As a Senior Security Engineer on our Detection and Response team, you will help detect and respond to threats for one of the biggest online platforms in the world that handles massive amounts of traffic at very low latency.

We are looking for a teammate with expertise in both security engineering and operations and that values the complement between the two. You will have the opportunity to build and integrate tooling and detections, as well as investigate threats and lead incidents. As part of the larger Security organization, we make risk-informed decisions and prioritize automations to help us scale. In this role, you will help design, build, and mature our detection and response program, enabling rapid detection and effective response to threats against Fastly.

What You'll Do:

• Develop detections and other analytics to identify threats across cloud, corporate, and edge environments
• Partner closely with Engineering, Security Architecture, Risk Management, Compliance, and other teams to prioritize detections and delivery of other security initiatives
• Triage and investigate security threats and lead security incidents
• Research, evaluate, implement, and maintain a variety of custom and commercial security tools, such as Endpoint Detection and Response (EDR), anti-phishing, and Security Information and Event Monitoring (SIEM)
• Develop strategies, frameworks, designs, automations, metrics, and processes to support the maturity of the Detection and Response program
• Develop and maintain incident response playbooks and other detection and response documentation
• Conduct threat hunts to discover unknown malicious activity across our environment
• Participate in our on-call rotations
• Mentor other team members and contribute to larger Security initiatives

What We're Looking For: 

At Fastly we value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess most of the following and an interest in learning more about the rest:

• Experience in utilizing Splunk to include investigating threats, developing metrics and dashboards, normalizing data feeds, and integrating with other tools
• Familiarity of attacker tactics, techniques, and procedures (TTPs) and investigating advanced threats
• Experience in evaluating, implementing, configuring, tuning, and maintaining Endpoint Detection and Response solutions
• Experience with at least one major public cloud infrastructure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP)
• Experience in effectively leading large and complex security incidents from detection to remediation
• Familiarity with modern security frameworks and best practices, such as the MITRE ATT&CK framework and NIST CSF
• Proficiency in one or more general purpose programming languages such as Python, Ruby, Go, or Rust
• Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation

We’ll be super impressed if you have experience in any of these: 

• Developed “detections-as-code”
• Conducted threat hunts
• Published research on detection engineering or threat intelligence
• Developed automations to improve security operations
• Familiarity with content delivery networks (CDN), edge cloud platforms, or other Fastly products and services

Work Hours:

This position will require you to be available during core business hours and support an on-call rotation. 

Work Locations & Travel Requirements: 

This position is open to both hybrid and remote work. 

The preferred locations for this position are:

• San Francisco, CA 
• Los Angeles, CA 
• Denver, CO 
• New York City, NY

Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home.  

We are willing to consider remote candidates in US (Remote). 

This position may require travel as required by your role or requested by your manager.

Salary: 

The estimated salary range for this position is $155,370 to $194,210.

Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.

This role may be eligible to participate in Fastly’s equity and discretionary bonus programs.

Benefits: 

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings? 

We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a Flexible Vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2024, we offer 10 paid local holidays, 11 paid company wellness days. 

Senior Engineer l, Security

We are looking for a dedicated Security Engineer to join our growing team. This Security Engineer will be working alongside an existing team of experienced security engineers and partnering closely with technologists across the company to help build digital health security and protect our patients here at Thirty Madison! We serve our patients from start to finish, and security works the same way, all the way from the deepest infrastructure to the patient experience, we want our patients to be safer by being with Thirty Madison. Above all, you embody the Thirty Madison mission of providing access to healthcare for all who suffer from chronic conditions.

Comp | Perks | Benefits 

• The base pay range for this position is $152,800 - $210,100 per year.** 
• Annual Incentive Plan + Stock Option Package
• Robust and affordable Medical, Dental, and Vision plan options 
• 401(k) with a match, commuter benefits, and FSA
• Annual $750 vacation stipend and $500 happiness stipend
• Flexible time off policy

**Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual incentive plan and stock options may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.

What you get to do every day

• Build and mature a threat hunting program.
• Detect and respond to security incidents and participate in an incident on-call rotation
• Develop innovative ways to detect security incidents.
• Design and build the security for the future of our infrastructure.
• Partner with the infrastructure team, engineering team, compliance team and within security teams to maintain and further improve our cloud security posture.
• Create solutions and processes to identify, resolve and mitigate security vulnerabilities and risks.
• Research threats and attack vectors that impact Thirty Madison’s applications and infrastructure.
• Devise and bolster defense-in-depth through secure-by-default frameworks, architectures and processes.
• Mentor and share security standards and processes with all parts of the organization.

What you bring to the role

• Expertise responding to complex incidents across endpoint, network, and cloud.
• Capable of understanding an unfamiliar system enough to successfully respond to an incident involving the system.
• Expertise in detection engineering.
• Experience with SIEM, EDR, and CSPM tools.
• Deep understanding of the threat landscape.
• Experience with assessing risks.
• Experience in cloud security, especially for AWS, anything to do with IAM, secure configuration of services, AWS native security services like AWS Cloudtrail, SCP’s, AWS Org, Config etc.
• Ability to understand the whole solution, not just the technology.
• Focus on the end to end lifecycle of solving a problem and solutioning for it and not just implementing a security technology. Have a well-rounded view for problem solving.
• Deep care for the patient and your fellow employees experience as you surpass security challenges.
• Hunger to drive decision making, collaboration and to have deeper opinions on security design.
• You can review different design choices and can understand/discuss pros and cons for each.
• Ability to code to automate tedious tasks.
• Experience with Infrastructure as Code. We use terraform!
• Strong collaboration skills with the wider security team and engineering at Thirty Madison

All Company policies and procedures are subject to change without notice based on business needs. This includes, but is not limited to, the locations where we hire remote, hybrid, or onsite employees.

What you’ll do

In a few words…

Abarca is igniting a revolution in healthcare.  We built our company on the belief that with smarter technology we are redefining pharmacy benefits, but this is just the beginning…

Our Infrastructure Operations team is critical for success at Abarca Health. They handle the days in and days out of the entire architecture of our systems from data processing to server updates and stability. The Information Security team's focus is to monitor, detect, investigate and respond to events that could lead to incidents. They are involved in planning and implementing preventative security measures and oversee the security operations, which includes protecting IT infrastructure, networks, data, edge devices and identify any exploitation, whether accidental or intentional.

The Security Engineer is a key member of the security team, which is instrumental in ensuring the security of our cloud infrastructure and protection of our sensitive data: PHI & PII data, per our information security policy. In this role, you shall help identify security gaps and drive remediation activities to close those gaps. You’ll play an integral role in defining and assessing the organization's security strategy, architecture, and practices as well as contributes to maturing the company's infrastructure security architecture and technology frameworks.

The fundamentals for the job…

• Drive security related initiatives including but not limited to the creation and maintenance of security policies, implementation of security procedures and controls, and monitoring in conformance to the policy.
• Deploy and manage applications to monitor cloud infrastructure security and intrusions.
• Perform initial incident triage, determine scope, urgency, and potential impact of security incidents.
• Provide guidance external auditors on compliance and to Engineering teams on security measures.
• Perform security gap assessments and implement remediations.
• Run periodic infrastructure vulnerability scans and pen testing and work with engineering teams on identified vulnerabilities for resolution.
• Collaborate with network and infrastructure teams on securing and best practices for all our Azure, IBM Cloud, and on premises environments, as well as OS hardening, access logging, and patching.
• Own the overall cloud infrastructure security program including driving incident response and resolution and adjust procedures as applicable.
• Monitor industry security updates, changes, technologies, emerging threats, and best practices for continuous improvement.

What we expect of you 

The bold requirements…

• Bachelors Degree or Master’s Degree in Computer Science, Information Security, or a related area. (In lieu of a degree, equivalent relevant experience may be considered.)
• 3+ years of experience in Infrastructure and Information Security.
• 3+ years working on Azure or AWS running multiple production workloads.
• Experience with OS hardening techniques for Windows environments.
• Experience with access logging, centralized logging, and monitoring/alerting of security log events.
• Experience with applications for monitoring infrastructure security and detecting intrusions.
• Experience designing and implementing access control models for privileged access in fast-paced cloud environments.
• Experience with incident response, threat modeling, and mitigation, as well as common information security management frameworks such as ISO27001.
• Experience with Azure security best practices and security controls using Azure services (AWS experience will be considered).
• Experience with common internet protocols such as DNS, DHCP, SMTP, LDAP, etc.
• Excellent oral and written communication skills.
• We are proud to offer a flexible hybrid work model which will require certain on-site work days (Puerto Rico Location Only)

Nice to haves…

• Security-related certification such as CISSP, CCSP, CEH, CISM, etc.
• Experience with HCI technology.
• Experience with OS hardening techniques for Linux.

Physical requirements…

• Must be able to access and navigate each department at the organization’s facilities.
• Sedentary work that primarily involves sitting/standing.

At Abarca we value and celebrate diversity. Diversity, equity, inclusion, and belonging are guiding principles of Abarca and ensure Abarca’s workforce reflects the communities it serves.  We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

Abarca Health LLC is an equal employment opportunity employer and participates in E-Verify.  “Applicant must be a United States’ citizen. Abarca Health LLC does not sponsor employment visas at this time”

The above description is not intended to limit the scope of the job or to exclude other duties not mentioned. It is not a final set of specifications for the position. It’s simply meant to give readers an idea of what the role entails.

#LI-MH1 #LI-REMOTE

About the role:

The Senior Security Engineer - Enterprise Security is responsible for building, operating, and maintaining Samsara’s core security infrastructure. Reporting to the Manager of Enterprise Security, you will collaborate with a global team of engineers to build a world-class security engineering program utilizing modern principles across corporate and product infrastructure.

You take security seriously and strive to build low-friction solutions developed in close partnership with others. You are passionate about building automation and helping to drive insights around potentially malicious activity within production environments. You will use your familiarity with a diverse set of technologies and practices to build a leading program in our industry.

You should apply if:

• You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
• You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment.
• You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
• You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best. 

Click hereto learn more about Samsara's cultural philosophy. 

In this role, you will: 

• Contribute to the development, deployment, and management of Samsara’s enterprise security program, including endpoint detection and response, vulnerability management, device trust, and SaaS posture management.
• Be responsible for one or more key security systems or processes, working directly with stakeholders and vendors to ensure seamless integration and operation.
• Write documentation and runbooks around key enterprise security needs.
• Collaborate with Security Operations to provide subject matter expertise around security investigations and incident management.
• Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices

Minimum requirements for the role:

• Significant (4+ years) experience working in enterprise security in the technology sector with demonstrated impact and career progression
• Deep subject matter expertise within enterprise security, such as extensive experience managing endpoint security toolsets, device trust efforts, email security tooling, secure access service edge delivery, or SaaS posture and security
• Proven history of planning and delivering high-impact, complex projects with clarity and independence
• Willingness to collaborate and mentor more junior team members and cross-functional partners, including via documentation writing, code pairing, and other activities.

An ideal candidate also has:

• Experience building out security programs using modern SaaS platforms such as Zscaler, Crowdstrike, Wiz, Splunk, and other tools.
• Experience with securing common SaaS productivity tools such as Google Workspace, Slack, and Atlassian products in an enterprise environment.

As a Staff Security Engineer on our Detection and Response team, you will help detect and respond to threats for one of the biggest online platforms in the world that handles massive amounts of traffic at very low latency.

We are looking for a teammate with expertise in both security engineering and operations and that values the complement between the two. You will have the opportunity to build and integrate tooling and detections, as well as investigate threats and lead incidents. As part of the larger Security organization, we make risk-informed decisions and prioritize automations to help us scale. As the lead engineer on our team, you will design, build, and mature our detection and response program, enabling rapid detection and effective response to threats against Fastly. You will lead large, complex, cross-team projects and mentor other security engineers on our growing team. 

What You'll Do:

• Lead the design and implementation of a robust Detection Engineering program
• Develop detections and other analytics to identify threats across cloud, corporate, and edge environments
• Partner closely with Engineering, Security Architecture, Risk Management, Compliance, and other teams to prioritize detections and delivery of other security initiatives
• Triage and investigate security threats and lead security incidents
• Research, evaluate, implement, and maintain a variety of custom and commercial security tools, such as Endpoint Detection and Response (EDR), anti-phishing, and Security Information and Event Monitoring (SIEM)
• Develop strategies, frameworks, designs, automations, metrics, and processes to support the maturity of the Detection and Response program
• Develop and maintain incident response playbooks and other detection and response documentation
• Conduct threat hunts to discover unknown malicious activity across our environment
• Participate in our on-call rotations
• Mentor other team members and contribute to larger Security initiatives

What We're Looking For: 

At Fastly we value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess most of the following and an interest in learning more about the rest:

• Expertise in utilizing Splunk to include investigating threats, developing metrics and dashboards, normalizing data feeds, and integrating with other tools
• Strong understanding of attacker tactics, techniques, and procedures (TTPs) and investigating advanced threats
• Experience in implementing “Detection as Code”
• Experience in securing, developing detections, and responding to incidents in one major public cloud infrastructure, such as Amazon Web Services (AWS) or Google Cloud Platform (GCP)
• Experience in effectively leading large and complex security incidents from detection to remediation
• Familiarity with modern security frameworks and best practices, such as the MITRE ATT&CK framework and NIST CSF
• Proficiency in one or more general purpose programming languages such as Python, Ruby, Go, or Rust
• Experience with Linux administration at scale, associated intrusion/manipulation techniques, and standard methodologies for system hardening and process isolation

We’ll be super impressed if you have experience in any of these: 

• Built a Detection Engineering pipeline
• Built and led threat hunts
• Published research on detection engineering or threat intelligence
• Developed automations to improve security operations
• Familiarity with content delivery networks (CDN), edge cloud platforms, or other Fastly products and services

Work Hours:

• This position will require you to be available during core business hours. 

Work Locations & Travel Requirements: 

This position is open to both hybrid and remote. 

The preferred locations for this position are:

• San Francisco, CA
• Los Angeles, CA
• Denver, CO
• New York City, NY 

Fastly currently embraces a largely hybrid model for most roles which allows employees flexibility to split their time between the office and home.  

We are willing to consider remote candidates in US (Remote).

This position may require travel as required by your role or requested by your manager.

Salary: 

The estimated salary range for this position is $167,790 to $209,740.

Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location.

This role may be eligible to participate in Fastly’s equity and discretionary bonus programs.

Benefits: 

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings? 

We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), a non-accrual vacation policy and up to 18 days of accrued paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program. For 2024, we offer 10 paid local holidays, 11 paid company wellness days. 

At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code. By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative. It’s the web, made better. 

We’re looking for a Senior Enterprise Security Engineer on Webflow's new Security and Compliance team, you will work with the Director of Product Security to help us meet current and future product security needs.

About the role 

• Location: Remote-first (United States; BC & ON, Canada) 
• Full-time 
• Permanent
• Exempt 
• The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
  • United States  (all figures cited below in USD and pertain to workers in the United States)
    • Zone A: $162,500 - $216,050
    • Zone B: $152,700 - $203,100
    • Zone C: $143,00 - $190,150 
  • Canada  (All figures cited below in CAD and pertain to workers in ON & BC, Canada)
    • CAD 184,600 - CAD 245,500

• Please visit our Careers page for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

• Reporting to the Director of Security 

As a Senior Enterprise Security Engineer you’ll … 

• Collaborate primarily with the Information Technology (IT), Facilities, and People teams
• You will be working to secure:
• endpoints
• corporate SaaS and internal tooling
• corporate offices
• Improve security related processes and procedures
• Work to establish or improve security standards while balancing business strategies and requirements.
• Support Webflow’s security current and future security frameworks such as SOC2
• Participate in incident response and forensics
• Support 3rd party risk

In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

About you 

You’ll thrive as a Senior Enterprise Security Engineer if you:

• First and foremost, are a technologist, and have a broad fundamental understanding of the technology space with solid background in current IT trends and tooling.
• Have 3+ years of experience evaluating and securing corporate IT environments with an eye to improve security design, continuous commitment to risk reduction and sustainable security.
• Have experience securing MacOS endpoints, and working with tools such as Jamf and Crowdstrike
• Have experience with IAM & IDP systems such as Okta
• Have experience with incident response, and conducting endpoint forensics
• Have a solid understanding of the corporate threat landscape, and intrusion patterns, and the itch to investigate for potential security issues
• Have experience evaluating and securing corporate network environments
• Love to share knowledge, and the gift of explaining complex security concepts with your colleagues.
• Have an understanding of IT processes, and HR operations, tools and procedures
• Have experience automating security processes and procedures
• Are passionate about security in general, and always hungry to learn
• Have experience working with a security framework such as SOC2 or ISO 2700

Our Core Behaviors:

• Obsess over customer experience.We deeply understandwhatwe’re building andwhowe’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers.
• Move with heartfelt urgency.We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment.
• Say the hard thing with care.Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care.
• Make your mark.We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as ateamto get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

Benefits & wellness

• Equity ownership (RSUs) in a growing, privately-owned company
• 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (full-time employees working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent care Flexible Spending Account (US only), dependent on insurance plan selection where applicable in the respective country of employment; Employees may also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness where applicable in the respective country of employment
• 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave (where local requirements are more generous employees receive the greater benefit); Employees also have access to family planning care and reimbursement
• Flexible PTO with a mandatory annual minimum of 10 days paid time off for all locations (where local requirements are more generous employees receive the greater benefit), and sabbatical program
• Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
• Monthly stipends to support health and wellness, smart work, and professional growth
• Professional career coaching, internal learning & development programs
• 401k plan and pension schemes (in countries where statutorily required) financial wellness benefits, like CPA or financial advisor coverage
• Discounted Pet Insurance offering (US only)
• Commuter benefits for in-office employees

Be you, with us

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

For information about how Webflow processes your personal information, please reviewWebflow’s Applicant Privacy Notice. 

Title:Sr. Security Engineer                                        

Location:Remote - US ONLY

About inMarket

Since 2010, InMarket has been the leader in 360-degree consumer intelligence and real-time activation for thousands of today’s top brands. Through InMarket's data-driven marketing platform, brands can build targeted audiences, activate media in real time, and measure success in driving return on ad spend. InMarket's proprietary Moments offering outperforms traditional mobile advertising by 6x.* Our LCI attribution platform, which won the MarTech Breakthrough Award for Best Advertising Measurement Platform, was validated by Forrester to drive an average of $40 ROAS for our clients.
*Source: Wordstream US Google Display Benchmarks for Mobile Media

About the Role

Join the team responsible for protecting our customers, our data, and our company from malicious actors at all levels. We are an outcomes focused team, focused on enabling our internal customers for success by providing them with clear guidance and strong security controls. We're looking for an exceptional engineer to join the team at the center of security and safety here at InMarket.

Your Daily Impact as a Sr. Security Engineer
In this role you will be responsible for working with great depth and breadth to build safeguards, detections, and controls to protect InMarkets vast amounts of data. Here you’ll truly be at the front lines taking on meaningful work to defend our company and our peers.

You will be working and communicating closely with many technical teams to develop context and foresight into what our true risks are, and work towards holistic longlasting remediation with guidance and real world solutions. Our goal is to create a cohesive balance between risk, operational effectiveness, and compliance.

The ideal candidate for this team is someone who is a strong, interested, well rounded engineer with a passion for security as well as a natural collaborator who can understand business needs and develop security solutions that empathize with people's experiences.

Your Experience and Expertise

• BS in computer science / cybersecurity, or equivalent experience
• 5+ years of experience in engineering, information security operations or related IT operations
• Strong experience in Linux administration
• Strong development & scripting experience. (Javascript / Ruby, Python preferred)
• Strong experience in AWS, GCP, or both
• Good networking fundamentals

Nice to Haves 

• Ability to provide a sample portfolio or work examples is highly preferred
• Varied security engineering experience with a specialty in one or more areas of security such as: (Cloud Security, Vulnerability Management, Application Security, Penetration Testing / Offsec, DevSecOps, Third Party / SaaS Security, Identity and Access Management, Incident Response)
• Experience performing security / architecture / code reviews
• Hackthebox, CTF, or Hackathon experience
• Good hands-on background in building tooling using many security products
• Terraform / IaC experience
• Kubernetes / Container experience
• Controls and Standards knowledge (SOC2, NIST CSF, 800-53, CIS)
• SOC2 audit experience
• Familiar with Security Reference Architectures and actual best practices
• Experience building out security tooling from common vendors
• Active member or speaker in the security / technology community
• Ability to work and multitask under high pressure situations
• Excellent written and verbal communication skills. Ability to communicate highly complex security concepts to both technical and non-technical audiences

Finally, here are a few more reasons why we love this work and think that you will too:

• This is a diverse role with unparalleled visibility where you’ll be able to learn new tech daily.
• You will have the opportunity to shape the security function with the support and autonomy to actually do it.
• Great support from executive leadership who understand the true value in security and genuinely back the mission.

Benefits Summary

• Competitive salary, stock options, flexible vacation
• Medical, dental and Flexible Spending Account (FSA)
• Company Matched 401(k)
• Unlimited PTO (Within reason)
• Talented co-workers and management
• Agile Development Program (For continued learning/professional development)
• Generous Paid Parental Leave

For candidates in California, Colorado, and New York City, the Targeted Base Salary Range for this role is $130,000 to $175,000. 

Actual salaries will vary depending on factors including but not limited to work experience, specialized skills and training, performance in role, business needs, and job requirements. Base salary is subject to change and may be modified in the future. Base salary is just one component of InMarket’s total rewards package that also may include bonus, equity, and benefits.  Ask your recruiter for more information!

At InMarket we are committed to a culture that supports diversity, inclusion, belonging and equal opportunity. We celebrate all people and believe everyone deserves respect regardless of race, gender, sexual orientation, backgrounds, experiences, abilities or beliefs.

InMarket is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, or veteran status.

Privacy Notice for California Job Applicants: https://inmarket.com/ca-notice-for-job-applicants/

#LI-Remote

Lead Security Engineer

US Remote

Who we are

Are you passionate about innovating at the intersection of technology and personal security? At Pindrop, we recognize that the human voice is a unique personal identifier, increasingly susceptible to sophisticated fraud, including the threat of deepfakes. We're leading the way in developing cutting-edge authentication, fraud prevention, and deepfake detection. Our mission is to provide seamless and secure digital experiences, safeguarding the most personal aspect of our identity: our voice. Here, you'll be part of a team driven by values of Innovation, Customer Advocacy, Excellence, and Impact. We're not just creating a safer digital landscape by fortifying trust and integrity with those we serve, we’re also building a dynamic, supportive workplace where your contributions make a real difference.

Headquartered in Atlanta, GA, Pindrop is backed by world-class investors such as Andreessen-Horowitz, IVP, and CapitalG.

What you’ll do 

• Lead and examine and secure systems, network, infrastructure and applications to assess and improve the current on premises and cloud security posture.
• Lead administration, management and incident response of security tools and technologies such as EDR (Endpoint Detection & Response), SIEM (Security Information & Event Management), DLP (Data Loss Prevention), Vulnerability Management, Firewalls, WAF (Web Application Firewalls)
• Support daily security operations (SecOps) functions such as configuring, monitoring and responding to security alerts. Assist with Incident Response, and investigations.
• Build automation for security tools and SecOps functions such as compliance checks, alerts and reporting.
• Lead security analysis, review and deployment of solutions (systems, network, infrastructure and applications) to protect Pindrop assets in the cloud and our data centers.
• Lead technical security assessments, security reviews, code audits and offensive security exercises to test security controls and detection capabilities
• Be aware of Information security standards such as ISO27001, SOC2, PCI and support internal and third party audits.
• Provide thought leadership and technical direction based on security news, research, threats, attack vectors, technologies, certifications, laws and regulations and report on anything that could impact the company. 
• Collaborate with stakeholders, provide security guidance and support and develop dashboards, reports, and alerts to meet their cybersecurity operational information requirements.    

Who you are

• You are an engineer at heart with strong problem-solving, analytical, communication and interpersonal skills and who has knowledge or experience in several areas such as - defending against and/or mitigating system vulnerabilities (including enterprise level concerns, infrastructure, and host/endpoint), intrusion detection and incident response, network traffic analysis, scripting languages, software reverse engineering, network security devices (e.g., firewalls, intrusion and detection systems), cloud and compliance frameworks.
• You continuously look for automation and programmatic efficiencies in security processes
• You have excellent written and verbal communication skills and can communicate technical details in a clear, concise, understandable manner
• You work independently and as part of a team with minimal supervision
• You are resilient in the face of challenges, change, and ambiguity
• You are optimistic and believe that you can make a problem into a solution
• You are resourceful, excited to uncover innovative solutions and teach yourself something new when needed
• You take accountability, do the things you say you’ll do, under-promise and over-deliver
• You are nimble and adaptable when priorities change and continue to see the “forest through the trees” 

Your skill-set: 

• At least 7 years of experience with administering and managing security technologies and tools such as EDR, SIEM, Vulnerability Management, SAST and DAST, Data Loss Prevention and File Integrity Monitoring tools.
• At least 5 years of experience with Security Operations (SecOps), incident response, security investigations.
• At Least 1 year of experience with a scripting or programming language: python, golang, ruby, bash, Java.
• Strong understanding of  Networks, Cloud, Containers, API, Application Security, SDLC, Web security, Docker, and Kubernetes
• Fundamental understanding of accepted security practices, known attack vectors and vulnerability assessment methodologies
• Nice to have:

• • Prior experience as a software developer
  • Prior architectural experience
  • Knowledge of common information security standards, such as ISO 27001/27002, NIST, CIS, PCI DSS, ITIL, and COBIT.

What’s in it for you:

As a Pindropper, you join a rapidly growing company making technology more human with the power of voice. You will work alongside some of the best and brightest). We’re a passionate group committed to excellence - but that doesn’t stop us from enjoying the journey as a team with chess and poker tournaments, catered lunches and happy hours, wellness programming, and more. Because we take our jobs seriously, we add in time for rest with Unlimited PTO, Focus Thursday, and Company-wide Rest Days. 

Within 30 days you’ll

• Complete onboarding and attend New Employee Orientation sessions with other new Pindroppers
• Learning about Pindrop culture, values and teams
• Building relationships with key stakeholders and the team

Within 60 days you’ll

• Learning existing processes, tools and techniques
• Learning SecOps best practices based on industry guidelines and comparing with current practices

Within 90 days you’ll

• Defining SecOps best practices based on industry guidelines and planning to improve with current practices
• Design and architect new security deployments and solutions.
• Teach us something new

What we offer

As a part of Pindrop, you’ll have a direct impact on our growing list of products and the future of security in the voice-driven economy. We hire great people and take care of them. Here’s a snapshot of the benefits we offer:

• Competitive compensation, including equity for all employees
• Unlimited Paid Time Off (PTO)
• 4 company-wide rest days in 2024 where the entire company rests and recharges!
• Generous health and welfare plans to choose from - including one employer-paid “employee-only” plan!
• Best-in-class Health Savings Account (HSA) employer contribution
• Affordable vision and dental plans for you and your family
• Employer-provided life and disability coverage with additional supplemental options
• Paid Parental Leave - Equal for all parents, including birth, adoptive & foster parents
• One year of diaper delivery for your newest addition to the family! It’s our way of welcoming new Pindroplets to the family!
• Identity protection through Norton LifeLock
• Remote-first culture with opportunities for in-person team events
• New hire and recurring monthly home office allowance
• When we need a break, we keep it fun with happy hours, ping pong and foosball, drinks and snacks, and monthly massages!
• Remote and in-person team activities (think cheese tastings, chess tournaments, talent shows, murder mysteries, and more!)
• Company holidays
• Annual professional development and learning benefit
• Pick your own Apple MacBook Pro
• Retirement plan with competitive 401(k) match
• Wellness Program including Employee Assistance Program, 24/7 Telemedicine

What we live by

At Pindrop, our Core Values are fundamental beliefs at the center of all we do. They are our guiding principles that dictate our actions and behaviors. Our Values are deeply embedded into our culture in big and small ways and even help us decide right from wrong when the path forward is unclear. At Pindrop, we believe in taking accountability to make decisions and act in a way that reflects who we are. We truly believe making decisions and acting with our Core Values in mind will help us to achieve our goals and keep Pindrop a great place to work:    

• Audaciously Innovate - We continue to change the world, and the way people safely engage and interact with technology. As first principle thinkers, we challenge standards, take risks and learn from our mistakes in order to make positive change and continuous improvement. We believe nothing is impossible.
• Evangelical Customers for Life - We delight, inspire and empower customers from day one and for life. We create a partnership and experience that results in a shared passion.   We are champions for our customers, and our customers become our champions, creating a universal commitment to one another. 
• Execution Excellence - We do what we say and say what we do. We are accountable for making the tough decisions and necessary tradeoffs to deliver quality and effective solutions on time.
• Win as a Company - Every time we win, we win as a company. Every time we lose, we lose as a company. We break down silos, support one another, embrace diversity and celebrate our successes. We are better together. 
• Make a Difference - Every day we have the opportunity to make a positive impact. We operate with dedication, passion, and uncompromising integrity, creating a safer, more secure world.

Not sure if this is you?

We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you’re not sure if you qualify, apply anyway! We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

Pindrop is an Equal Opportunity Employer

Here at Pindrop, it is our mission to create and maintain a diverse and inclusive work environment. As an equal opportunity employer, all qualified applicants receive consideration for employment without regard to race, color, age, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, marital and/or veteran status.

#LI-Remote

Hi, we're Oscar. We're hiring a Senior Security Engineer, Application Security to join our Security team.

Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

About the role

As a Senior Security Engineer, you will collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems. Your primary objective will be to safeguard classified information by thoroughly assessing and examining Oscar's applications and infrastructure by executing and documenting technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. In addition, you will be responsible for presenting identified risks and providing guidance on best practices to prevent future vulnerabilities.

You will report to the Manager, Security Architecture.

Work Location

Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission.

If you live within commutable distance to our New York City office (in Hudson Square), our Tempe office (off the 101 at University Ave), or our Los Angeles office (in Marina Del Rey), you will be expected to come into the office at least two days each week. Otherwise, this is a remote / work-from-home role.

You must reside in one of the following states: Alabama, Arizona, Colorado, Florida, Georgia, Illinois, Iowa, Kentucky, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New Mexico, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, or Washington, D.C. Note, this list of states is subject to change. #LI-Remote

Pay Transparency

The base pay for this role is: $144,000 - $189,000 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants and annual performance bonuses.

Responsibilities

• Collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems, including proposing enhanced controls and procedural strategies to mitigate technical risks 
• Demonstrate an in-depth comprehension of Oscar's technological landscape
• Collaborate effectively with Security Leadership, providing insights into technical issues and their potential impacts
• Engage in multiple-layers of oscars Technology stack to design security measures around protecting Oscars systems
• Simplify intricate security concerns into actionable steps for effective remediation or risk mitigation
• Compliance with all applicable laws and regulations
• Other duties as assigned

What you may work on

Some sample projects in this role may include:

• Execute and meticulously document technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. This includes conducting Threat Modeling, Architecture/Design Reviews, Application and Cloud Security Testing (Red Teaming), and Manual Vulnerability Assessments.
• Spearhead internal workshops involving cross-functional teams to analyze outcomes from technical assessments, devising comprehensive plans to mitigate identified risks effectively.
• Define robust hardening and secure design standards, leveraging them to conduct thorough application security reviews in collaboration with developer teams.

Qualifications

• 3+ years experience in Technology related field 
• 2+ years experience in Security

Bonus Points

• Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST,, HIPAA) and experience in ensuring organizational adherence to these standards.
• Hands-on experience in developing Web/Mobile Applications.
• Hands-on experience in evaluating Web Applications, Cloud Environments, Mobile Applications, and Network security.
• Proficiency in industry-standard methodologies and frameworks for security testing (OWASP, OSSTM, PTES).
• Proficient familiarity with AWS and GCP.
• Experience utilizing containers and container orchestration technology (Mesos and Kubernetes).
• Possession of industry-recognized certifications pertaining to application/offensive security (OSCP, OSCE, OSWP, OSWA, OSWE, CSSLP).
• Experience in assessing containers for potential security vulnerabilities.
• Experience Threat Modeling

Clover is reinventing health insurance by working to keep people healthier.

We value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds and swaths of life to help build the future of healthcare. Clover's engineering team is empathetic, caring, and supportive. We are deliberate and self-reflective about the engineering team and culture that we are building, seeking engineers that are not only strong in their own aptitudes but care deeply about helping each other's growth.

As a Senior Security Engineer, you will forge and nurture trusted relationships with internal technology teams (Software Engineering, SRE, DS/ML, Product) and external customers (e.g., payers, accountable care organizations, integrated delivery networks). You will partner closely with the entire technology organization to architect, design, implement, and maintain system security and controls. This role will be an expert who understands the needs of software development, technical system design, and data/information security.

As a Senior Security Engineer, you will:

• Serve as a SME for security related code and technical design reviews.
• Identify and collaborate with eng and SRE to resolve areas of security vulnerability in our software, systems and infrastructure.
• Serve as security point-of-contact for audit/certification programs such as HITRUST, SOC 2, and HIPAA
• Assess and improve systems for compliance with security requirements, policies, guidelines and standards (see above)
• Interface with external customers on CA security reviews and assessments
• Monitor and regularly review our system for intrusions, threats, and anomalies
• Work to improve our general security posture and processes ranging from secure development practices to SecDevOps
• Lead the planning, definition and implementation of new security solutions or related development

You will love this job if:

• You are passionate about transforming healthcare delivery through new technologies and want to make an impact.
• You have a bias toward action and seek to intervene before issues arise.
• You are comfortable navigating ambiguity and working in an evolving environment.
• You are a problem solver and a team player. You love working within teams and helping them work more efficiently.
• You are a strong communicator and able to influence behaviors to help drive desired outcomes.
• You are empathetic and seek to build enduring relationships with our customers and users.
• You are analytical and use data to drive actions and evaluate outcomes.

You should get in touch if:

• You have strong knowledge and experience with software engineering, web services, APIs and cloud environments.
• You have assessed the security of APIs and systems by analyzing authentication, authorization mechanisms, input validation, and potential vulnerabilities.
• You have excellent written and verbal communication skills and are able to craft clear and comprehensive reports and research to present to engineering and other stakeholders.
• You are able to think strategically while also managing work tactically.
• You work autonomously but know when to inform, involve, or escalate topics or decisions.
• You stay up-to-date with latest research on threats, attack vectors, and security trends and are keen to apply them to our environment
• You demonstrate influence and are able to lead/mentor internal teams and customers toward shared goals and objectives.

• Financial Well-Being: Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities. Additionally, we offer a performance-based bonus program and regular compensation reviews to recognize and reward exceptional contributions.
• Physical Well-Being: We prioritize the health and well-being of our employees and their families by offering comprehensive group medical coverage that include coverage for hospitalization, outpatient care, optical services, and dental benefits.
• Mental Well-Being: We understand the importance of mental health in fostering productivity and maintaining work-life balance. To support this, we offer initiatives such as No-Meeting Fridays, company holidays, access to mental health resources, and a generous annual leave policy. Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location. 
• Professional Development: We are committed to developing our talent professionally. We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews.

Additional Perks:

• Reimbursement for office setup expenses
• Flexibility to work from home, enabling collaboration with global teams
• Paid parental leave for all new parents
• And much more!

About Clover: We are reinventing health insurance by combining the power of data with human empathy to keep our members healthier. We believe the healthcare system is broken, so we've created custom software and analytics to empower our clinical staff to intervene and provide personalized care to the people who need it most.

We always put our members first, and our success as a team is measured by the quality of life of the people we serve. Those who work at Clover are passionate and mission-driven individuals with diverse areas of expertise, working together to solve the most complicated problem in the world: healthcare.

From Clover’s inception, Diversity & Inclusion have always been key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences and backgrounds, who share a passion for improving people's lives. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion and many other parts of one’s identity. All of our employee’s points of view are key to our success, and inclusion is everyone's responsibility.

#LI-REMOTE