This is Engineering at Lattice

Lattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.

As a critical member of Lattice's security team, you will play a pivotal role in auditing and strengthening our identity and access management (IAM) controls. Your responsibilities will include reviewing IAM configurations, pulling audit evidence and writing documentation, capturing configuration screenshots, and ensuring alignment with Lattice's security standards and compliance requirements. This role is ideal for someone with a deep technical understanding of IAM systems and a proactive approach to continuous improvement.

What You Will Do

• Conduct in-depth audits of systems for IAM configurations, ensuring compliance with security standards by gathering audit evidence and capturing configuration screenshots.
• Review and enhance IAM security controls across key corporate systems like Okta (identity and access management), Zscaler (network access controls), and CrowdStrike (endpoint access controls), recommending best practices for improved security.
• Collaborate with IT and engineering teams to assess and optimize IAM configurations, ensuring they support secure, role-based access and effective incident detection.
• Lead compliance initiatives and walkthroughs from a system perspective, including SOC2 audits, by preparing audit documentation specific to IAM controls and ensuring all evidence is properly documented and accessible.
• Proactively manage IAM-related security alerts, triaging incidents to mitigate potential access threats and continually optimizing alert rules and thresholds.
• Develop and maintain detailed documentation for IAM processes, controls, and evidence, ensuring they reflect current industry standards and Lattice security policies.

What You Will Bring to the Table

• 5+ years of experience in security operations, auditing, or IT with a focus on identity and access management systems and security compliance.
• Strong expertise in managing IAM tools and controls within platforms like Okta, Zscaler, and CrowdStrike, with a comprehensive understanding of secure configuration and role-based access control options.
• Demonstrated ability to assess IAM configurations, recommend security improvements, and implement best practices for system hardening.
• Knowledge of compliance frameworks (SOC2 preferred), authentication protocols, access management best practices, and role-based access control methods.

----

The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.

#LI-remote

Senior Security Analyst

US-Remote

Who we are

Are you passionate about innovating at the intersection of technology and personal security? At Pindrop, we recognize that the human voice is a unique personal identifier, increasingly susceptible to sophisticated fraud, including the threat of deepfakes. We're leading the way in developing cutting-edge authentication, fraud prevention, and deepfake detection. Our mission is to provide seamless and secure digital experiences, safeguarding the most personal aspect of our identity: our voice. Here, you'll be part of a team driven by values of Innovation, Customer Advocacy, Excellence, and Impact. We're not just creating a safer digital landscape by fortifying trust and integrity with those we serve, we’re also building a dynamic, supportive workplace where your contributions make a real difference.

Headquartered in Atlanta, GA, Pindrop is backed by world-class investors such as Andreessen-Horowitz, IVP, and CapitalG.

What you’ll do 

• Represent security in internal and external meetings to discuss security analysis, findings and security/compliance responses. 
• Review past incidents and identify attack trends. Finetune and reconfigure alerts based on prior incidents to improve detection.
• Actively participate in the development, documentation, and implementation of new processes to expand and mature capabilities for the organization.
• Identify and track internal and external assets to identify potential risks. Communicate these risks to internal and external stakeholders and build a plan of action.
• Develop, update, and maintain a repository of cybersecurity threat information that may be used in conducting risk assessments and reports on cyber risk trends.
• Build and maintain tools for automation of security events and reporting. Optimize and reconfigure tools to improve security processes.
• Implement, maintain and monitor IDS/IPS rule sets, alerts and reports.
• Perform investigations and improve detection processes on a wide variety of security events from various sources to determine whether they pose a threat to Pindrop
• Identify, research and develop internal and open source tools used to improve security and threat intelligence workflows to support Pindrop's unique environment
• Collaborate with internal and external teams to answer customer questionnaires, compliance audits.

Who you are

• You are, hands-on problem solver that excels in dynamic fast paced environments, curious and always looking to learn., highly interested in how things work and gets excited by threat modeling and new exploits
• You are resilient in the face of challenges, change, and ambiguity
• You are optimistic and believe that you can make a problem into a solution
• You are resourceful, excited to uncover innovative solutions and teach yourself something new when needed
• You take accountability, do the things you say you’ll do, under-promise and over-deliver
• You are nimble and adaptable when priorities change and continue to see the “forest through the trees” 

Your skill-set: 

• 2+ years of security monitoring and incident response experience
• Must have experience with Linux, Mac, and knowledge of Windows
• Experience in configuration and maintenance of endpoint security solutions, eg. Crowdstrike, SentinelOne, Carbon Black.
• Experience with security tools including SIEM, Metasploit, Splunk, Wireshark
• In-depth knowledge of SIEM log ingestion and alert creation.
• Hands-on experience with TCP/IP and networking
• Ability to write scripts/code using Python or other scripting languages for automation
• Knowledge of incident response and investigation tools and techniques
• Experience with security operations in cloud platforms such as AWS, GCP, Azure etc.
• Experience responding to security questionnaires and customer questions

Nice to have:

• Experience with forensic analysis tools (commercial and open-source) and procedures desired
• Experience with threat feeds and threat intelligence (e.g., STIX, TAXII, IOCs) desired
• Experience with cloud logging applications, AWS Cloudtrail, VPC Flow Logs, Lambda, etc.

What’s in it for you:

As a Pindropper, you join a rapidly growing company making technology more human with the power of voice. You will work alongside some of the best and brightest. We’re a passionate group committed to excellence - but that doesn’t stop us from enjoying the journey as a team with chess and poker tournaments, catered lunches and happy hours, wellness programming, and more. Because we take our jobs seriously, we add in time for rest with Unlimited PTO, Focus Thursday, and Company-wide Rest Days.

Within 30 days:

• You’ll focus on training and learning the basics of the company. This includes the company’s systems, procedures that should be adhered to, products and services, software, vendors, and/or clients.
• You’ll have been introduced to your team, colleagues and have 1:1’s to assimilate into the company culture.
• You will have the opportunity to learn the product in and out through training and a variety of resources. This then means that the majority of the things-to-do should fall along the lines of attending training sessions, gaining and mastering product knowledge, learning major corporate systems, meeting the members of your team, and getting the necessary access. 

Within 60 days:

• You’ll have a good grasp of your working environment and you can now move onto more advanced tasks. 
• You will start studying the best practices in the industry, create goals, meet up with your supervisor and get feedback on your performance, and build meaningful relationships with your co-workers along with taking on proper job responsibilities.  

Within 90 days

• You’ll demonstrate a firm grasp of the company and confidence in your job function. Thus, you should be preparing to make breakthrough contributions to your team or department. 
• The contributions may include finding new ways to improve security or coming up with ideas to save the company money. Instead of only identifying problems in the company, you should be at the forefront of brainstorming possible solutions. 
• You will be able to spearhead new initiatives and collaborate with other teams for the good of the company. 

What we offer

As a part of Pindrop, you’ll have a direct impact on our growing list of products and the future of security in the voice-driven economy. We hire great people and take care of them. Here’s a snapshot of the benefits we offer:

• Competitive compensation, including equity for all employees
• Unlimited Paid Time Off (PTO)
• 4 company-wide rest days in 2024 where the entire company rests and recharges!
• Remote-first culture

What we live by

At Pindrop, our Core Values are fundamental beliefs at the center of all we do. They are our guiding principles that dictate our actions and behaviors. Our Values are deeply embedded into our culture in big and small ways and even help us decide right from wrong when the path forward is unclear. At Pindrop, we believe in taking accountability to make decisions and act in a way that reflects who we are. We truly believe making decisions and acting with our Core Values in mind will help us to achieve our goals and keep Pindrop a great place to work:    

• Audaciously Innovate - We continue to change the world, and the way people safely engage and interact with technology. As first principle thinkers, we challenge standards, take risks and learn from our mistakes in order to make positive change and continuous improvement. We believe nothing is impossible.
• Evangelical Customers for Life - We delight, inspire and empower customers from day one and for life. We create a partnership and experience that results in a shared passion.   We are champions for our customers, and our customers become our champions, creating a universal commitment to one another. 
• Execution Excellence - We do what we say and say what we do. We are accountable for making the tough decisions and necessary tradeoffs to deliver quality and effective solutions on time.
• Win as a Company - Every time we win, we win as a company. Every time we lose, we lose as a company. We break down silos, support one another, embrace diversity and celebrate our successes. We are better together. 
• Make a Difference - Every day we have the opportunity to make a positive impact. We operate with dedication, passion, and uncompromising integrity, creating a safer, more secure world.

Not sure if this is you?

We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you’re not sure if you qualify, apply anyway! We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

Pindrop is an Equal Opportunity Employer

Here at Pindrop, it is our mission to create and maintain a diverse and inclusive work environment. As an equal opportunity employer, all qualified applicants receive consideration for employment without regard to race, color, age, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, marital and/or veteran status.

#LI-Remote

Acquia empowers the world’s most ambitious brands to create digital customer experiences that matter. With open source Drupal at its core, the Acquia Digital Experience Platform (DXP) enables marketers, developers, and IT operations teams at thousands of global organizations to rapidly compose and deploy digital products and services that engage customers, enhance conversions, and help businesses stand out.

Headquartered in the U.S., Acquia is positioned as a market leader by the analyst community and is listed as one of the world’s top software companies by The Software Report. We are Acquia. We are a global company with employees located in more than 30 countries, and we’re building for the future.We want you to be a part of it!

Does the challenge of finding security flaws in custom application code get your mind racing? Can you think like an attacker to misuse and break cloud services? Do you have an interest in compliance and simplifying the process for achieving it? Join Acquia and help enhance the security of the largest sites and brands on the planet, whose Drupal apps are powered by our PaaS platform and SaaS services built on top of many thousands of AWS EC2 instances.

Job Responsibilities:

• Be a Security Champion in an agile Security Engineering team owning and operating the services you build
• Research, specify, and test cloud hosting architectures leveraging your web, database, and OS knowledge
• Debug the toughest distributed systems production issues

Skills:

• 2-6 years of related experience
• Cloud security and compliance experience using AWS (e.g., Firewalls, IDS/IPS systems, DDOS prevention and PCI-DSS, HIPAA, FedRAMP, etc.)
• Strong software development background using any general programming language
• Understanding of Kubernetes
• Passion for websites and website delivery architecture
• Deep, working knowledge of LAMP stack--OS, web server, and database systems (Linux, Apache, and MySQL preferred)
• Linux packages (e.g., Debian or RPM packages); RHEL and Ubuntu experience
• Networking (e.g., TCP/IP, Routing, DNS, load balancing, HTTP caching, clustering, VPN, etc.)
• Holistic understanding of the Internet and hosting from the network layer up through the application layer.
• Excellent organizational and communication skills, both verbal and written
• BS in Computer Science or equivalent experience
• Ability to work effectively across multiple teams and drive results

Preferred Qualifications: 

• Software development using Python or Go
• Experience with threat modeling, especially for web application and web APIs
• Configuration management (e.g., Terraform, CloudFormation, etc.)
• Containerization:  Docker, LXC, etc.
• Kubernetes: Hands-on, working experience securing K8s deployments according to “hard multi-tenancy” guidelines and methods.

All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance.

About the Company

Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. Gemini offers a wide range of crypto products and services for individuals and institutions in over 70 countries.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we help you buy, sell, and store your bitcoin and cryptocurrency. 

At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.

In the United States, we have a flexible hybrid work policy for employees who live within 30 miles of our office headquartered in New York City and our office in Seattle. Employees within the New York and Seattle metropolitan areas are expected to work from the designated office twice a week, unless there is a job-specific requirement to be in the office every workday. Employees outside of these areas are considered part of our remote-first workforce. We believe our hybrid approach for those near our NYC and Seattle offices increases productivity through more in-person collaboration where possible.

The Department: Platform Security

The Role: Principal Platform Security Engineer

The Platform Security team secures Gemini’s infrastructure through service hardening and by developing and supporting a suite of foundational tools. We provide secure-by-default infrastructure, consumable security services, and expert consultation to engineering teams for secure cloud and non-cloud infrastructure.

The Platform Security team covers a broad problem space that includes all areas of Gemini’s platform infrastructure. In the past, this team has focused specifically on cloud security and we continue to invest heavily in this area.  This role will bring additional depth and specialization in non-cloud infrastructure, containerization, and container orchestration security.  We also value expertise in neighboring areas of infrastructure and platform security engineering including: PKI, core cryptography, identity management, network security, etc.

Responsibilities:

• Design, deploy, and maintain services/platforms for security and engineering teams
• Build and improve security controls and capabilities at all layers of infrastructure
• Partner with engineering teams on security architecture and implementation decisions
• Collaborate with application security, threat detection, incident response, GRC and similar security functions to identify, understand, and reduce security risk

Minimum Qualifications:

• 10+ years of experience in the field
• Significant experience with container orchestration technologies and relevant security considerations. We often use Kubernetes and EKS
• Significant experience in SRE, systems engineering, or network engineering
• Significant experience with distributed systems or cloud computing. We often use AWS
• Significant software development experience. We often use Python or Go
• Experience building and owning high-availability critical systems or cloud-based services
• Able to self-scope, define, and manage short and long term technical goals involving many teams and partners
• Deep expertise in computer security principles and practices

Preferred Qualifications:

• Experience securing AWS and Linux environments, both native and third-party
• Experience designing and implementing cryptographic infrastructure such as PKI, secrets management, authentication, or secure data storage/transmission
• Experience designing and implementing systems for identity and access management
• Experience with configuration management and infrastructure as code. We often use Terraform

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $198,000 - $247,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-AH1

????London or Remote (UK) | ???? £35,000 - £50,000 + Benefits | Hear from the team ✨

⭐ Our Offensive Security team

This role sits within our Offensive Security team, reporting into the Offensive Security Manager. But this team is a part of the wider Security collective here at Monzo, a power-house team of passionate security professionals all working to make Monzo as secure as possible for our customers.

At our core though, the Offensive Security team is made up of breakers, not makers. We find the vulnerabilities, prove exploitability, then work with the other teams to fix those problems. We aren’t developers though, so we give advice to mitigate issues but don’t start coding fixes ourselves.

????You’ll play a key role by…

The work we do within the Offensive Security team is varied, but all involve hacking in one way or another. A lot of our work is project-based, with focus placed on areas we consider weak. This might mean hacking some new internal software or testing a new feature in the apps for example.

We also do projects that simulate a real adversarial attack (a bit like red teaming), and cooperate with our defensive teams to improve capabilities and skills.

The biggest service we provide to the other teams is placing a security mindset in the room. Ask those “what ifs” and get people thinking like an attacker. And it always helps to have a proof of concept to show to others!

As an Offensive Security Engineer, you’ll first be covering the smaller projects the more senior engineers can’t get to. This could include:

• Testing new features in the Monzo apps (mainly the mobile apps, but sometimes web apps too)
• Testing internal and public web services that support our products, tools and systems
• Doing network testing (like attacking our office networks or hunting for vulnerabilities in sensitive networks)
• Supporting the security bounty program

As you get more familiar and confident within the team, we’ll encourage you to take on some bigger, more challenging projects to help with your career progression at Monzo. But you won’t be alone, and always have the support of the others in the team!

????We’d love to hear from you if…

First and foremost you:

• Have an unending curiosity to understand how the security of systems work at all levels
• Have a strong attacker mindset, always thinking “what if I did…” when testing a system

The following would be nice, but aren’t requirements:

• At least 2 years experience in security testing (ideally internal testers or consultants)
• An industry recognised qualification such as CREST CRT, CCT (APP or INF), OSCP, OSCE or other equivalent (don’t be put off if you don’t have any, experience is preferred!)

????What’s in it for you

????£35,000 - £50,000 ➕ share options.

????This role can be based in our London office, but we're open to distributed working within the UK (with ad hoc meetings in London) (Please note, we are notable to offer sponsorship or relocation to the UK for this role)

⏰We offer flexible working hours and trust you to work enough hours to do your job well, and at times that suit you and your team. 

????£1,000 learning budget each year to use on books, training courses and conferences.

????We will set you up to work from home; all employees are given Macbooks and for fully remote workers we will provide extra support for your work-from-home setup. 

➕ Plus lots more! Read our full list of benefits.

???? The application journey 

If shortlisted after your application, you’ll firstly have a chat with one of the Hiring Team. If successful following on from this ⬇️

• Initial call with a member of the security team
• Technical interview
• Values and Collaboration interview

This process should take around 2-3 weeks - your schedule is really important to us, so we promise to be as flexible as possible! 

We have some guidelines on using Artificial Intelligence (AI) to ace an application and interview at Monzo ???? You can read them here.

You’ll hear from us throughout the application process, but if you’ve got any questions, please reach out to business-hiring@monzo.com. You can also use this email address to let us know if there’s anything we can do to make the process easier for you because of disability, neurodiversity or anything else.

We’ll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don’t miss out! 

If you’d prefer to work part-time, please let us know and we'll make this happen if we can.

Equal opportunities for everyone

Diversity and inclusion are a priority for us and we’re making sure we have lots of support for all of our people to grow at Monzo. At Monzo, we’re embracing diversity by fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog, 2023 Diversity and Inclusion Report and 2023 Gender Pay Gap Report.

We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.

Linkedin Tags: #LI-REMOTE#LI-MY1

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the kind of engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about supporting each other's growth.

As a Security Engineer, you will forge and nurture trusted relationships with internal technology teams (Software Engineering, SRE, DS/ML, Product) and external customers (e.g., payers, accountable care organizations, integrated delivery networks). You will partner closely with the entire technology organization to architect, design, implement, and maintain system security and controls. This ideal candidate for this role will understand the needs of software development, technical system design, and data/information security.

As a Security Engineer, you will:

• Implement, operationalize and monitor security applications such as EDR, DLP, SAST, Vulnerability Management, and CSPM systems.
• Serve as a SME for security related code and technical design reviews.
• Identify and collaborate with engineering and SRE to resolve areas of security vulnerability in our software, systems and infrastructure.
• Assess and improve systems for compliance with security requirements, policies, guidelines and standards
• Interface with external customers on CA security reviews and assessments
• Work to improve our general security posture and processes ranging from secure development practices to SecDevOps
• Contribute to the planning, definition and implementation of new security solutions or related development

You will love this job if:

• You are passionate about transforming healthcare delivery through new technologies and want to make an impact.
• You have a bias toward action and seek to intervene before issues arise.
• You are comfortable navigating ambiguity and working in an evolving environment.
• You are a problem solver and a team player. You love working within teams and helping them work more efficiently.
• You are a strong communicator and able to influence behaviors to help drive desired outcomes.
• You are empathetic and seek to build enduring relationships with our customers and users.
• You are analytical and use data to drive actions and evaluate outcomes.

You should get in touch if:

• You have 1+ years of experience in a security role with priority on engineering.
• You have experience investigating, and triaging incidents.
• You have a basic understanding of operating systems (Linux, OSX, etc.) and networking fundamentals.
• You have a strong understanding of at least one of the following technologies: Python, JavaScript/TypeScript, Shell Scripting (You will be tested on one).
• You are comfortable with conducting code reviews for security vulnerabilities on a frequent basis.
• You have assessed the security of APIs and systems by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
• You have excellent written and verbal communication skills and are able to craft clear and comprehensive reports and research to present to engineering and other stakeholders.
• You stay up-to-date with the latest research on threats, attack vectors, and security trends and are keen to apply them to our environment.
• You have knowledge of cybersecurity frameworks and standards (e.g., NIST, ISO, CIS).

Benefits Overview:

• Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program and regular compensation reviews to recognize and reward exceptional contributions.
• Physical Well-Being: We prioritize the health and well-being of our employees and their families by offering comprehensive group medical coverage that include coverage for hospitalization, outpatient care, optical services, and dental benefits.
• Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, company holidays, access to mental health resources, and a generous annual leave policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
• Professional Development: We are committed to developing our talent professionally. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

• Reimbursement for office setup expenses
• Flexibility to work from home or from our office, enabling collaboration with global teams
• Paid parental leave for all new parents
• And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.

#LI-REMOTE

Job Summary 

The Security Engineer’s role is to aid the security efforts of Bugcrowd, while proactively making changes to further improve our security posture. 

To achieve this goal, we require a motivated team member who is willing to push their own boundaries and step out of their comfort zone.You will be challenged on a regular basis, especially because you are the last line of defense for one of the largest crowdsourced security platforms! The Security Engineer will provide mentoring to multiple junior security engineers and will work closely with other team members on a daily basis. 

**Please note this role will be working PST business hours

Essential Duties and Responsibilities

• Aiding within the Incident Response process
• Threat hunting
• Developing patches and security controls within a Ruby on Rails application, Golang application, and Kotlin application
• Communicating across multiple teams converting technical knowledge into palatable words for multiple audiences. 
• Significant familiarity with AWS and network security controls
• Identifying vulnerability root causes
• Performing basic risk assessments and triaging
• Educating developers on security best practices
• Architecting solutions with developers to remediate any security concerns
• Performing basic red team assessments (including but not limited to phishing, vishing, spoofing technologies, etc.)
• Testing new features within the platform and services
• Automating security tasks to increase workflow efficiency
• Mentoring other team members

Education

• Bachelor's Degree in a relevant field or commensurate experience
• 3 - 5+ years of professional experience in a similar role or its equivalent.

Knowledge, Skills, and Abilities

•  Experience with writing IR plans and operating within an IR practice (experience responding to incidents)
• Working knowledge of Threat Intelligence and how it can be used to proactively create security controls (automation)
• Familiarity with Pentesting techniques and OWASP Top 10
• Ability to understand a vulnerability and work with developers to patch it
• Scripting knowledge in at least one of: Bash, Python, JavaScript, Ruby
• Self motivated and organized - must be able to operate from a calendar and be punctual
• Cloud security experience or holds cloud certifications (AWS strongly preferred)
• Experience with Identity and Access Management (IAM) controls
• Ability to work autonomously within a global company, and critically think without intervention
• Familiarity with git
• Familiarity with a ticketing system / issue tracking system is a must (e.g: Jira)

Working Conditions & Physical Requirements

Sitting and / or standing - Must be able to remain in a stationary position 50% of the time

Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.

Environment - remote, work-from-home 100% of the time.

ADA Statement: Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR at ada@bugcrowd.com.

Pay Range Disclosure:The base pay range for this role takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to Qualifications, Geographical Location, Education/certifications, Experience, Skill Sets, Training, and other business and organizational needs. 

A reasonable estimate of the current range for the position of Security Engineer base is: $97,000- $106,000.

This position may also be eligible to participate in a discretionary bonus program or commission plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.

The Security Engineer at Signifyd assists cybersecurity operations and vulnerability management across the organization. This role works with other security engineers and analysts on the team by contributing integrations, implementations and reviews with our security systems. They setup, configure, and use these solutions to identify threats and vulnerabilities within our networks and applications then cross coordinate with other departments to ensure timely remediation. The Security Engineer reports to the Director, Head of Information Security and Compliance while supporting the Security Risk Manager with auditable evidence of control effectiveness.

Responsibilities

You will perform the following responsibilities alongside other members of the information security team:

• Engineer data feeds, rules, and tuning for the system information and event manager (SIEM);

• Triage security operations center (SOC) alerts as the Level II/III escalation support;

• Triage secrets scanning, static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) tools;

• Triage cloud security posture management (CSPM), infrastructure as code (IaC) security scanning, and attack surface violations;

• Identify patch management gaps using our vulnerability management software and collaborate with IT and Engineering teams on resolutions;

• Perform internal security testing, assessments, and triaging of alerts from security tooling;

• Conduct secure code reviews, secure design reviews, and threat modeling activities;

• Support GRC activities through control evidence collection;

• Contribute to operational support activities for all security capabilities. This includes preparing self service operational support documentation for developers and project teams, responding to internal support chat groups;

• Contribute to design and development of observability metrics and monitoring capabilities for all security capabilities utilizing DevOps or SRE principles;

• Support the creation and publication of metrics on security functions usage and remediation status for consumption by developers and project teams.

Requirements

• Ability to automate or develop basic tasks in at least one programming language such as: Java, JavaScript, Python

• Professional certifications such as WAPT, PPT, OSCP, etc and/or computer science degree;

• 1+ years security engineer experience or 2+ years as a Security Analyst or equivalent;

• Experience working with cloud technologies such as: AWS, GCP, Azure, Docker/Kubernetes.

#LI-Remote

Benefits in our US offices:

• Discretionary Time Off Policy (Unlimited!)
• 401K Match
• Stock Options
• Annual Performance Bonus or Commissions
• Paid Parental Leave (12 weeks)
• On-Demand Therapy for all employees & their dependents
• Dedicated learning budget through Learnerbly
• Health Insurance
• Dental Insurance
• Vision Insurance
• Flexible Spending Account (FSA)
• Short Term and Long Term Disability Insurance
• Life Insurance
• Company Social Events
• Signifyd Swag

We want to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about helping each other's growth.

As a Senior Security Engineer, you will forge and nurture trusted relationships with internal technology teams (Software Engineering, SRE, DS/ML, Product) and external customers (e.g., payers, accountable care organizations, integrated delivery networks). You will partner closely with the entire technology organization to architect, design, implement, and maintain system security and controls. This role will be an expert who understands the needs of software development, technical system design, and data/information security.

As a Senior Security Engineer, you will:

• Implement, operationalize and monitor security applications such as EDR, DLP, Vulnerability Management, and CSPM systems.
• Serve as a SME for security related code and technical design reviews.
• Identify and collaborate with engineering and SRE to resolve areas of security vulnerability in our software, systems and infrastructure.
• Serve as security point-of-contact for audit/certification programs such as HITRUST, SOC 2, and HIPAA
• Assess and improve systems for compliance with security requirements, policies, guidelines and standards (see above)
• Interface with external customers on CA security reviews and assessments
• Monitor and regularly review our system for intrusions, threats, and anomalies
• Work to improve our general security posture and processes ranging from secure development practices to SecDevOps
• Contribute to the planning, definition and implementation of new security solutions or related development

You will love this job if:

• You are passionate about transforming healthcare delivery through new technologies and want to make an impact.
• You have a bias toward action and seek to intervene before issues arise.
• You are comfortable navigating ambiguity and working in an evolving environment.
• You are a problem solver and a team player. You love working within teams and helping them work more efficiently.
• You are a strong communicator and able to influence behaviors to help drive desired outcomes.
• You are empathetic and seek to build enduring relationships with our customers and users.
• You are analytical and use data to drive actions and evaluate outcomes.

You should get in touch if:

• Experience investigating, and triaging incidents.
• Strong understanding of at least one of the following technologies: Python, JavaScript/TypeScript, Shell Scripting (You will be tested on one).
• You are comfortable with conducting code reviews for security vulnerabilities on a frequent basis.
• You have assessed the security of APIs and systems by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
• You have excellent written and verbal communication skills and are able to craft clear and comprehensive reports and research to present to engineering and other stakeholders.
• You stay up-to-date with latest research on threats, attack vectors, and security trends and are keen to apply them to our environment
• You demonstrate influence and are able to lead/mentor internal teams and customers toward shared goals and objectives.

Benefits Overview:

• Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program and regular compensation reviews to recognize and reward exceptional contributions.
• Physical Well-Being: We prioritize the health and well-being of our employees and their families by offering comprehensive group medical coverage that include coverage for hospitalization, outpatient care, optical services, and dental benefits.
• Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, company holidays, access to mental health resources, and a generous annual leave policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
• Professional Development: We are committed to developing our talent professionally. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

• Reimbursement for office setup expenses
• Flexibility to work from home or from our office, enabling collaboration with global teams
• Paid parental leave for all new parents
• And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.

#LI-REMOTE