote - US
remote-firstslackc++

Lattice is hiring a Remote Senior Security Engineer

This is Engineering at Lattice

Lattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.

As a critical member of Lattice's security team, you will play a pivotal role in auditing and strengthening our identity and access management (IAM) controls. Your responsibilities will include reviewing IAM configurations, pulling audit evidence and writing documentation, capturing configuration screenshots, and ensuring alignment with Lattice's security standards and compliance requirements. This role is ideal for someone with a deep technical understanding of IAM systems and a proactive approach to continuous improvement.

What You Will Do

  • Conduct in-depth audits of systems for IAM configurations, ensuring compliance with security standards by gathering audit evidence and capturing configuration screenshots.
  • Review and enhance IAM security controls across key corporate systems like Okta (identity and access management), Zscaler (network access controls), and CrowdStrike (endpoint access controls), recommending best practices for improved security.
  • Collaborate with IT and engineering teams to assess and optimize IAM configurations, ensuring they support secure, role-based access and effective incident detection.
  • Lead compliance initiatives and walkthroughs from a system perspective, including SOC2 audits, by preparing audit documentation specific to IAM controls and ensuring all evidence is properly documented and accessible.
  • Proactively manage IAM-related security alerts, triaging incidents to mitigate potential access threats and continually optimizing alert rules and thresholds.
  • Develop and maintain detailed documentation for IAM processes, controls, and evidence, ensuring they reflect current industry standards and Lattice security policies.

What You Will Bring to the Table

  • 5+ years of experience in security operations, auditing, or IT with a focus on identity and access management systems and security compliance.
  • Strong expertise in managing IAM tools and controls within platforms like Okta, Zscaler, and CrowdStrike, with a comprehensive understanding of secure configuration and role-based access control options.
  • Demonstrated ability to assess IAM configurations, recommend security improvements, and implement best practices for system hardening.
  • Knowledge of compliance frameworks (SOC2 preferred), authentication protocols, access management best practices, and role-based access control methods.

----

The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.

#LI-remote

About Lattice

Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning ????– and Lattice is building the tools to empower those people-centric companies.

Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line ????. Since launching in 2016, we have grown to over 5,000+ customers globally, including brands like Slack, Robinhood, and Gusto. 


Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.

By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance withLattice's Job Applicant Privacy Policy.

Apply for this job

9d

Senior Security Engineer

SnapsheetRemote
Mid LevelFull TimerubylinuxpythonPHP

Snapsheet is hiring a Remote Senior Security Engineer

Senior Security Engineer - Snapsheet - Career PageResponsibilities as the Senior Security Engineer:

See more jobs at Snapsheet

Apply for this job

Databricks is hiring a Remote Senior Security Engineer (Incident Response)

Job Application for Senior Security Engineer (Incident Response) at Databricks

See more jobs at Databricks

Apply for this job

14d

Senior Security Engineer

NuveiTel Aviv-Yafo,Tel Aviv District,Israel, Remote Hybrid
terraformDesignazuredockerkuberneteslinuxpythonAWS

Nuvei is hiring a Remote Senior Security Engineer

The world of payment processing is rapidly evolving, and businesses are looking for loyal and strategic partners, to help them grow.  

WE ARE NUVEI. Nuvei (NASDAQ: NVEI) (TSX: NVEI) is a Canadian fintech company accelerating the business of clients around the world. Nuvei’s modular, flexible, and scalable technology allows leading companies to accept next-gen payments, offer all payout options, and benefit from card issuing, banking, risk, and fraud management services. Connecting businesses to their customers in more than 200 markets, with local acquiring in 47 markets, 150 currencies, and 586 alternative payment methods, Nuvei provides the technology and insights for customers and partners to succeed locally and globally with one integration.  

At Nuvei, we live our core values, and we thrive on solving complex problems. We’re dedicated to continually improving our product and providing relentless customer service. We are always looking for exceptional talent to join us on the journey!  

We are seeking a highly skilled and motivated Senior Security Engineer to join our dynamic Technical Security Operations team. In this role, you will be responsible for designing, implementing, and maintaining robust security systems across a variety of platforms, protecting the company’s digital assets, and continuously evolving our security posture. You will collaborate closely with the CISO and other key stakeholders to ensure that security is deeply integrated into all aspects of the company’s infrastructure and operations. You will be reporting to the Technical Security Operations team leader. 

Key Responsibilities: 

  • Lead the implementation, configuration, and ongoing maintenance of a variety of advanced security technologies, including but not limited to EDR, Proxy, DLP, email protection, and other critical security solutions. 
  • Collaborate with the CISO and security leadership to align security strategies with business objectives, ensuring security requirements are properly designed and executed across the company’s infrastructure. 
  • Continuously monitor and analyze security systems, firewalls, logs, and relevant data sources to detect, analyze, and respond to potential security threats in real time. 
  • Regularly assess and refine the security architecture to ensure it meets current and emerging threats while aligning with best practices. 
  • Conduct thorough market research and spearhead proof of concept (POC) evaluations for new security tools, identifying opportunities to improve the organization’s overall security posture. 
  • Identify and assess emerging security threats through continuous monitoring, vulnerability assessments, and log analysis, proactively addressing risks before they materialize. 
  • Enhance internal security controls, including identity and access management (IAM), key management, security monitoring, and cloud security posture management (CSPM). 
  • Ensure security best practices and policies are adhered to across all systems and services. 

Required Qualifications: 

  • 5+ years of hands-on experience in security engineering, with deep expertise in multiple IT security domains. 

Proven expertise in the following areas: 

  • Data Loss Prevention (DLP) 
  • Endpoint Protection (EDR/XDR) 
  • Proxy Solutions (Forcepoint, Netskope) 
  • Identity Providers (Okta, Entra ID) 
  • Email Protection 
  • SIEM  
  • Threat Intelligence and Vulnerability Management 
  • Network Security (firewalls, VPNs, WAF, NAC) 
  • Directory Services (Active Directory, Azure AD) 
  • Sandbox Solutions 
  • Vulnerability Assessment Solutions (VAS) 
  • Cloud Security Posture Management (CSPM) 
  • Data Security Posture Management (DSPM) 
  • Static Application Security Testing (SAST) 
  • Dynamic Application Security Testing (DAST) 
  • Strong experience securing Windows, Linux, and macOS environments, with a comprehensive understanding of system security controls. 
  • Demonstrated expertise in both on-premises and cloud architecture security, with experience securing public cloud platforms (AWS, GCP, Azure). 
  • Advanced knowledge of network security, protocols, and the ability to secure complex network environments. 
  • Familiarity with host-based forensics, OS artifacts, and exploitation methods, with the ability to respond to security incidents effectively. 
  • Hands-on experience with scripting languages such as Bash, Python, or PowerShell, along with proficiency in infrastructure-as-code tools (Terraform, CloudFormation). 
  • Familiarity with compliance frameworks and certification programs (PCI-DSS, SOC II, ISO27001), with the ability to manage security audits and maintain compliance. 
  • Proven ability to lead cross-functional security initiatives, driving collaboration and widespread adoption of security best practices across teams. 
  • Passionate about staying ahead of the curve in cybersecurity trends, emerging threats, and security technologies. 

Preferred Qualifications: 

  • Experience with security design, threat modeling, and conducting security audits. 
  • Familiarity with containerization and cloud-native technologies (Kubernetes, Docker). 
  • Strong analytical and problem-solving skills, with attention to detail and a proactive approach to addressing complex security challenges
  • SOAR solutions. 

See more jobs at Nuvei

Apply for this job

27d

Security System Engineer II

5 years of experienceDesign

Convergint Federal Solutions is hiring a Remote Security System Engineer II

Job Description

As a Security Systems Engineer II at Convergint Federal | SigNet Technologies, you will be an integral part of our team, responsible for designing, implementing, and supporting advanced security systems for our government and federal clients. The Security Systems Engineer II will play a pivotal role in delivering innovative security solutions, ensuring they meet the highest industry standards, and addressing the unique security challenges faced by our clients.

Value and Beliefs of this Role:
The person in this role must provide world-class service to customers, colleagues, and
communities. It requires a person of integrity, self-accountability, commitment to communicate openly and consistently, delivering results and having fun with laughter daily. In this role we want you to grow with us and deliver results as an exceptional Security Systems Engineer II. This job requires a person who remains professional, organized, collaborative, detail, and task oriented, timely, and creative at problem solving.

Key Responsibilities:

System Design:

  • Collaborate with clients and project teams to design, develop, and implement security systems, including access control, video surveillance, intrusion detection, and perimeter security.

Technology Integration:

  • Integrate a wide range of security technologies and systems to create comprehensive and effective security solutions.

Project Management:

  •  Manage the entire project lifecycle, from design and implementation to commissioning and handover, ensuring projects are completed on time and within budget.

Technical Expertise:

  • Provide technical support and expertise throughout all project phases, including troubleshooting and resolving technical issues.

Compliance:

  •  Ensure that all security system designs and implementations comply with relevant codes, regulations, and industry standards.

Documentation:

  • Generate detailed technical documentation, including system drawings, installation guides, and equipment lists.

Client Interaction:

  •  Build strong client relationships by providing expert guidance, project updates, and addressing client concerns.

Other Duties: Other duties assigned within reason of current role previously specified.

Qualifications

  • Bachelor of Science degree Engineering, Computer Science or related field
  • 3 to 5 years of experience in Computer Science or related field
  •  Ability to mentor SSE I
  •  3 to 5 years of experience working with,
    •  Access Control Systems; Video Management Systems; Intrusion Detection (Perimeter and Interior)
    •  Strong knowledge of security technologies, including access control, video surveillance, and intrusion detection systems.
    •  Infrastructure (Interior and Exterior Cabling, Fiber, Network, Wireless)
    •  Reviewing RFPs, technical specifications, and the production of cost estimate and proposals.
    • Providing cost estimates and change orders.
    • Interacting with internal and external customers to interpret technical requirements and provide guidance to shape solutions.
    • Producing a variety of written documents such as pre or post-bid engineering survey reports; read, interpret, and review electrical, electronic, and electromechanical schematics
    • Proficiency in project management and system integration.
    • Reviewing and assess CAD drawings produced by in-hours CAD team;
  • Excellent problem-solving and troubleshooting skills.
  • Strong communication and interpersonal skills.
  • Knowledge of government security regulations and clearances is a plus.

Requirements

  • Active Driver’s License
  • United States Citizenship
  • The job may require lifting objects weighing between 25 to 50 pounds. Accommodations can be provided upon request to enable individuals with disabilities to perform the essential functions.
  •  Security Clearances: This position requires a  Secret security clearance. The clearance requirements are determined by the agency(s) in which you are assigned. Convergint Federal will sponsor the level of clearance required. However, it will be your responsibility to obtain and maintain your required level of clearance.

See more jobs at Convergint Federal Solutions

Apply for this job

+30d

Senior Security Engineer

PindropUS - Remote
Lambdaremote-firstazurelinuxpythonAWS

Pindrop is hiring a Remote Senior Security Engineer

Senior Security Analyst

US-Remote

Who we are

Are you passionate about innovating at the intersection of technology and personal security? At Pindrop, we recognize that the human voice is a unique personal identifier, increasingly susceptible to sophisticated fraud, including the threat of deepfakes. We're leading the way in developing cutting-edge authentication, fraud prevention, and deepfake detection. Our mission is to provide seamless and secure digital experiences, safeguarding the most personal aspect of our identity: our voice. Here, you'll be part of a team driven by values of Innovation, Customer Advocacy, Excellence, and Impact. We're not just creating a safer digital landscape by fortifying trust and integrity with those we serve, we’re also building a dynamic, supportive workplace where your contributions make a real difference.

Headquartered in Atlanta, GA, Pindrop is backed by world-class investors such as Andreessen-Horowitz, IVP, and CapitalG.

What you’ll do 

  • Represent security in internal and external meetings to discuss security analysis, findings and security/compliance responses. 
  • Review past incidents and identify attack trends. Finetune and reconfigure alerts based on prior incidents to improve detection.
  • Actively participate in the development, documentation, and implementation of new processes to expand and mature capabilities for the organization.
  • Identify and track internal and external assets to identify potential risks. Communicate these risks to internal and external stakeholders and build a plan of action.
  • Develop, update, and maintain a repository of cybersecurity threat information that may be used in conducting risk assessments and reports on cyber risk trends.
  • Build and maintain tools for automation of security events and reporting. Optimize and reconfigure tools to improve security processes.
  • Implement, maintain and monitor IDS/IPS rule sets, alerts and reports.
  • Perform investigations and improve detection processes on a wide variety of security events from various sources to determine whether they pose a threat to Pindrop
  • Identify, research and develop internal and open source tools used to improve security and threat intelligence workflows to support Pindrop's unique environment
  • Collaborate with internal and external teams to answer customer questionnaires, compliance audits.

Who you are

  • You are, hands-on problem solver that excels in dynamic fast paced environments, curious and always looking to learn., highly interested in how things work and gets excited by threat modeling and new exploits
  • You are resilient in the face of challenges, change, and ambiguity
  • You are optimistic and believe that you can make a problem into a solution
  • You are resourceful, excited to uncover innovative solutions and teach yourself something new when needed
  • You take accountability, do the things you say you’ll do, under-promise and over-deliver
  • You are nimble and adaptable when priorities change and continue to see the “forest through the trees” 

Your skill-set: 

  • 2+ years of security monitoring and incident response experience
  • Must have experience with Linux, Mac, and knowledge of Windows
  • Experience in configuration and maintenance of endpoint security solutions, eg. Crowdstrike, SentinelOne, Carbon Black.
  • Experience with security tools including SIEM, Metasploit, Splunk, Wireshark
  • In-depth knowledge of SIEM log ingestion and alert creation.
  • Hands-on experience with TCP/IP and networking
  • Ability to write scripts/code using Python or other scripting languages for automation
  • Knowledge of incident response and investigation tools and techniques
  • Experience with security operations in cloud platforms such as AWS, GCP, Azure etc.
  • Experience responding to security questionnaires and customer questions

Nice to have:

  • Experience with forensic analysis tools (commercial and open-source) and procedures desired
  • Experience with threat feeds and threat intelligence (e.g., STIX, TAXII, IOCs) desired
  • Experience with cloud logging applications, AWS Cloudtrail, VPC Flow Logs, Lambda, etc.

What’s in it for you:

As a Pindropper, you join a rapidly growing company making technology more human with the power of voice. You will work alongside some of the best and brightest. We’re a passionate group committed to excellence - but that doesn’t stop us from enjoying the journey as a team with chess and poker tournaments, catered lunches and happy hours, wellness programming, and more. Because we take our jobs seriously, we add in time for rest with Unlimited PTO, Focus Thursday, and Company-wide Rest Days.

Within 30 days:

  • You’ll focus on training and learning the basics of the company. This includes the company’s systems, procedures that should be adhered to, products and services, software, vendors, and/or clients.
  • You’ll have been introduced to your team, colleagues and have 1:1’s to assimilate into the company culture.
  • You will have the opportunity to learn the product in and out through training and a variety of resources. This then means that the majority of the things-to-do should fall along the lines of attending training sessions, gaining and mastering product knowledge, learning major corporate systems, meeting the members of your team, and getting the necessary access. 

Within 60 days:

  • You’ll have a good grasp of your working environment and you can now move onto more advanced tasks. 
  • You will start studying the best practices in the industry, create goals, meet up with your supervisor and get feedback on your performance, and build meaningful relationships with your co-workers along with taking on proper job responsibilities.  

Within 90 days

  • You’ll demonstrate a firm grasp of the company and confidence in your job function. Thus, you should be preparing to make breakthrough contributions to your team or department. 
  • The contributions may include finding new ways to improve security or coming up with ideas to save the company money. Instead of only identifying problems in the company, you should be at the forefront of brainstorming possible solutions. 
  • You will be able to spearhead new initiatives and collaborate with other teams for the good of the company. 

What we offer

As a part of Pindrop, you’ll have a direct impact on our growing list of products and the future of security in the voice-driven economy. We hire great people and take care of them. Here’s a snapshot of the benefits we offer:

  • Competitive compensation, including equity for all employees
  • Unlimited Paid Time Off (PTO)
  • 4 company-wide rest days in 2024 where the entire company rests and recharges!
  • Remote-first culture

What we live by

At Pindrop, our Core Values are fundamental beliefs at the center of all we do. They are our guiding principles that dictate our actions and behaviors. Our Values are deeply embedded into our culture in big and small ways and even help us decide right from wrong when the path forward is unclear. At Pindrop, we believe in taking accountability to make decisions and act in a way that reflects who we are. We truly believe making decisions and acting with our Core Values in mind will help us to achieve our goals and keep Pindrop a great place to work:    

  • Audaciously Innovate - We continue to change the world, and the way people safely engage and interact with technology. As first principle thinkers, we challenge standards, take risks and learn from our mistakes in order to make positive change and continuous improvement. We believe nothing is impossible.
  • Evangelical Customers for Life - We delight, inspire and empower customers from day one and for life. We create a partnership and experience that results in a shared passion.   We are champions for our customers, and our customers become our champions, creating a universal commitment to one another. 
  • Execution Excellence - We do what we say and say what we do. We are accountable for making the tough decisions and necessary tradeoffs to deliver quality and effective solutions on time.
  • Win as a Company - Every time we win, we win as a company. Every time we lose, we lose as a company. We break down silos, support one another, embrace diversity and celebrate our successes. We are better together. 
  • Make a Difference - Every day we have the opportunity to make a positive impact. We operate with dedication, passion, and uncompromising integrity, creating a safer, more secure world.

Not sure if this is you?

We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you’re not sure if you qualify, apply anyway! We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

Pindrop is an Equal Opportunity Employer

Here at Pindrop, it is our mission to create and maintain a diverse and inclusive work environment. As an equal opportunity employer, all qualified applicants receive consideration for employment without regard to race, color, age, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, marital and/or veteran status.

#LI-Remote

See more jobs at Pindrop

Apply for this job

+30d

Security Engineer

AcquiaRemote - Costa Rica
EC29 years of experience6 years of experienceagile3 years of experienceterraformdrupaldockerMySQLkubernetesubuntulinuxpythonAWS

Acquia is hiring a Remote Security Engineer

Acquia empowers the world’s most ambitious brands to create digital customer experiences that matter. With open source Drupal at its core, the Acquia Digital Experience Platform (DXP) enables marketers, developers, and IT operations teams at thousands of global organizations to rapidly compose and deploy digital products and services that engage customers, enhance conversions, and help businesses stand out.

Headquartered in the U.S., Acquia is positioned as a market leader by the analyst community and is listed as one of the world’s top software companies by The Software Report. We are Acquia. We are a global company with employees located in more than 30 countries, and we’re building for the future.We want you to be a part of it!

Does the challenge of finding security flaws in custom application code get your mind racing? Can you think like an attacker to misuse and break cloud services? Do you have an interest in compliance and simplifying the process for achieving it? Join Acquia and help enhance the security of the largest sites and brands on the planet, whose Drupal apps are powered by our PaaS platform and SaaS services built on top of many thousands of AWS EC2 instances.

Job Responsibilities:

  • Be a Security Champion in an agile Security Engineering team owning and operating the services you build
  • Research, specify, and test cloud hosting architectures leveraging your web, database, and OS knowledge
  • Debug the toughest distributed systems production issues

Skills:

  • 2-6 years of related experience
  • Cloud security and compliance experience using AWS (e.g., Firewalls, IDS/IPS systems, DDOS prevention and PCI-DSS, HIPAA, FedRAMP, etc.)
  • Strong software development background using any general programming language
  • Understanding of Kubernetes
  • Passion for websites and website delivery architecture
  • Deep, working knowledge of LAMP stack--OS, web server, and database systems (Linux, Apache, and MySQL preferred)
  • Linux packages (e.g., Debian or RPM packages); RHEL and Ubuntu experience
  • Networking (e.g., TCP/IP, Routing, DNS, load balancing, HTTP caching, clustering, VPN, etc.)
  • Holistic understanding of the Internet and hosting from the network layer up through the application layer.
  • Excellent organizational and communication skills, both verbal and written
  • BS in Computer Science or equivalent experience
  • Ability to work effectively across multiple teams and drive results

Preferred Qualifications: 

  • Software development using Python or Go
  • Experience with threat modeling, especially for web application and web APIs
  • Configuration management (e.g., Terraform, CloudFormation, etc.)
  • Containerization:  Docker, LXC, etc.
  • Kubernetes: Hands-on, working experience securing K8s deployments according to “hard multi-tenancy” guidelines and methods.

All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance.

See more jobs at Acquia

Apply for this job

+30d

Principal Platform Security Engineer

GeminiRemote (USA)
remote-firstterraformDesignkuberneteslinuxpythonAWS

Gemini is hiring a Remote Principal Platform Security Engineer

About the Company

Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. Gemini offers a wide range of crypto products and services for individuals and institutions in over 70 countries.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we help you buy, sell, and store your bitcoin and cryptocurrency. 

At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.

In the United States, we have a flexible hybrid work policy for employees who live within 30 miles of our office headquartered in New York City and our office in Seattle. Employees within the New York and Seattle metropolitan areas are expected to work from the designated office twice a week, unless there is a job-specific requirement to be in the office every workday. Employees outside of these areas are considered part of our remote-first workforce. We believe our hybrid approach for those near our NYC and Seattle offices increases productivity through more in-person collaboration where possible.

The Department: Platform Security

The Role: Principal Platform Security Engineer

The Platform Security team secures Gemini’s infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Platform Security team covers a broad problem space that includes all areas of Gemini’s platform infrastructure. In the past, this team has focused specifically on cloud security and we continue to invest heavily in this area.  This role will bring additional depth and specialization in non-cloud infrastructure, containerization, and container orchestration security.  We also value expertise in neighboring areas of infrastructure and platform security engineering including: PKI, core cryptography, identity management, network security, etc.

Responsibilities:

  • Design, deploy, and maintain services/platforms for security and engineering teams
  • Build and improve security controls and capabilities at all layers of infrastructure
  • Partner with engineering teams on security architecture and implementation decisions
  • Collaborate with application security, threat detection, incident response, GRC and similar security functions to identify, understand, and reduce security risk

Minimum Qualifications:

  • 10+ years of experience in the field
  • Significant experience with container orchestration technologies and relevant security considerations. We often use Kubernetes and EKS
  • Significant experience in SRE, systems engineering, or network engineering
  • Significant experience with distributed systems or cloud computing. We often use AWS
  • Significant software development experience. We often use Python or Go
  • Experience building and owning high-availability critical systems or cloud-based services
  • Able to self-scope, define, and manage short and long term technical goals involving many teams and partners
  • Deep expertise in computer security principles and practices

Preferred Qualifications:

  • Experience securing AWS and Linux environments, both native and third-party
  • Experience designing and implementing cryptographic infrastructure such as PKI, secrets management, authentication, or secure data storage/transmission
  • Experience designing and implementing systems for identity and access management
  • Experience with configuration management and infrastructure as code. We often use Terraform
It Pays to Work Here
 
The compensation & benefits package for this role includes:
  • Competitive starting salary
  • A discretionary annual bonus
  • Long-term incentive in the form of a new hire equity grant
  • Comprehensive health plans
  • 401K with company matching
  • Paid Parental Leave
  • Flexible time off

Salary Range: The base salary range for this role is between $198,000 - $247,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-AH1

Apply for this job

+30d

Offensive Security Engineer

MonzoCardiff, London or Remote (UK)
mobile

Monzo is hiring a Remote Offensive Security Engineer

???? We’re on a mission to make money work for everyone.

We’re waving goodbye to the complicated and confusing ways of traditional banking. 

With our hot coral cards and get-paid-early feature, combined with financial education on social media and our award winning customer service, we have a long history of creating magical moments for our customers!

We’re not about selling products - we want to solve problems and change lives through Monzo ❤️

Hear from our team about what it's like working at Monzo


 

????London or Remote (UK) | ???? £35,000 - £50,000 + Benefits | Hear from the team

⭐ Our Offensive Security team

This role sits within our Offensive Security team, reporting into the Offensive Security Manager. But this team is a part of the wider Security collective here at Monzo, a power-house team of passionate security professionals all working to make Monzo as secure as possible for our customers.

At our core though, the Offensive Security team is made up of breakers, not makers. We find the vulnerabilities, prove exploitability, then work with the other teams to fix those problems. We aren’t developers though, so we give advice to mitigate issues but don’t start coding fixes ourselves.

????You’ll play a key role by…

The work we do within the Offensive Security team is varied, but all involve hacking in one way or another. A lot of our work is project-based, with focus placed on areas we consider weak. This might mean hacking some new internal software or testing a new feature in the apps for example.

We also do projects that simulate a real adversarial attack (a bit like red teaming), and cooperate with our defensive teams to improve capabilities and skills.

The biggest service we provide to the other teams is placing a security mindset in the room. Ask those “what ifs” and get people thinking like an attacker. And it always helps to have a proof of concept to show to others!

As an Offensive Security Engineer, you’ll first be covering the smaller projects the more senior engineers can’t get to. This could include:

  • Testing new features in the Monzo apps (mainly the mobile apps, but sometimes web apps too)
  • Testing internal and public web services that support our products, tools and systems
  • Doing network testing (like attacking our office networks or hunting for vulnerabilities in sensitive networks)
  • Supporting the security bounty program

As you get more familiar and confident within the team, we’ll encourage you to take on some bigger, more challenging projects to help with your career progression at Monzo. But you won’t be alone, and always have the support of the others in the team!

????We’d love to hear from you if…

First and foremost you:

  • Have an unending curiosity to understand how the security of systems work at all levels
  • Have a strong attacker mindset, always thinking “what if I did…” when testing a system

The following would be nice, but aren’t requirements:

  • At least 2 years experience in security testing (ideally internal testers or consultants)
  • An industry recognised qualification such as CREST CRT, CCT (APP or INF), OSCP, OSCE or other equivalent (don’t be put off if you don’t have any, experience is preferred!)

????What’s in it for you

????£35,000 - £50,000 ➕ share options.

????This role can be based in our London office, but we're open to distributed working within the UK (with ad hoc meetings in London) (Please note, we are notable to offer sponsorship or relocation to the UK for this role)

⏰We offer flexible working hours and trust you to work enough hours to do your job well, and at times that suit you and your team. 

????£1,000 learning budget each year to use on books, training courses and conferences.

????We will set you up to work from home; all employees are given Macbooks and for fully remote workers we will provide extra support for your work-from-home setup. 

➕ Plus lots more! Read our full list of benefits.

???? The application journey 

If shortlisted after your application, you’ll firstly have a chat with one of the Hiring Team. If successful following on from this ⬇️

  • Initial call with a member of the security team
  • Technical interview
  • Values and Collaboration interview

This process should take around 2-3 weeks - your schedule is really important to us, so we promise to be as flexible as possible! 

We have some guidelines on using Artificial Intelligence (AI) to ace an application and interview at Monzo ???? You can read them here.

You’ll hear from us throughout the application process, but if you’ve got any questions, please reach out to business-hiring@monzo.com. You can also use this email address to let us know if there’s anything we can do to make the process easier for you because of disability, neurodiversity or anything else.

We’ll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don’t miss out! 

If you’d prefer to work part-time, please let us know and we'll make this happen if we can.

Equal opportunities for everyone

Diversity and inclusion are a priority for us and we’re making sure we have lots of support for all of our people to grow at Monzo. At Monzo, we’re embracing diversity by fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog, 2023 Diversity and Inclusion Report and 2023 Gender Pay Gap Report.

We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.

Linkedin Tags: #LI-REMOTE#LI-MY1


Equal opportunities for everyone

Diversity and inclusion are a priority for us and we’re making sure we have lots of support for all of our people to grow at Monzo. At Monzo, we’re embracing diversity by fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog, 2023 Diversity and Inclusion Report and 2023 Gender Pay Gap Report.

We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.

If you have a preferred name, please use it to apply. We don't need full or birth names at application stage ????

See more jobs at Monzo

Apply for this job

+30d

Security Engineer

SinchMelbourne,Victoria,Australia, Remote Hybrid
mobile

Sinch is hiring a Remote Security Engineer

Sinch, the Customer Communications Cloud, powers meaningful conversations at scale across messaging, voice, and email to help businesses deliver unified, personalized experiences that truly revolve around their customers — no matter the channels they use. Over 150,000 businesses, including 8 of the 10 largest tech companies in the world, rely on us for their customer communication needs, with over 700 billion customer engagements each year.

 

Providing innovative mobile messaging solutions that help businesses of all sizes – from SMBs to enterprise-level to better connect with customers. Our messaging solutions for alerts and notifications, billing and payments, appointment reminders, marketing, and staff scheduling are trusted by over 65,000 customers in industries such as healthcare, education, retail, and utilities. Sinch is the number one choice for easy and engaging business messaging.

 

We are seeking a Security Engineer to join our global team. In this role you will be responsible for designing, implementing, and maintaining security protocols to safeguard sensitive information, such as customer data and company intellectual property. Must have a deep understanding of networking and system architecture, as well as knowledge of current and emerging threats and technologies. The Security Engineer plays a crucial role in incident response and developing strategies to prevent future attacks. This position requires strong analytical and communication skills, as well as a commitment to staying up to date with the latest trends and best practices in cybersecurity.

 

Key responsibilities:

  • Responsible for assessing and understanding the threat landscape by working with other Cyber functions such as Offensive Security, Digital Forensics etc. and architecting solutions to calibrate risk consistent with risk tolerance.
  • Reviewing security intelligence information and researching emerging threats - to proactively identify and prevent potential threats. 
  • Build and/or tune Sinch security tools, such as EDR, email security, and vulnerability scanning and SIEM solution to ensure that alerts are effective and actionable.
  • Augment Incident Response team to ensure 24/7 coverage and operations. Responsibilities sometimes will require working evenings and weekends, sometimes with little or no advanced notice.
  • Be able to effectively communicate, both written and verbally, complex security and technical concepts to a wide variety of stakeholders and partners and build and leverage and earn the trust of stakeholders at all levels of the organization.
  • Establish and modify runbooks that provide other subject matter experts with a consistent manner of executing the processes.
  • Employing the security technologies to continuously monitor the company’s assets, conduct technical analysis of network traffic to identify anomalies and then taking action to respond to potential vulnerabilities and threats.  

 

The successful candidate will possess the following skills and attributes:

  • Proven experience in working on threat, vuln, fraud or compliance - ideally building or supporting cross-functional mitigation programs.
  • A background that involves creating a layered security perimeter in the context of a cloud- and container-based microservices.
  • Experience supporting (or building) a security operations function in startup environments, ideally serving as incident commander for security incidents.
  • Knowledge of networking fundamentals, including TCP/IP, OSI stack model, L2, L3 and L7 fundamentals and raw packet analysis. Fluency with common cryptographic modalities
  • Experience using tools like LogRhythm, Nessus, CASB manage threat telemetry.
  • One industry-recognized security certification (CEH, CISSP, CCSP, CISA) -- or the willingness to secure one within six months.

 

We dream big — for our company, our customers, and our employees — and we hire the best talent worldwide to help us bring our vision to life. We have a local presence in more than 60 countries — probably somewhere near you!

 

We are committed to building an engaged and talented workforce that represents an environment that is inclusive, supports flexibility and welcomes diversity.

 

Our values of Dream BigWin TogetherKeep it simple and Make it Happen are the foundation for fostering an environment where diversity of thinking, skills and experiences are embraced, delivering innovation and better business results.

 

We value our team by offering:

  • WHERE YOU WORK MATTERS: We understand the benefit of a flexible schedule where you can best impact both your personal and work life, so we offer a hybrid working arrangement, work from home set up reimbursement and a global mobility policy.
  • PUT FAMILY FIRST: We know that building a family take priority, therefore we offer a generous parental leave program: 26 weeks salary for primary care giver and 4 weeks salary for secondary care giver
  • CELEBRATE YOURESELF: By providing a day off for your birthday, we want you to take the time to celebrate the year you’ve had with your nearest and dearest.
  • TAKE A BREAK: Enjoy a generous annual leave program. We value balance and understand that performance at work requires time to rest at home and/or rejuvenate on vacation.
  • STAY HEALTHY: Physical wellness supports mental wellness, so we offer a monthly fitness reimbursement allowance and other wellness programs
  • TAKE THE NEXT STEP: Coaching and career development support, including access to a range of online professional development courses
  • CARE FOR YOURSELF: Take advantage of our free virtual counselling resources through our global Employee Assistance Program. Your mental health is as important as your physical health.
  • MAKE AN IMPACT: Support betterment in your community and beyond by taking paid time off to support a volunteer program of your choice.
  • TREAT YOURSELF: Access to Reward+ program that offers a wide range of discounts and deals across retail, entertainment and much more.

 

If you are looking for the next opportunity in your career and want to work for a people focused, growing tech company, then Apply Now.

See more jobs at Sinch

Apply for this job

+30d

Security Engineer

Clover HealthRemote - Canada
remote-firstDesignlinuxpython

Clover Health is hiring a Remote Security Engineer

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the kind of engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about supporting each other's growth.

As a Security Engineer, you will forge and nurture trusted relationships with internal technology teams (Software Engineering, SRE, DS/ML, Product) and external customers (e.g., payers, accountable care organizations, integrated delivery networks). You will partner closely with the entire technology organization to architect, design, implement, and maintain system security and controls. This ideal candidate for this role will understand the needs of software development, technical system design, and data/information security.

As a Security Engineer, you will:

  • Implement, operationalize and monitor security applications such as EDR, DLP, SAST, Vulnerability Management, and CSPM systems.
  • Serve as a SME for security related code and technical design reviews.
  • Identify and collaborate with engineering and SRE to resolve areas of security vulnerability in our software, systems and infrastructure.
  • Assess and improve systems for compliance with security requirements, policies, guidelines and standards
  • Interface with external customers on CA security reviews and assessments
  • Work to improve our general security posture and processes ranging from secure development practices to SecDevOps
  • Contribute to the planning, definition and implementation of new security solutions or related development

You will love this job if:

  • You are passionate about transforming healthcare delivery through new technologies and want to make an impact.
  • You have a bias toward action and seek to intervene before issues arise.
  • You are comfortable navigating ambiguity and working in an evolving environment.
  • You are a problem solver and a team player. You love working within teams and helping them work more efficiently.
  • You are a strong communicator and able to influence behaviors to help drive desired outcomes.
  • You are empathetic and seek to build enduring relationships with our customers and users.
  • You are analytical and use data to drive actions and evaluate outcomes.

You should get in touch if:

  • You have 1+ years of experience in a security role with priority on engineering.
  • You have experience investigating, and triaging incidents.
  • You have a basic understanding of operating systems (Linux, OSX, etc.) and networking fundamentals.
  • You have a strong understanding of at least one of the following technologies: Python, JavaScript/TypeScript, Shell Scripting (You will be tested on one).
  • You are comfortable with conducting code reviews for security vulnerabilities on a frequent basis.
  • You have assessed the security of APIs and systems by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
  • You have excellent written and verbal communication skills and are able to craft clear and comprehensive reports and research to present to engineering and other stakeholders.
  • You stay up-to-date with the latest research on threats, attack vectors, and security trends and are keen to apply them to our environment.
  • You have knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO, CIS).

Benefits Overview:

  • Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program and regular compensation reviews to recognize and reward exceptional contributions.
  • Physical Well-Being: We prioritize the health and well-being of our employees and their families by offering comprehensive group medical coverage that include coverage for hospitalization, outpatient care, optical services, and dental benefits.
  • Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, company holidays, access to mental health resources, and a generous annual leave policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
  • Professional Development: We are committed to developing our talent professionally. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

  • Reimbursement for office setup expenses
  • Flexibility to work from home or from our office, enabling collaboration with global teams
  • Paid parental leave for all new parents
  • And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.


#LI-REMOTE

See more jobs at Clover Health

Apply for this job

+30d

Security Engineer

BugcrowdRemote - United States
golangBachelor's degreekotlinjiragitrubyc++pythonAWSjavascript

Bugcrowd is hiring a Remote Security Engineer

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.

Job Summary 

The Security Engineer’s role is to aid the security efforts of Bugcrowd, while proactively making changes to further improve our security posture. 

To achieve this goal, we require a motivated team member who is willing to push their own boundaries and step out of their comfort zone.You will be challenged on a regular basis, especially because you are the last line of defense for one of the largest crowdsourced security platforms! The Security Engineer will provide mentoring to multiple junior security engineers and will work closely with other team members on a daily basis. 

**Please note this role will be working PST business hours

Essential Duties and Responsibilities

  • Aiding within the Incident Response process
  • Threat hunting
  • Developing patches and security controls within a Ruby on Rails application, Golang application, and Kotlin application
  • Communicating across multiple teams converting technical knowledge into palatable words for multiple audiences. 
  • Significant familiarity with AWS and network security controls
  • Identifying vulnerability root causes
  • Performing basic risk assessments and triaging
  • Educating developers on security best practices
  • Architecting solutions with developers to remediate any security concerns
  • Performing basic red team assessments (including but not limited to phishing, vishing, spoofing technologies, etc.)
  • Testing new features within the platform and services
  • Automating security tasks to increase workflow efficiency
  • Mentoring other team members

Education

  • Bachelor's Degree in a relevant field or commensurate experience
  • 3 - 5+ years of professional experience in a similar role or its equivalent.

Knowledge, Skills, and Abilities

  •  Experience with writing IR plans and operating within an IR practice (experience responding to incidents)
  • Working knowledge of Threat Intelligence and how it can be used to proactively create security controls (automation)
  • Familiarity with Pentesting techniques and OWASP Top 10
  • Ability to understand a vulnerability and work with developers to patch it
  • Scripting knowledge in at least one of: Bash, Python, JavaScript, Ruby
  • Self motivated and organized - must be able to operate from a calendar and be punctual
  • Cloud security experience or holds cloud certifications (AWS strongly preferred)
  • Experience with Identity and Access Management (IAM) controls
  • Ability to work autonomously within a global company, and critically think without intervention
  • Familiarity with git
  • Familiarity with a ticketing system / issue tracking system is a must (e.g: Jira)

Working Conditions & Physical Requirements

Sitting and / or standing - Must be able to remain in a stationary position 50% of the time

Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.

Environment - remote, work-from-home 100% of the time.

ADA Statement: Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR at ada@bugcrowd.com.

Pay Range Disclosure:The base pay range for this role takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to Qualifications, Geographical Location, Education/certifications, Experience, Skill Sets, Training, and other business and organizational needs. 

A reasonable estimate of the current range for the position of Security Engineer base is: $97,000- $106,000.

This position may also be eligible to participate in a discretionary bonus program or commission plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

Culture

  • At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.
  • We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.
  • Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.

At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring.

 

Disclaimer

This position has access to highly confidential, sensitive information relating to the technologies of Bugcrowd. It is essential that the applicant possess the requisite integrity to maintain the information in the strictest confidence.

The company is authorized to obtain background checks for employment purposes under state and federal law. Background checks will be conducted for positions that involve access to confidential or proprietary information (including trade secrets).

Background checks may include Social Security verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required bylaw.


Equal Employment Opportunity:

Bugcrowd is EOE, Disability/Age Employer. 

Individuals seeking employment at Bugcrowd are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. 


Apply at: https://www.bugcrowd.com/about/careers/

 

See more jobs at Bugcrowd

Apply for this job

+30d

Security Engineer (Penetration Tester) - Remote

Paramo TechnologiesBuenos Aires, AR - Remote
jirasqlDesignmobileapilinux

Paramo Technologies is hiring a Remote Security Engineer (Penetration Tester) - Remote

To apply for this position, you must be based in the Americas, preferably Latin America (the United States of America is not applicable). Applications from other locations will be disqualified from this selection process.

We are...

a cutting-edge e-commerce company developing products for our technological platform. Our creative, smart, dedicated teams pool their knowledge and experience to find the best solutions to meet project needs while maintaining sustainable and long-lasting results. How? By making sure that our teams thrive and develop professionally. Strong advocates of hiring top talent and letting them do what they do best, we strive to create a workplace that allows for an open, collaborative, and respectful culture.

What you will be doing...

You will protect our infrastructure by searching for and helping address vulnerabilities. The right person must have excellent engagement and communication skills and a solid customer-focused and team-oriented approach that balances security needs and user experience to provide best-in-class security for the organization.

Must also be bilingual: English/Spanish.

Key Responsibilities:

  • Perform thorough penetration testing on various components of the organization's IT infrastructure, including networks, web applications, API, mobile applications, and cloud environments.
  • Use various tools and techniques to identify security weaknesses, such as SQL injection, cross-site scripting (XSS), privilege escalation, and other vulnerabilities.
  • Develop and execute attack scenarios to assess the effectiveness of security controls and defenses.
  • Conduct vulnerability assessments to identify and evaluate security flaws and weaknesses within systems and applications.
  • Analyze and prioritize vulnerabilities based on risk assessment and potential impact on the organization.
  • Create detailed reports documenting findings from penetration tests and vulnerability assessments, including descriptions of vulnerabilities, exploitation methods, and recommended remediation actions.
  • Triage vulnerabilities reported in a bug bounty program.
  • Prepare and present technical and executive-level reports that clearly communicate security issues, risks, and mitigation strategies.
  • Ensure that documentation is accurate, comprehensive, and delivered on time.
  • Work closely with IT, development, and security teams to address identified vulnerabilities and guide remediation efforts.
  • Advise on best practices for securing systems and applications based on penetration testing findings and industry standards.
  • Participate in developing and improving security policies, procedures, and practices.
  • Stay updated with the latest penetration testing tools, techniques, and threat vectors.
  • Develop custom scripts and tools to aid penetration testing and automate repetitive tasks.
  • Contribute to the refinement and enhancement of testing methodologies and frameworks.
  • Engage in ongoing training and professional development to enhance skills and stay current with emerging threats and technologies.
  • Share knowledge and expertise with the team to foster a culture of security awareness and continuous improvement.
  • Participate in internal and external security assessments, including red team exercises and vulnerability management programs.
  • Ensure penetration testing activities comply with industry standards, regulatory requirements, and organizational policies.
  • Maintain an open-source way of thinking when performing penetration testing.
  • Adhere to different policies set out by the organization.
  • Follow and improve existing procedures.
  • Keep your work organized based on tickets (Jira).
  • Prepare and provide different reports (weekly/monthly/ad-hoc) to the Top Management as necessary.
  • Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities.
  • Keeping abreast of new threats and vulnerabilities and providing analysis as per applicability.
  • Help the organization understand advanced cyber threats.

Knowledge and skills you need to have

  • Five years of a university degree or four-year college diploma, preferably in computer science, telecommunications, or other related academic fields, or equivalent work experience, are required.
  • At least 5 years of work experience in similar roles.
  • Fundamental technical understanding and experience assessing vulnerabilities and identifying weaknesses in web applications, APIs, operating systems (Windows and Linux), networks, databases, and application servers.
  • Ability to prioritize remediation and handle mitigation planning.
  • Experience in working collaboratively with cross-functional/transverse IT teams.
  • Ability to apply a risk-based approach while working on assigned responsibilities.
  • Good understanding of reporting needs at various organizational levels and ability to design, create, and present them.
  • Experience in working with any BI tools to prepare dashboards.
  • Troubleshooting and problem-solving capabilities.
  • Excellent analytical, communication, and documentation skills.
  • Ability to organize work and prioritize work as per the operation's needs.
  • Ability to work independently and as part of the Information Security Team, and can work under minimal supervision.
  • Should have time management skills and manage work in a fast-moving environment.

Competencies:

  • Reading comprehension: You must be able to read and understand the existing procedures and the tasks assigned to tickets. This is crucial for you to work under minimal supervision and excel. If you are a technical guru but don't understand the assigned tasks in writing or don't clarify doubts, this is not your job.
  • Organization: This position has 50% recurring tasks (e.g. reviewing weekly vulnerability scans), 30% research tasks (e.g. identifying why a vulnerability scan isn't working as expected and solving it together with other teams), 10% chasing other teams (e.g. ensuring that a vulnerability is remedied), and 10% procedures (e.g. improving existing procedures).
  • Prioritization: You must attend to the priorities of the assigned tasks and assign the right priority to the discovered vulnerabilities.
  • Strong interpersonal, written, and oral communication skills.
  • Able to conduct research into security issues and products as required.
  • Ability to prioritize and execute tasks during a high-pressure moment and make sound decisions in emergencies.
  • Ability to present ideas in a user-friendly language.
  • Keen attention to detail.
  • Proven analytical and problem-solving abilities.
  • Strong customer service orientation.
  • Ability to manage multiple projects, activities, and tasks simultaneously.
  • Facilitation and change management skills.

Bonus points for the following

Additional requirements, not essential but "nice to have":

  • Any Penetration Testing certification (i.e. CEH, OSCP, GPEN, Pentest+).
  • Any Vulnerability Management certification.
  • Knowledge of Splunk SIEM.
  • Knowledge of CDN and WAF usage and configuration (i.e. Cloudflare, Imperva).
  • Any other Cybersecurity certification.

Why choose us?

We provide the opportunity to be the best version of yourself, develop professionally, and create strong working relationships, whether working remotely or on-site. While offering a competitive salary, we also invest in our people's professional development and want to see you grow and love what you do. We are dedicated to listening to our team's needs and are constantly working on creating an environment in which you can feel at home.

We offer a range of benefits to support your personal and professional development:

Benefits:

  • 22 days of annual leave
  • 10 days of public/national holidays
  • Health insurance options
  • Access to online learning platforms
  • On-site English classes in some countries, and more.

Join our team and enjoy an environment that values and supports your well-being. If this sounds like the place for you, contact us now!

See more jobs at Paramo Technologies

Apply for this job

+30d

Security Engineer (SIEM) - Remote

Paramo TechnologiesBuenos Aires, AR - Remote
jiraDesign

Paramo Technologies is hiring a Remote Security Engineer (SIEM) - Remote

To apply for this position, you must be based in the Americas, preferably Latin America (the United States of America is not applicable). Applications from other locations will be disqualified from this selection process.

We are...

a cutting-edge e-commerce company developing products for our technological platform. Our creative, smart, dedicated teams pool their knowledge and experience to find the best solutions to meet project needs while maintaining sustainable and long-lasting results. How? By making sure that our teams thrive and develop professionally. Strong advocates of hiring top talent and letting them do what they do best, we strive to create a workplace that allows for an open, collaborative, and respectful culture.

What you will be doing...

You will protect our infrastructure by grabbing, analyzing and monitoring logs and events. The right person must have excellent engagement and communication skills and a solid customer-focused and team-oriented approach that balances security needs and user experience to provide best-in-class security for the organization.

Must also be bilingual: English/Spanish.

Key responsibilities of this Role

  • Monitor security alerts and notifications from various sources, including applications, network devices, operating systems, EDR, etc.
  • Investigate and analyze security incidents, including potential breaches, malware infections, and policy violations.
  • Coordinate with other teams to contain and remediate security incidents, minimizing impact and recovery time.
  • Document and report on incident details, responses, and resolutions.
  • Perform continuous monitoring of network traffic, system logs, and security events to identify anomalies and potential threats.
  • Analyze security alerts and perform detailed forensic investigations to determine the root cause of incidents.
  • Maintain and optimize security tools and technologies, including SIEM platforms, IDS/IPS, endpoint protection, EDR, and threat intelligence feeds.
  • Configure and tune security systems to reduce false positives and improve detection capabilities.
  • Create and maintain detailed documentation for security incidents, including incident reports, post-mortem analysis, and lessons learned.
  • Prepare and present regular reports on security incidents, trends, and metrics to senior management.
  • Ensure compliance with relevant regulatory requirements and internal policies.
  • Work closely with IT to enhance our security posture and respond to emerging threats.
  • Collaborate with external partners, vendors, and law enforcement when necessary for incident resolution and information sharing.
  • Provide guidance and support to junior security staff and other teams on security best practices and incident handling.
  • Stay up-to-date with the latest cybersecurity trends, threats, and technologies.
  • Creation of dashboards and KPIs.
  • Participate in ongoing training and professional development to enhance skills and knowledge.
  • Contribute to developing and refining SIEM procedures, playbooks, and response strategies.
  • Assist in creating and updating security policies, procedures, and incident response plans.
  • Ensure that security controls are consistently applied and followed across the organization.
  • Adhere to different policies set out by the organization.
  • Follow and improve existing procedures.
  • Keep your work organized based on tickets (Jira).
  • Prepare and provide different reports (weekly/monthly/ad-hoc) to the Top Management as necessary.
  • Maintain appropriate knowledge required for successful and efficient delivery of the responsibilities.
  • Keeping abreast of new threats and vulnerabilities and providing analysis as per applicability.
  • Help the organization understand advanced cyber threats.
  • Possibility to perform on-call after working hours and weekends.

Knowledge and skills you need to have

  • Five years of a university degree or four-year college diploma, preferably in computer science, telecommunications, or other related academic fields, or equivalent work experience, are required.
  • At least 5 years of work experience in similar roles.
  • Working and hands-on experience in running and handling SIEM on Splunk.
  • Data analysis experience.
  • Experience in working collaboratively with cross-functional/transverse IT teams.
  • Ability to apply a risk-based approach while working on assigned responsibilities.
  • Good understanding of reporting needs at various organizational levels and ability to design, create, and present them.
  • Experience in working with any BI tools to prepare dashboards.
  • Troubleshooting and problem-solving capabilities.
  • Excellent analytical, communication, and documentation skills.
  • Ability to organize work and prioritize work as per the operation’s needs.
  • Ability to work independently and as part of the Information Security Team, and can work under minimal supervision.
  • Should have time management skills and manage work in a fast-moving environment.

Competencies:

  • Reading comprehension: You must be able to read and understand the existing procedures and the tasks assigned to tickets. This is crucial for you to work under minimal supervision and excel. If you are a technical guru but don't understand the assigned tasks in writing or don't clarify doubts, this is not your job.
  • Organization: This position has 50% recurring tasks (e.g. reviewing abnormal logs every day), 30% research tasks (e.g. understand why certain logs are received and identify the root cause), 10% chasing other teams (e.g. ensuring that we receive logs from every single application and device), and 10% procedures (e.g. creating new procedures).
  • Prioritization: You must attend to the priorities of the assigned tasks and assign the right priority to the SIEM alerts.
  • Strong interpersonal, written, and oral communication skills.
  • Ability to prioritize and execute tasks during a high-pressure moment and make sound decisions in emergencies.
  • Ability to present ideas in a user-friendly language.
  • Keen attention to detail.
  • Proven analytical and problem-solving abilities.
  • Strong customer service orientation.
  • Ability to manage multiple projects, activities, and tasks simultaneously.
  • Facilitation and change management skills.

Bonus points for the following

Additional requirements, not essential but "nice to have":

  • Knowledge of other SIEM (Graylog, Google Chronicle, etc.).
  • Knowledge of data analysis.
  • Any Cybersecurity certification.

Why choose us?

We provide the opportunity to be the best version of yourself, develop professionally, and create strong working relationships, whether working remotely or on-site. While offering a competitive salary, we also invest in our people's professional development and want to see you grow and love what you do. We are dedicated to listening to our team's needs and are constantly working on creating an environment in which you can feel at home.

We offer a range of benefits to support your personal and professional development:

Benefits:

  • 22 days of annual leave
  • 10 days of public/national holidays
  • Health insurance options
  • Access to online learning platforms
  • On-site English classes in some countries, and more.

Join our team and enjoy an environment that values and supports your well-being. If this sounds like the place for you, contact us now!

See more jobs at Paramo Technologies

Apply for this job

+30d

Senior Security Engineer II

SignifydUnited States (Remote);
DevOPSBachelor's degreeBachelor degreeDesignazurejavapythonAWSjavascript

Signifyd is hiring a Remote Senior Security Engineer II

The Security Engineer at Signifyd assists cybersecurity operations and vulnerability management across the organization. This role works with other security engineers and analysts on the team by contributing integrations, implementations and reviews with our security systems. They setup, configure, and use these solutions to identify threats and vulnerabilities within our networks and applications then cross coordinate with other departments to ensure timely remediation. The Security Engineer reports to the Director, Head of Information Security and Compliance while supporting the Security Risk Manager with auditable evidence of control effectiveness.

Responsibilities

You will perform the following responsibilities alongside other members of the information security team:

  • Engineer data feeds, rules, and tuning for the system information and event manager (SIEM);

  • Triage security operations center (SOC) alerts as the Level II/III escalation support;

  • Triage secrets scanning, static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools;

  • Triage cloud security posture management (CSPM), infrastructure as code (IaC) security scanning, and attack surface violations;

  • Identify patch management gaps using our vulnerability management software and collaborate with IT and Engineering teams on resolutions;

  • Perform internal security testing, assessments, and triaging of alerts from security tooling;

  • Conduct secure code reviews, secure design reviews, and threat modeling activities;

  • Support GRC activities through control evidence collection;

  • Contribute to operational support activities for all security capabilities. This includes preparing self service operational support documentation for developers and project teams, responding to internal support chat groups;

  • Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles;

  • Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.

Requirements

  • Ability to automate or develop basic tasks in at least one programming language such as: Java, JavaScript, Python

  • Professional certifications such as WAPT, PPT, OSCP, etc and/or computer science degree;

  • 1+ years security engineer experience or 2+ years as a Security Analyst or equivalent;

  • Experience working with cloud technologies such as: AWS, GCP, Azure, Docker/Kubernetes.

#LI-Remote

Benefits in our US offices:

  • Discretionary Time Off Policy (Unlimited!)
  • 401K Match
  • Stock Options
  • Annual Performance Bonus or Commissions
  • Paid Parental Leave (12 weeks)
  • On-Demand Therapy for all employees & their dependents
  • Dedicated learning budget through Learnerbly
  • Health Insurance
  • Dental Insurance
  • Vision Insurance
  • Flexible Spending Account (FSA)
  • Short Term and Long Term Disability Insurance
  • Life Insurance
  • Company Social Events
  • Signifyd Swag

We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

Signifyd provides a base salary, bonus, equity and benefits to all its employees. Our posted job may span more than one career level, and offered level and salary will be determined by the applicant’s specific experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.

USA Base Salary Pay Range
$90,000$135,000 USD

See more jobs at Signifyd

Apply for this job

+30d

System Security Engineer (EMEA)

FortanixNetherlands, Remote
agile

Fortanix is hiring a Remote System Security Engineer (EMEA)

About Fortanix:  

In today's world, where data spreads across various clouds and devices, traditional security measures aren't enough. Businesses need a dynamic approach to defend against constant cyber threats and ensure agile data security. Fortanix leads the way in data-centric cybersecurity for hybrid multicloud environments, using advanced cryptography, encryption, and confidential AI solutions.  

As data breaches become more frequent and traditional defenses fall short, we focus on data exposure management to keep your information safe. Our unified data security platform addresses vulnerabilities in hybrid multicloud environments, defends against threats, and makes it easier to discover, assess, and fix data exposure risks. Whether implementing a Zero Trust model or preparing for the post-quantum computing era, we help businesses worldwide protect their most sensitive data, wherever it is. 

Our commitment to solving the world’s toughest data security challenges has earned Fortanix multiple Cybersecurity Excellence and Innovation Awards, as well as recognition from industry giants such as Microsoft, Intel, ServiceNow, and Snowflake. 

Our team includes industry leaders and cryptography experts, creating a culture of trust, innovation and collaboration where every voice is valued. Recognized as a Great Place to Work, we're looking for passionate individuals to help us shape the future of data security and work towards a safer digital future. 

We are looking for a Systems Security Engineerto join our team.

The ideal candidate will be a technical leader who can provide strategic direction and hands-on expertise in developing tools and SDKs for our confidential computing platforms. This role requires a deep understanding of security, software development, computer architecture & operating systems. 

 

What you’ll do (Duties and Responsibilities):  

  • Work on computer architecture & organization & computer systems
  • Support software development on Confidential Computing platforms
  • Enable remote attestation using low-level platform primitives
  • Develop tools and SDKs for confidential computing platforms. 
  • Develop, and implement high-quality software solutions that meet security and performance standards. 
  • Stay current with emerging technologies and industry trends in security. 
  • Participate in code reviews to ensure best practices in software development, and maintain high standards of code quality.

 

What you’ll need (Basic Qualifications) 

  • Experience in computer architecture & operating systems 
  • 1+ years of hands-on experience with C/C++, Rust, and x86 or ARM assembly, and some other high level language 
  • Degree in Computer Security or Computer Systems, or equivalent experience  
  • Problem-solving skills and the ability to think critically and creatively. 

 

Preferred Technical And Professional Expertise  

  • Professional experience in secure enclave technology (e.g., Intel SGX, AMD SEV-SNP, Intel TDX, etc.) 
  • Knowledge of software development tools and methodologies, including CI/CD, Agile, and DevOps.  
  • Understanding of computer architecture & organization (CPU context, virtual memory, VT-x, SVM, etc.) & computer systems (VirtIO, synchronization, filesystems, etc.)
  • Experience with the following technologies:
    • Rust
    • Linux container images
    • Cloud offerings
    • Platform security enhancements
  • We offer a competitive salary and equity package
  • Quarterly recharge days 
  • 40 hours of Volunteer Time Off/year
  • The opportunity to redefine cloud computing in a friendly, collaborative work environment.  

Fortanix is an equal opportunity employer that celebrates diversity and is committed to creating an inclusive workplace with equal opportunity for all applicants and teammates. Our goal is to recruit the most talented people from a diverse candidate pool regardless of race, color, religion, age, gender, gender identity, sexual orientation or any other status. If you’re interested in working in a fast growing, exciting working environment – we encourage you to apply! 

See more jobs at Fortanix

Apply for this job

+30d

Lead Security Engineer

RoktSydney,New South Wales,Australia, Remote Hybrid
Designkubernetes

Rokt is hiring a Remote Lead Security Engineer

We are Rokt, a hyper-growth ecommerce leader. We enable companies to unlock value by making each transaction relevant at the moment that matters most, when customers are buying. Together, Rokt's AI-based relevance Platform and scaled ecommerce Network powers billions of transactions. In December 2022, Rokt’s valuation increased to $2.4 billion USD, allowing us to expand rapidly across 15 countries. 


The Rokt engineering team builds best-in-class ecommerce technology that provides personalized and relevant experiences for customers globally and empowers marketers with sophisticated, AI-driven tooling to better understand consumers. Our bespoke platform handles millions of transactions per day and considers billions of data points which give engineers the opportunity to build technology at scale, collaborate across teams and gain exposure to a wide range of technology.

At Rokt, we practice transparency in career paths and compensation.

At Rokt, we believe in transparency, which is why we have a well-defined career ladder with transparent compensation and clear career paths based on competency and ability. Rokt’stars constantly strive to raise the bar, pushing the envelope of what is possible.

We are looking for a Senior Machine Learning Engineer

Compensation:$190,000-$235,000 including superannuation, plus employee equity plan grant & world class benefits.

As a Lead Security Engineer, you are someone has some experience leading a team at a fast-past startup or in a recognised cybersecurity consulting firm, leading delivery of Cloud-first products or have been involved in the re-architecture of existing Cloud infrastructure towards Cloud-native design patterns that are horizontally scalable with always-up guarantees.

You'll be able to drive design decisions to establish a ‘paved road’ for the business to be able to deliver software and services using secure-by-default and secure-by-design patterns where security is automatically baked in, with a vision for what a highly secure Kubernetes environment and modern SSDLC process should like and are excited to get an opportunity to have the autonomy and remit to take charge and help drive change at Rokt to deliver on that vision.

About the Role:

  • Lead the existing Security Engineering team in Sydney, whom are focused on Cloud, Data, Network, and Application security
  • Assist in the design and delivery of a secure-by-default and secure-by-design core operating environment based on ‘Zero Trust’ principles
  • Assist in the design and delivery of a standardized SDLC process with automated CI/CD pipelines to provide security assurance and address supply chain risks throughout the development lifecycle
  • Develop security standards, guidelines and architectural patterns that facilitate rapid deployment of new applications and services while maintaining security best practices.
  • Define a comprehensive Cloud security strategy and change management process, ensuring all infrastructure, configuration, applications and policies are managed ‘as code’ and pass necessary security gates.
  • Ensure all data stored in the Cloud is discovered and appropriately governed and protected in accordance with compliance requirements and business goals..

About You:

  • 8+ years in security engineering, and 3+ years as a hands on team lead or manager.
  • Navigated large scale and multi-Cloud environments, in active-active configurations with an expectation of zero downtime, using either or both AWS & GCP, with strong expertise in Kubernetes and familiarity with CNCF projects (Istio/Envoy, Cillium, OPA, Tetragon, …)
  • Good understanding of security technologies, including network security, cryptography, workload identity and authorization, secure coding practices, cloud security, and more. Stay updated on the latest security threats and mitigation techniques.
  • Some software engineering background including coding patterns and foundational algorithms
  • Experience maturing a software delivery pipeline using modern supply chain best practices and technologies, including immutable builds, hermetic builds, SLSA, OpenSSF, SBOM, CBOM, code signing, etc.

About Rokt’stars:

As a mission-driven, hyper-growth community of curious explorers, our ambition is to unlock the full potential in ecommerce and beyond. Our bias for action means we are not afraid to quickly venture into uncharted territories, take risks or challenge the status quo; in doing so we either win or learn. We work together as one aligned team never letting egos get in the way of brilliant ideas. We value diversity, transparency and smart humble people who enjoy building a disruptive business together. We pride ourselves on being a force for good as we make the world better. 

About The Benefits:

We leverage best-in-class technology and market-leading innovation in AI and ML, with all of that being underlined by building and maintaining a fantastic and inclusive culture where people can be their authentic selves, and offering a great list of perks and benefits to go with it:

  • Accelerate your career. We offer roadmaps to leadership and an annual $5000 training allowance
  • Become a shareholder. Every Rokt’star gets equity in the company
  • Enjoy catered lunch every day and healthy snacks in the office. Plus join the gym on us! 
  • Extra leave (bonus annual leave, sabbatical leave etc.) 
  • Work with the greatest talent in town
  • See the world! We have offices in New York, Seattle, Sydney, Tokyo and London

We believe we’re better together. We love spending time together and are in the office most days (teams are in the office 4 days per week). We also get that you need to balance your life and your commitments so you have the flexibility to manage your own hours and can spend up to a week of every quarter working from anywhere.

If this sounds like a role you’d enjoy, apply here and you’ll hear from our recruiting team.

See more jobs at Rokt

Apply for this job

+30d

Senior Security Engineer

Clover HealthRemote - Canada
remote-firstDesignpython

Clover Health is hiring a Remote Senior Security Engineer

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about helping each other's growth.

As a Senior Security Engineer, you will forge and nurture trusted relationships with internal technology teams (Software Engineering, SRE, DS/ML, Product) and external customers (e.g., payers, accountable care organizations, integrated delivery networks). You will partner closely with the entire technology organization to architect, design, implement, and maintain system security and controls. This role will be an expert who understands the needs of software development, technical system design, and data/information security.

As a Senior Security Engineer, you will:

  • Implement, operationalize and monitor security applications such as EDR, DLP, Vulnerability Management, and CSPM systems.
  • Serve as a SME for security related code and technical design reviews.
  • Identify and collaborate with engineering and SRE to resolve areas of security vulnerability in our software, systems and infrastructure.
  • Serve as security point-of-contact for audit/certification programs such as HITRUST, SOC 2, and HIPAA
  • Assess and improve systems for compliance with security requirements, policies, guidelines and standards (see above)
  • Interface with external customers on CA security reviews and assessments
  • Monitor and regularly review our system for intrusions, threats, and anomalies
  • Work to improve our general security posture and processes ranging from secure development practices to SecDevOps
  • Contribute to the planning, definition and implementation of new security solutions or related development

You will love this job if:

  • You are passionate about transforming healthcare delivery through new technologies and want to make an impact.
  • You have a bias toward action and seek to intervene before issues arise.
  • You are comfortable navigating ambiguity and working in an evolving environment.
  • You are a problem solver and a team player. You love working within teams and helping them work more efficiently.
  • You are a strong communicator and able to influence behaviors to help drive desired outcomes.
  • You are empathetic and seek to build enduring relationships with our customers and users.
  • You are analytical and use data to drive actions and evaluate outcomes.

You should get in touch if:

  • Experience investigating, and triaging incidents.
  • Strong understanding of at least one of the following technologies: Python, JavaScript/TypeScript, Shell Scripting (You will be tested on one).
  • You are comfortable with conducting code reviews for security vulnerabilities on a frequent basis.
  • You have assessed the security of APIs and systems by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
  • You have excellent written and verbal communication skills and are able to craft clear and comprehensive reports and research to present to engineering and other stakeholders.
  • You stay up-to-date with latest research on threats, attack vectors, and security trends and are keen to apply them to our environment
  • You demonstrate influence and are able to lead/mentor internal teams and customers toward shared goals and objectives.

Benefits Overview:

  • Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program and regular compensation reviews to recognize and reward exceptional contributions.
  • Physical Well-Being: We prioritize the health and well-being of our employees and their families by offering comprehensive group medical coverage that include coverage for hospitalization, outpatient care, optical services, and dental benefits.
  • Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, company holidays, access to mental health resources, and a generous annual leave policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
  • Professional Development: We are committed to developing our talent professionally. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

  • Reimbursement for office setup expenses
  • Flexibility to work from home or from our office, enabling collaboration with global teams
  • Paid parental leave for all new parents
  • And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.


#LI-REMOTE

See more jobs at Clover Health

Apply for this job

Lampenwelt GmbH is hiring a Remote IT Security Engineer (f/m/d)

Stellenbeschreibung

Wir suchen einen engagierten IT Security Engineer (f/m/d), der unsere Sicherheitsarchitektur mit Leidenschaft stärkt. In deiner Rolle als Experte für IT Security spielst du eine zentrale Rolle bei der Identifizierung, Analyse und Minderung von Sicherheitsrisiken. Du arbeitest Hand in Hand mit verschiedenen Teams, um unsere Sicherheitsstrategien, überwiegend in Projekten, weiterzuentwickeln, zu implementieren und kontinuierlich zu verbessern und bist Sparringspartner in der täglichen Analyse von Security Alerts. 

Gelegentliche Vor-Ort-Einsätze sind erforderlich, ansonsten ist auch Remote-Arbeit möglich. 

 

Wo deine Skills gefragt sind

  • Weiterentwicklung, Implementierung und Überwachung von Security Policies, um die Einhaltung von Standards und Best Practices sicherzustellen 
  • Administration und Beratung hinsichtlich unserer Security Infrastruktur, inklusive IAM, Cloud-, Endpoint- und Network Security
  • Durchführung von Security Assessments, inklusive Risiko-, Schwachstellen- und Compliance-Management
  • Proaktives Incident Management, von der schnellen Reaktion auf Sicherheitsvorfälle bis hin zum Business Continuity Management
  • Förderung der Sicherheitskultur durch Unterstützung bei der Durchführung regelmäßiger Security Awareness Trainings und Penetrationstests sowie Sicherheitsscans
  • Stetige Weiterentwicklung und Verfeinerung der Shared LUQOM IT-Services mit Fokus auf IT Security

Qualifikationen

Lampenwelt ist der richtige Ort für dich, wenn du Veränderungen als Chance begreifst und neugierig auf das Unbekannte bist. Wenn du dich jeden Tag aufs Neue herausforderst, um die beste Lösung zu finden. Hier wird dir Verantwortung übertragen, damit du deine Ideen nicht nur einbringen, sondern auch selbst umsetzen kannst. Bei Lampenwelt gehen wir jeden Tag ein Stück weiter, handeln schnell, sind offen und setzen auf eine direkte und lösungsorientierte Kommunikation auf allen Ebenen. 

Was dir helfen wird, zukünftige Herausforderungen zu meistern 

  • Tiefgehendes Verständnis für IT-Sicherheitskonzepte und -technologien
  • Fundiertes Wissen über Netzwerktechnologien, Cloud- & On-Prem Security Lösungen, End Point Protection, Betriebssystemen und SIEM
  • Kenntnisse im Umfeld von Microsoft Defender von Vorteil, insbesondere im Bereich Defender for Endpoint, Cloud sowie Identity
  • Starkes Interesse an neuen Technologien und fortlaufender persönlicher sowie beruflicher Weiterentwicklung
  • Eigeninitiative und Teamgeist bei der Durchführung von IT-Projekten
  • Analytische, konzeptionelle, strukturierte und eigenständige Arbeitsweise
  • Ausgeprägte Teamfähigkeit, Kommunikationsstärke und Engagement
  • Abgeschlossene Ausbildung im IT-Bereich oder ein Studium in Wirtschaftsinformatik, Informatik oder einem verwandten Feld
  • Sehr gute Deutsch- und Englischkenntnisse in Wort und Schrift

See more jobs at Lampenwelt GmbH

Apply for this job