What you’ll do

In a few words…

Abarca is igniting a revolution in healthcare.  We built our company on the belief that with smarter technology we are redefining pharmacy benefits, but this is just the beginning…

Our Infrastructure Operations team is critical for success at Abarca Health. They handle the days in and days out of the entire architecture of our systems from data processing to server updates and stability. The Information Security team's focus is to monitor, detect, investigate and respond to events that could lead to incidents. They are involved in planning and implementing preventative security measures and oversee the security operations, which includes protecting IT infrastructure, networks, data, edge devices and identify any exploitation, whether accidental or intentional.

The Security Engineer is a key member of the security team, which is instrumental in ensuring the security of our cloud infrastructure and protection of our sensitive data: PHI & PII data, per our information security policy. In this role, you shall help identify security gaps and drive remediation activities to close those gaps. You’ll play an integral role in defining and assessing the organization's security strategy, architecture, and practices as well as contributes to maturing the company's infrastructure security architecture and technology frameworks.

The fundamentals for the job…

• Drive security related initiatives including but not limited to the creation and maintenance of security policies, implementation of security procedures and controls, and monitoring in conformance to the policy.
• Deploy and manage applications to monitor cloud infrastructure security and intrusions.
• Perform initial incident triage, determine scope, urgency, and potential impact of security incidents.
• Provide guidance external auditors on compliance and to Engineering teams on security measures.
• Perform security gap assessments and implement remediations.
• Run periodic infrastructure vulnerability scans and pen testing and work with engineering teams on identified vulnerabilities for resolution.
• Collaborate with network and infrastructure teams on securing and best practices for all our Azure, IBM Cloud, and on premises environments, as well as OS hardening, access logging, and patching.
• Own the overall cloud infrastructure security program including driving incident response and resolution and adjust procedures as applicable.
• Monitor industry security updates, changes, technologies, emerging threats, and best practices for continuous improvement.

What we expect of you 

The bold requirements…

• Bachelors Degree or Master’s Degree in Computer Science, Information Security, or a related area. (In lieu of a degree, equivalent relevant experience may be considered.)
• 3+ years of experience in Infrastructure and Information Security.
• 3+ years working on Azure or AWS running multiple production workloads.
• Experience with OS hardening techniques for Windows environments.
• Experience with access logging, centralized logging, and monitoring/alerting of security log events.
• Experience with applications for monitoring infrastructure security and detecting intrusions.
• Experience designing and implementing access control models for privileged access in fast-paced cloud environments.
• Experience with incident response, threat modeling, and mitigation, as well as common information security management frameworks such as ISO27001.
• Experience with Azure security best practices and security controls using Azure services (AWS experience will be considered).
• Experience with common internet protocols such as DNS, DHCP, SMTP, LDAP, etc.
• Excellent oral and written communication skills.
• We are proud to offer a flexible hybrid work model which will require certain on-site work days (Puerto Rico Location Only)

Nice to haves…

• Security-related certification such as CISSP, CCSP, CEH, CISM, etc.
• Experience with HCI technology.
• Experience with OS hardening techniques for Linux.

Physical requirements…

• Must be able to access and navigate each department at the organization’s facilities.
• Sedentary work that primarily involves sitting/standing.

At Abarca we value and celebrate diversity. Diversity, equity, inclusion, and belonging are guiding principles of Abarca and ensure Abarca’s workforce reflects the communities it serves.  We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify.  “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”

The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

#LI-MH1 #LI-REMOTE

About the role:

The Senior Security Engineer - Enterprise Security is responsible for building, operating, and maintaining Samsara’s core security infrastructure. Reporting to the Manager of Enterprise Security, you will collaborate with a global team of engineers to build a world-class security engineering program utilizing modern principles across corporate and product infrastructure.

You take security seriously and strive to build low-friction solutions developed in close partnership with others. You are passionate about building automation and helping to drive insights around potentially malicious activity within production environments. You will use your familiarity with a diverse set of technologies and practices to build a leading program in our industry.

You should apply if:

• You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
• You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment.
• You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
• You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best. 

Click hereto learn more about Samsara's cultural philosophy. 

In this role, you will: 

• Contribute to the development, deployment, and management of Samsara’s enterprise security program, including endpoint detection and response, vulnerability management, device trust, and SaaS posture management.
• Be responsible for one or more key security systems or processes, working directly with stakeholders and vendors to ensure seamless integration and operation.
• Write documentation and runbooks around key enterprise security needs.
• Collaborate with Security Operations to provide subject matter expertise around security investigations and incident management.
• Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices

Minimum requirements for the role:

• Significant (4+ years) experience working in enterprise security in the technology sector with demonstrated impact and career progression
• Deep subject matter expertise within enterprise security, such as extensive experience managing endpoint security toolsets, device trust efforts, email security tooling, secure access service edge delivery, or SaaS posture and security
• Proven history of planning and delivering high-impact, complex projects with clarity and independence
• Willingness to collaborate and mentor more junior team members and cross-functional partners, including via documentation writing, code pairing, and other activities.

An ideal candidate also has:

• Experience building out security programs using modern SaaS platforms such as Zscaler, Crowdstrike, Wiz, Splunk, and other tools.
• Experience with securing common SaaS productivity tools such as Google Workspace, Slack, and Atlassian products in an enterprise environment.

As a Staff Security Engineer on our Detection and Response team, you will help detect and respond to threats for one of the biggest online platforms in the world that handles massive amounts of traffic at very low latency.

We are looking for a teammate with expertise in both security engineering and operations and that values the complement between the two. You will have the opportunity to build and integrate tooling and detections, as well as investigate threats and lead incidents. As part of the larger Security organization, we make risk-informed decisions and prioritize automations to help us scale. As the lead engineer on our team, you will design, build, and mature our detection and response program, enabling rapid detection and effective response to threats against Fastly. You will lead large, complex, cross-team projects and mentor other security engineers on our growing team. 

What You'll Do:

• Lead the design and implementation of a robust Detection Engineering program
• Develop detections and other analytics to identify threats across cloud, corporate, and edge environments
• Partner closely with Engineering, Security Architecture, Risk Management, Compliance, and other teams to prioritize detections and delivery of other security initiatives
• Triage and investigate security threats and lead security incidents
• Research, evaluate, implement, and maintain a variety of custom and commercial security tools, such as Endpoint Detection and Response (EDR), anti-phishing, and Security Information and Event Monitoring (SIEM)
• Develop strategies, frameworks, designs, automations, metrics, and processes to support the maturity of the Detection and Response program
• Develop and maintain incident response playbooks and other detection and response documentation
• Conduct threat hunts to discover unknown malicious activity across our environment
• Participate in our on-call rotations
• Mentor other team members and contribute to larger Security initiatives

What We're Looking For: 

At Fastly we value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess most of the following and an interest in learning more about the rest:

• Expertise in utilizing Splunk to include investigating threats, developing metrics and dashboards, normalizing data feeds, and integrating with other tools
• Strong understanding of attacker tactics, techniques, and procedures (TTPs) and investigating advanced threats
• Experience in implementing “Detection as Code”
• Experience in securing, developing detections, and responding to incidents in one major public cloud infrastructure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP)
• Experience in effectively leading large and complex security incidents from detection to remediation
• Familiarity with modern security frameworks and best practices, such as the MITRE ATT&CK framework and NIST CSF
• Proficiency in one or more general purpose programming languages such as Python, Ruby, Go, or Rust
• Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation

We’ll be super impressed if you have experience in any of these: 

• Built a Detection Engineering pipeline
• Built and led threat hunts
• Published research on detection engineering or threat intelligence
• Developed automations to improve security operations
• Familiarity with content delivery networks (CDN), edge cloud platforms, or other Fastly products and services

Work Hours:

• This position will require you to be available during core business hours. 

Work Locations & Travel Requirements: 

This position is open to both hybrid and remote. 

The preferred locations for this position are:

• San Francisco, CA
• Los Angeles, CA
• Denver, CO
• New York City, NY 

Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home.  

We are willing to consider remote candidates in US (Remote).

This position may require travel as required by your role or requested by your manager.

Salary: 

The estimated salary range for this position is $167,790 to $209,740.

Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.

This role may be eligible to participate in Fastly’s equity and discretionary bonus programs.

Benefits: 

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings? 

We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a non-accrual vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2024, we offer 10 paid local holidays, 11 paid company wellness days. 

At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code. By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative. It’s the web, made better. 

We’re looking for a Senior Enterprise Security Engineer on Webflow's new Security and Compliance team, you will work with the Director of Product Security to help us meet current and future product security needs.

About the role 

• Location: Remote-first (United States; BC & ON, Canada) 
• Full-time 
• Permanent
• Exempt 
• The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
  • United States  (all figures cited below in USD and pertain to workers in the United States)
    • Zone A: $162,500 - $216,050
    • Zone B: $152,700 - $203,100
    • Zone C: $143,00 - $190,150 
  • Canada  (All figures cited below in CAD and pertain to workers in ON & BC, Canada)
    • CAD 184,600 - CAD 245,500

• Please visit our Careers page for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

• Reporting to the Director of Security 

As a Senior Enterprise Security Engineer you’ll … 

• Collaborate primarily with the Information Technology (IT), Facilities, and People teams
• You will be working to secure:
• endpoints
• corporate SaaS and internal tooling
• corporate offices
• Improve security related processes and procedures
• Work to establish or improve security standards while balancing business strategies and requirements.
• Support Webflow’s security current and future security frameworks such as SOC2
• Participate in incident response and forensics
• Support 3rd party risk

In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

About you 

You’ll thrive as a Senior Enterprise Security Engineer if you:

• First and foremost, are a technologist, and have a broad fundamental understanding of the technology space with solid background in current IT trends and tooling.
• Have 3+ years of experience evaluating and securing corporate IT environments with an eye to improve security design, continuous commitment to risk reduction and sustainable security.
• Have experience securing MacOS endpoints, and working with tools such as Jamf and Crowdstrike
• Have experience with IAM & IDP systems such as Okta
• Have experience with incident response, and conducting endpoint forensics
• Have a solid understanding of the corporate threat landscape, and intrusion patterns, and the itch to investigate for potential security issues
• Have experience evaluating and securing corporate network environments
• Love to share knowledge, and the gift of explaining complex security concepts with your colleagues.
• Have an understanding of IT processes, and HR operations, tools and procedures
• Have experience automating security processes and procedures
• Are passionate about security in general, and always hungry to learn
• Have experience working with a security framework such as SOC2 or ISO 2700

Our Core Behaviors:

• Obsess over customer experience.We deeply understandwhatwe’re building andwhowe’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers.
• Move with heartfelt urgency.We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment.
• Say the hard thing with care.Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care.
• Make your mark.We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as ateamto get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

Benefits & wellness

• Equity ownership (RSUs) in a growing, privately-owned company
• 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (full-time employees working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent care Flexible Spending Account (US only), dependent on insurance plan selection where applicable in the respective country of employment; Employees may also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness where applicable in the respective country of employment
• 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave (where local requirements are more generous employees receive the greater benefit); Employees also have access to family planning care and reimbursement
• Flexible PTO with a mandatory annual minimum of 10 days paid time off for all locations (where local requirements are more generous employees receive the greater benefit), and sabbatical program
• Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
• Monthly stipends to support health and wellness, smart work, and professional growth
• Professional career coaching, internal learning & development programs
• 401k plan and pension schemes (in countries where statutorily required) financial wellness benefits, like CPA or financial advisor coverage
• Discounted Pet Insurance offering (US only)
• Commuter benefits for in-office employees

Be you, with us

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

For information about how Webflow processes your personal information, please reviewWebflow’s Applicant Privacy Notice. 

Title:Sr. Security Engineer                                        

Location:Remote - US ONLY

About inMarket

Since 2010, InMarket has been the leader in 360-degree consumer intelligence and real-time activation for thousands of today’s top brands. Through InMarket's data-driven marketing platform, brands can build targeted audiences, activate media in real time, and measure success in driving return on ad spend. InMarket's proprietary Moments offering outperforms traditional mobile advertising by 6x.* Our LCI attribution platform, which won the MarTech Breakthrough Award for Best Advertising Measurement Platform, was validated by Forrester to drive an average of $40 ROAS for our clients.
*Source: Wordstream US Google Display Benchmarks for Mobile Media

About the Role

Join the team responsible for protecting our customers, our data, and our company from malicious actors at all levels. We are an outcomes focused team, focused on enabling our internal customers for success by providing them with clear guidance and strong security controls. We're looking for an exceptional engineer to join the team at the center of security and safety here at InMarket.

Your Daily Impact as a Sr. Security Engineer
In this role you will be responsible for working with great depth and breadth to build safeguards, detections, and controls to protect InMarkets vast amounts of data. Here you’ll truly be at the front lines taking on meaningful work to defend our company and our peers.

You will be working and communicating closely with many technical teams to develop context and foresight into what our true risks are, and work towards holistic longlasting remediation with guidance and real world solutions. Our goal is to create a cohesive balance between risk, operational effectiveness, and compliance.

The ideal candidate for this team is someone who is a strong, interested, well rounded engineer with a passion for security as well as a natural collaborator who can understand business needs and develop security solutions that empathize with people's experiences.

Your Experience and Expertise

• BS in computer science / cybersecurity, or equivalent experience
• 5+ years of experience in engineering, information security operations or related IT operations
• Strong experience in Linux administration
• Strong development & scripting experience. (Javascript / Ruby, Python preferred)
• Strong experience in AWS, GCP, or both
• Good networking fundamentals

Nice to Haves 

• Ability to provide a sample portfolio or work examples is highly preferred
• Varied security engineering experience with a specialty in one or more areas of security such as: (Cloud Security, Vulnerability Management, Application Security, Penetration Testing / Offsec, DevSecOps, Third Party / SaaS Security, Identity and Access Management, Incident Response)
• Experience performing security / architecture / code reviews
• Hackthebox, CTF, or Hackathon experience
• Good hands-on background in building tooling using many security products
• Terraform / IaC experience
• Kubernetes / Container experience
• Controls and Standards knowledge (SOC2, NIST CSF, 800-53, CIS)
• SOC2 audit experience
• Familiar with Security Reference Architectures and actual best practices
• Experience building out security tooling from common vendors
• Active member or speaker in the security / technology community
• Ability to work and multitask under high pressure situations
• Excellent written and verbal communication skills. Ability to communicate highly complex security concepts to both technical and non-technical audiences

Finally, here are a few more reasons why we love this work and think that you will too:

• This is a diverse role with unparalleled visibility where you’ll be able to learn new tech daily.
• You will have the opportunity to shape the security function with the support and autonomy to actually do it.
• Great support from executive leadership who understand the true value in security and genuinely back the mission.

Benefits Summary

• Competitive salary, stock options, flexible vacation
• Medical, dental and Flexible Spending Account (FSA)
• Company Matched 401(k)
• Unlimited PTO (Within reason)
• Talented co-workers and management
• Agile Development Program (For continued learning/professional development)
• Generous Paid Parental Leave

For candidates in California, Colorado, and New York City, the Targeted Base Salary Range for this role is $130,000 to $175,000. 

Actual salaries will vary depending on factors including but not limited to work experience, specialized skills and training, performance in role, business needs, and job requirements. Base salary is subject to change and may be modified in the future. Base salary is just one component of InMarket’s total rewards package that also may include bonus, equity, and benefits.  Ask your recruiter for more information!

At InMarket we are committed to a culture that supports diversity, inclusion, belonging and equal opportunity. We celebrate all people and believe everyone deserves respect regardless of race, gender, sexual orientation, backgrounds, experiences, abilities or beliefs.

InMarket is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, or veteran status.

Privacy Notice for California Job Applicants: https://inmarket.com/ca-notice-for-job-applicants/

#LI-Remote

Lead Security Engineer

US Remote

Who we are

Are you passionate about innovating at the intersection of technology and personal security? At Pindrop, we recognize that the human voice is a unique personal identifier, increasingly susceptible to sophisticated fraud, including the threat of deepfakes. We're leading the way in developing cutting-edge authentication, fraud prevention, and deepfake detection. Our mission is to provide seamless and secure digital experiences, safeguarding the most personal aspect of our identity: our voice. Here, you'll be part of a team driven by values of Innovation, Customer Advocacy, Excellence, and Impact. We're not just creating a safer digital landscape by fortifying trust and integrity with those we serve, we’re also building a dynamic, supportive workplace where your contributions make a real difference.

Headquartered in Atlanta, GA, Pindrop is backed by world-class investors such as Andreessen-Horowitz, IVP, and CapitalG.

What you’ll do 

• Lead and examine and secure systems, network, infrastructure and applications to assess and improve the current on premises and cloud security posture.
• Lead administration, management and incident response of security tools and technologies such as EDR (Endpoint Detection & Response), SIEM (Security Information & Event Management), DLP (Data Loss Prevention), Vulnerability Management, Firewalls, WAF (Web Application Firewalls)
• Support daily security operations (SecOps) functions such as configuring, monitoring and responding to security alerts. Assist with Incident Response, and investigations.
• Build automation for security tools and SecOps functions such as compliance checks, alerts and reporting.
• Lead security analysis, review and deployment of solutions (systems, network, infrastructure and applications) to protect Pindrop assets in the cloud and our data centers.
• Lead technical security assessments, security reviews, code audits and offensive security exercises to test security controls and detection capabilities
• Be aware of Information security standards such as ISO27001, SOC2, PCI and support internal and third party audits.
• Provide thought leadership and technical direction based on security news, research, threats, attack vectors, technologies, certifications, laws and regulations and report on anything that could impact the company. 
• Collaborate with stakeholders, provide security guidance and support and develop dashboards, reports, and alerts to meet their cybersecurity operational information requirements.    

Who you are

• You are an engineer at heart with strong problem-solving, analytical, communication and interpersonal skills and who has knowledge or experience in several areas such as - defending against and/or mitigating system vulnerabilities (including enterprise level concerns, infrastructure, and host/endpoint), intrusion detection and incident response, network traffic analysis, scripting languages, software reverse engineering, network security devices (e.g., firewalls, intrusion and detection systems), cloud and compliance frameworks.
• You continuously look for automation and programmatic efficiencies in security processes
• You have excellent written and verbal communication skills and can communicate technical details in a clear, concise, understandable manner
• You work independently and as part of a team with minimal supervision
• You are resilient in the face of challenges, change, and ambiguity
• You are optimistic and believe that you can make a problem into a solution
• You are resourceful, excited to uncover innovative solutions and teach yourself something new when needed
• You take accountability, do the things you say you’ll do, under-promise and over-deliver
• You are nimble and adaptable when priorities change and continue to see the “forest through the trees” 

Your skill-set: 

• At least 7 years of experience with administering and managing security technologies and tools such as EDR, SIEM, Vulnerability Management, SAST and DAST, Data Loss Prevention and File Integrity Monitoring tools.
• At least 5 years of experience with Security Operations (SecOps), incident response, security investigations.
• At Least 1 year of experience with a scripting or programming language: python, golang, ruby, bash, Java.
• Strong understanding of  Networks, Cloud, Containers, API, Application Security, SDLC, Web security, Docker, and Kubernetes
• Fundamental understanding of accepted security practices, known attack vectors and vulnerability assessment methodologies
• Nice to have:

• • Prior experience as a software developer
  • Prior architectural experience
  • Knowledge of common information security standards, such as ISO 27001/27002, NIST, CIS, PCI DSS, ITIL, and COBIT.

What’s in it for you:

As a Pindropper, you join a rapidly growing company making technology more human with the power of voice. You will work alongside some of the best and brightest). We’re a passionate group committed to excellence - but that doesn’t stop us from enjoying the journey as a team with chess and poker tournaments, catered lunches and happy hours, wellness programming, and more. Because we take our jobs seriously, we add in time for rest with Unlimited PTO, Focus Thursday, and Company-wide Rest Days. 

Within 30 days you’ll

• Complete onboarding and attend New Employee Orientation sessions with other new Pindroppers
• Learning about Pindrop culture, values and teams
• Building relationships with key stakeholders and the team

Within 60 days you’ll

• Learning existing processes, tools and techniques
• Learning SecOps best practices based on industry guidelines and comparing with current practices

Within 90 days you’ll

• Defining SecOps best practices based on industry guidelines and planning to improve with current practices
• Design and architect new security deployments and solutions.
• Teach us something new

What we offer

As a part of Pindrop, you’ll have a direct impact on our growing list of products and the future of security in the voice-driven economy. We hire great people and take care of them. Here’s a snapshot of the benefits we offer:

• Competitive compensation, including equity for all employees
• Unlimited Paid Time Off (PTO)
• 4 company-wide rest days in 2024 where the entire company rests and recharges!
• Generous health and welfare plans to choose from - including one employer-paid “employee-only” plan!
• Best-in-class Health Savings Account (HSA) employer contribution
• Affordable vision and dental plans for you and your family
• Employer-provided life and disability coverage with additional supplemental options
• Paid Parental Leave - Equal for all parents, including birth, adoptive & foster parents
• One year of diaper delivery for your newest addition to the family! It’s our way of welcoming new Pindroplets to the family!
• Identity protection through Norton LifeLock
• Remote-first culture with opportunities for in-person team events
• New hire and recurring monthly home office allowance
• When we need a break, we keep it fun with happy hours, ping pong and foosball, drinks and snacks, and monthly massages!
• Remote and in-person team activities (think cheese tastings, chess tournaments, talent shows, murder mysteries, and more!)
• Company holidays
• Annual professional development and learning benefit
• Pick your own Apple MacBook Pro
• Retirement plan with competitive 401(k) match
• Wellness Program including Employee Assistance Program, 24/7 Telemedicine

What we live by

At Pindrop, our Core Values are fundamental beliefs at the center of all we do. They are our guiding principles that dictate our actions and behaviors. Our Values are deeply embedded into our culture in big and small ways and even help us decide right from wrong when the path forward is unclear. At Pindrop, we believe in taking accountability to make decisions and act in a way that reflects who we are. We truly believe making decisions and acting with our Core Values in mind will help us to achieve our goals and keep Pindrop a great place to work:    

• Audaciously Innovate - We continue to change the world, and the way people safely engage and interact with technology. As first principle thinkers, we challenge standards, take risks and learn from our mistakes in order to make positive change and continuous improvement. We believe nothing is impossible.
• Evangelical Customers for Life - We delight, inspire and empower customers from day one and for life. We create a partnership and experience that results in a shared passion.   We are champions for our customers, and our customers become our champions, creating a universal commitment to one another. 
• Execution Excellence - We do what we say and say what we do. We are accountable for making the tough decisions and necessary tradeoffs to deliver quality and effective solutions on time.
• Win as a Company - Every time we win, we win as a company. Every time we lose, we lose as a company. We break down silos, support one another, embrace diversity and celebrate our successes. We are better together. 
• Make a Difference - Every day we have the opportunity to make a positive impact. We operate with dedication, passion, and uncompromising integrity, creating a safer, more secure world.

Not sure if this is you?

We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you’re not sure if you qualify, apply anyway! We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

Pindrop is an Equal Opportunity Employer

Here at Pindrop, it is our mission to create and maintain a diverse and inclusive work environment. As an equal opportunity employer, all qualified applicants receive consideration for employment without regard to race, color, age, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, marital and/or veteran status.

#LI-Remote

Hi, we're Oscar. We're hiring a Senior Security Engineer, Application Security to join our Security team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role

As a Senior Security Engineer, you will collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems. Your primary objective will be to safeguard classified information by thoroughly assessing and examining Oscar's applications and infrastructure by executing and documenting technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. In addition, you will be responsible for presenting identified risks and providing guidance on best practices to prevent future vulnerabilities.

You will report to the Manager, Security Architecture.

Work Location

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission.

If you live within commutable distance to our New York City office (in Hudson Square), our Tempe office (off the 101 at University Ave), or our Los Angeles office (in Marina Del Rey), you will be expected to come into the office at least two days each week. Otherwise, this is a remote / work-from-home role.

You must reside in one of the following states: Alabama, Arizona, Colorado, Florida, Georgia, Illinois, Iowa, Kentucky, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New Mexico, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, or Washington, D.C. Note, this list of states is subject to change. #LI-Remote

Pay Transparency

The base pay for this role is: $144,000 - $189,000 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants and annual performance bonuses.

Responsibilities

• Collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems, including proposing enhanced controls and procedural strategies to mitigate technical risks 
• Demonstrate an in-depth comprehension of Oscar's technological landscape
• Collaborate effectively with Security Leadership, providing insights into technical issues and their potential impacts
• Engage in multiple-layers of oscars Technology stack to design security measures around protecting Oscars systems
• Simplify intricate security concerns into actionable steps for effective remediation or risk mitigation
• Compliance with all applicable laws and regulations
• Other duties as assigned

What you may work on

Some sample projects in this role may include:

• Execute and meticulously document technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. This includes conducting Threat Modeling, Architecture/Design Reviews, Application and Cloud Security Testing (Red Teaming), and Manual Vulnerability Assessments.
• Spearhead internal workshops involving cross-functional teams to analyze outcomes from technical assessments, devising comprehensive plans to mitigate identified risks effectively.
• Define robust hardening and secure design standards, leveraging them to conduct thorough application security reviews in collaboration with developer teams.

Qualifications

• 3+ years experience in Technology related field 
• 2+ years experience in Security

Bonus Points

• Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST,, HIPAA) and experience in ensuring organizational adherence to these standards.
• Hands-on experience in developing Web/Mobile Applications.
• Hands-on experience in evaluating Web Applications, Cloud Environments, Mobile Applications, and Network security.
• Proficiency in industry-standard methodologies and frameworks for security testing (OWASP, OSSTM, PTES).
• Proficient familiarity with AWS and GCP.
• Experience utilizing containers and container orchestration technology (Mesos and Kubernetes).
• Possession of industry-recognized certifications pertaining to application/offensive security (OSCP, OSCE, OSWP, OSWA, OSWE, CSSLP).
• Experience in assessing containers for potential security vulnerabilities.
• Experience Threat Modeling

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about helping each other's growth.

As a Senior Security Engineer, you will forge and nurture trusted relationships with internal technology teams (Software Engineering, SRE, DS/ML, Product) and external customers (e.g., payers, accountable care organizations, integrated delivery networks). You will partner closely with the entire technology organization to architect, design, implement, and maintain system security and controls. This role will be an expert who understands the needs of software development, technical system design, and data/information security.

As a Senior Security Engineer, you will:

• Serve as a SME for security related code and technical design reviews.
• Identify and collaborate with eng and SRE to resolve areas of security vulnerability in our software, systems and infrastructure.
• Serve as security point-of-contact for audit/certification programs such as HITRUST, SOC 2, and HIPAA
• Assess and improve systems for compliance with security requirements, policies, guidelines and standards (see above)
• Interface with external customers on CA security reviews and assessments
• Monitor and regularly review our system for intrusions, threats, and anomalies
• Work to improve our general security posture and processes ranging from secure development practices to SecDevOps
• Lead the planning, definition and implementation of new security solutions or related development

You will love this job if:

• You are passionate about transforming healthcare delivery through new technologies and want to make an impact.
• You have a bias toward action and seek to intervene before issues arise.
• You are comfortable navigating ambiguity and working in an evolving environment.
• You are a problem solver and a team player. You love working within teams and helping them work more efficiently.
• You are a strong communicator and able to influence behaviors to help drive desired outcomes.
• You are empathetic and seek to build enduring relationships with our customers and users.
• You are analytical and use data to drive actions and evaluate outcomes.

You should get in touch if:

• You have strong knowledge and experience with software engineering, web services, APIs and cloud environments.
• You have assessed the security of APIs and systems by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
• You have excellent written and verbal communication skills and are able to craft clear and comprehensive reports and research to present to engineering and other stakeholders.
• You are able to think strategically while also managing work tactically.
• You work autonomously but know when to inform, involve, or escalate topics or decisions.
• You stay up-to-date with latest research on threats, attack vectors, and security trends and are keen to apply them to our environment
• You demonstrate influence and are able to lead/mentor internal teams and customers toward shared goals and objectives.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. We are an E-Verify company.

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.

#LI-REMOTE

Application Security Consultant

Looking for an innovative, high-growth company in one of the hottest segments of the security market?  Look no further than Veracode! 

Veracode is recognized as a premier provider of SaaS-based software security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at www.veracode.com!

Candidate will operate as member of application security consulting team delivering tactical mentorship and strategic consulting in terms of general application security awareness, secure development best-practices, and effective utilization of Veracode services. Ability to effectively communicate application security concepts to developers unskilled in these is essential, as is the ability to also function as a trusted advisor to security stakeholders within client organizations. Additional opportunities of the role include threat analysis and modelling, evaluation of effectiveness of compensating controls within and beyond application implementation logic, creation of client security program recommendations.  The role requires:

Required Skills:

• 2+ years of recent software development experience-- either professionally or as an Open Source contributor, or an avid hobbyist.
• Willingness and eagerness to learn new programming  languages on the job
• Understanding of Application-level security and secure coding practices.
• Proficiency in one of more of the following programming languages; C, Javascript, C++, C#, Java, or PHP Hands-on experience with one or more of the following: Visual Studio or Eclipse, Team City, Jira, Hudson, Jenkins, or Cruise Control. Archer, SAML/SSO, VMware Databases, Command Shell scripting.
• Excellent “Client-side” manner
• Client requirement gathering, prioritization and scoping experience.
• Strong technical writing skills.
• Strong oral communication skills in English and good presentation/teaching skills.
• Excellent problem-solving and organizational skills.
• Ability to apply these skills cooperatively in a collaborative team environment.
• Additional Skills and Experiences:  Familiarity with CVSS, CWE, OWASP, WASC and SANS-25.Experience with source code analysis and interactive application security testing products, Penetration Testing. Understanding of common risk mitigation practices and technologies such as firewalls, ACLs and multi-factor access controls,; SaaS, Professional Services
• Training/Mentoring experience also desired.
• Written and conversational fluency in Spanish, including domain specific terminology for IT/Application Security/Programming is desired but not a requirement.
•  
• What we offer you
• Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs.
• Wellness benefits to help you focus on what’s most important.
• “Take What You Need” time off policy.
• Extensive development and training offerings to help you grow your career at Veracode.
• Generous 401k match to help save for your future.
• Amazing community of professionals who take pride in what we do every day.

Compensation Transparency

In accordance with U.S. pay transparency laws, Veracode provides compensation transparency for roles based in the United States. Click here to view our compensation ranges by grade. Please note, specific compensation may be influenced by various factors including candidates experience, education, and work location.

Job Grade: Career

Employment opportunities are available to all applicants without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Mozilla’s Infrastructure Security team is growing! We are looking for security practitioners to reduce risk in our systems and applications, and ensure our products live up to Mozilla’s dedication to privacy and a joyful Internet. This position is remote-friendly and open to most locations in the US and Canada.

Why Mozilla?

Mozilla Corporation is the non-profit-backed technology company behind pioneering brands like Firefox, the privacy-minded web browser, and Pocket, the content discovery platform. More than 270 million people around the world use its products each month.

Along with 20,000+ volunteer contributors and collaborators all over the world, Mozilla Corporation’s staff are driven by our vision to be the trusted guide through a joyful internet. We design, build and distribute software that enables people to enjoy the internet on their terms.

About this team and role:

Working closely with partners across IT, Site Reliability Engineering (SRE), along with other departments across Mozilla, the Security Engineer ensures that systems and services are secured through the implementation of technical and administrative security controls.

What you'll do:

• Protect the services our products like Firefox, Mozilla VPN, Pocket, etc depend on from attacks and abuses
• Design, build and deploy security frameworks such as cloud security, intrusion detection, vulnerability and patch management, application security services, system hardening, etc.
• Design, review and improve the security controls of the organization
• Write, maintain, and expand security automation and monitoring tools
• Work with developers and operations across the organization to keep infrastructure safe
• Translate technical and administrative security controls into platform security standards.
• Define, refine, publish and evangelize the resulting cost effective security standards, ensuring accurate translation into platform configurations.
• Continually work to improve Mozilla’s security posture by partnering and supporting other parts of the cybersecurity organization.

Successful candidates will have meaningful experience in one or more areas like GCP/AWS/Azure cloud security techniques, data security methodologies, vulnerability management and have extensive experience with security in all varieties of infrastructure.

You will be hardening and guiding recommendations for Mozilla’s systems and networks, infrastructure, application security services, and company assets, while ensuring the mission of privacy and security is upheld at all times. This is a hands-on role, and you will collaborate with other teams to guide proper security practices throughout the company.

What you'll bring:

• 3+ years of relevant hands-on experience in a cybersecurity domain designing, publishing and building security practices.
• 3+ years of experience translating technical and administrative security controls into actionable platform configurations.
• 3+ years of experience managing cybersecurity lifecycle management.
• 3+ years of experience in any cybersecurity domain(s).
• Strong infrastructure security knowledge, from high level architectural concepts down to the implementation.
• Security architecture background and experience, public cloud and on-premise.
• Cloud Architecture background
• Experience with Terraform
• Experience securing large-scale deployments in major cloud stacks (AWS, GCP, or Azure), including automating controls and use of API functions.
• A significant role in the operation of vulnerability management 
• Development skills primarily in Python and Go. You should feel comfortable operating the services for the code you write and documenting it for others.
• Log aggregation and analysis techniques, and you're familiar with the concepts of common SIEM technology such as Splunk.
• A B.S. in Computer Science or relevant certifications would be lovely, but passion, curiosity, and real-world experience are preferred.
• Experience in ensuring compliance with CIS benchmarks

About Mozilla 

Mozilla exists to build the Internet as a public resource accessible to all because we believe that open and free is better than closed and controlled. When you work at Mozilla, you give yourself a chance to make a difference in the lives of Web users everywhere. And you give us a chance to make a difference in your life every single day. Join us to work on the Web as the platform and help create more opportunity and innovation for everyone online.

Commitment to diversity, equity, inclusion, and belonging

Mozilla understands that valuing diverse creative practices and forms of knowledge are crucial to and enrich the company’s core mission.  We encourage applications from everyone, including members of all equity-seeking communities, such as (but certainly not limited to) women, racialized and Indigenous persons, persons with disabilities, persons of all sexual orientations,gender identities, and expressions.

We will ensure that qualified individuals with disabilities are provided reasonable accommodations to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment, as appropriate. Please contact us at hiringaccommodation@mozilla.com to request accommodation.

We are an equal opportunity employer. We do not discriminate on the basis of race (including hairstyle and texture), religion (including religious grooming and dress practices), gender, gender identity, gender expression, color, national origin, pregnancy, ancestry, domestic partner status, disability, sexual orientation, age, genetic predisposition, medical condition, marital status, citizenship status, military or veteran status, or any other basis covered by applicable laws.  Mozilla will not tolerate discrimination or harassment based on any of these characteristics or any other unlawful behavior, conduct, or purpose.

Group: D

#LI-REMOTE

Req ID: R2307