person looking for a Security Operations Remote Jobs

Get Remote Security Operations Jobs in your mailbox.

69 exciting remote jobs on file from 2500+ top remote companies.

  • Hot new jobs of this week
  • 69 active jobs from past weeks to consult
  • Segmented for USA, Europe or Worldwide.
  • Personally selected for you by our experienced remote hiring managers.


A selection of jobs from the previous newsleterrs.

11d

Senior Security Engineer

QlikHybrid Remote, King of Prussia, Pennsylvania
5 years of experienceazurerubyjavac++linuxpythonAWS

Qlik is hiring a Remote Senior Security Engineer

Description

What makes usQlik

Qlik helps enterprises around the world move faster, work smarter, and lead the way forward with an end-to-end solution for getting value out of data.A Gartner Magic Quadrant Leader for 13years in a row!Our platform is the only one on the market that allows for open-ended, curiosity-driven exploration, giving everyone – at any skill level – the ability to make real discoveries that lead to real outcomes and transformative changes. We are a Values-Driven organization, operatinginover 100 countries with38,000 customers around the world. If you think we are interesting, please read on – we may be looking for you!

 

TheSr. Security Engineerroleat Qlik

As part of the organization, and our growing team, you will be in a unique position to impact the future direction the company takes. With approximately38,000 customers worldwide you will have access to a rich user community to help inform your decisions. Our highly collaborative environment means you will be working with a diverse group of talented people continuously innovating and improving.

.


The Sr. Security Engineer role at Qlik

Qlik has an innovative, team-oriented,and high-energy culture. We offer a flexible and exciting work environment, and plenty of opportunities for you to grow as a professional and as an individual.

 

As aSenior Security Engineerand team member of our rapidly growing company, you will haveasignificant impact on our company’s growth and success. Candidates must be self-driven andresults-oriented, with a strong will to succeed.

  • Support the investigation of security incidents, alerts andevents
  • Implement and support security-focusedtools
  • Assist in managing vulnerabilityprogram
  • Support company-wide projects for security
  • Assist in penetrationtesting
  • Proactive security checks and threat hunting
  • Assist in incidentresponse

 

Responsibilitiesinclude, but not limited to:

 

  • Strong understanding of networking principles (OSI Model, Routing fundamentals, TCP/IP)
  • Advance understanding of host operating systems and applications, including Microsoft Windows,Linuxand Mac
  • Experience in programming (Ex: Java or C++)
  • Experience with scripting languages such as Python, or Ruby
  • Understanding of network security principles
  • Incident response principles
  • Endpoint experience – AV, EDR
  • Minimum Years of Experience: 5 years of experience in Information Security
  • Vulnerability Management – Nessus, Qualys, Rapid 7
  • Basic Public Cloud experience – AWS, Azure, GCP

 

 

Skillsand qualificationsfor this roleinclude:

 

  • Qualifications – CCNA, CCNP, AWS Certified Security a plus
  • Security certifications like CEH, CIH, OSCP,andCISSP a plus

 

Thelocationfor this role is/re:

  • The role is open to any US Qlik office or Remote, for the right candidate.

 

About Qlik

 

The anticipated base salary range for this role is $108,000.00MIN –148,000.00 Maxper year. Final compensation offered by Qlik will be based on factors such as the candidate’s location, job-related skills, education, experience, and other business and organizational needs.

Qlik offers a comprehensive benefits package which includes, but is not limited to, group medical, dental and vision benefits, a 401(k) plan and match, flexible paid vacation, 10 paid annual company holidays, 9 days of annual paid sick leave (prorated upon hire), up to 16 weeks of paid parental leave, and mental and emotional wellbeing benefits.

 

Qlik is an Equal Opportunity/Affirmative ActionEmployer,and we value the diversity of our workforce.Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Click here to review the US Department of Labor’sEqual Employment Opportunity Posters, including theEEO is The Lawnotice and thePay TransparencyNondiscrimination Provision.

 

If you need assistance due to disability during the application and/or recruiting process, please contact us via theAccessibility Request Form.

 

Qlik is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Qlik via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Qlik. No fee will be paid in the event the candidate is hired by Qlikas a result ofthe referral or through other means.

 

 

 

See more jobs at Qlik

Apply for this job

CIYIS LLC is hiring a Remote Cybersecurity Engineer

We are seeking a Cybersecurity Engineer to join our team! You will be responsible for the management and delivery of SaaS applications for a government client. Serves as the Cybersecurity Engineer for a large, complex task order (or a group of task orders affecting the same system) and shall assist the PMO in working with managing customer requirements. Under the responsible for the overall delivery of various FedRAMP and ATO compliance project initiatives while ensuring that the technical solutions and schedules in the task order are implemented in a timely manner. Manages and reports project cost, schedule, and performance.

Responsibilities:

  • Plans, directs, and co-ordinates a group of Cybersecurity activities to manage and implement Cybersecurity project(s) from contract/proposal initiation to final operational stage.
  • Accountable for the monitoring and enforcing compliance to IT and cyber security policies and governing procedures to reduce risk to cyber incidents and potential areas of non-compliance.
  • Responsible for understanding and assessing technology and operational risks related to internal technology solutions and at times, might be asked to provide input to personnel on appropriate controls to address those risks.
  • Leads the project/program team(s) in determining client requirements and translating requirements into operational plans.
  • Ensures adherence to legally binding requirements and client’s long-term goals. Facilitates status review meetings among project team members and clients.
  • Works with the PMO on project/program proposals, bids, contracts, estimates, and schedules.
  • Maintains awareness on emerging technologies and project/program management techniques.
  • Provides Cybersecurity leadership in the design, build and overseeing of the security architectures, security engineering life cycle, infrastructure & network, and computer security for an organization.
  • Provides Cybersecurity leadership in the vulnerability testing, risk analyses and security assessments of local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices according to security standards, security systems and authentication protocols.
  • Provides Cybersecurity leadership in the definition, implementation, and maintenance of enterprise security policies and procedures.
  • Provides Cybersecurity leadership in the response to security-related incidents and follow(s) industry best practices in a thorough post-event analysis.
  • Provides Cybersecurity leadership in the architecture review and risk & impact assessment for the critical information assets.

Qualifications:

  • Previous experience in ERP information technology and/or other related fields
  • Demonstrated leadership experience in projects of similar size and complexity
  • Six years general IT experience
  • Six years cybersecurity experience
  • Must possess a DOD Secret Clearance and be eligible for an IT-II upon assignment.
  • Must possess certification meeting the DOD 8570.01 IAM level III
  • Nice to have a Risk Management Professional credential
  • Strong knowledge of RMF

Education & Clearance Requirements:

  • 4 Year degree in computer sciences, Information Technology, or equivalent experience
  • Candidate must posses the ability to maintain a government security clearance.
  • No visa sponsorship available.

    CIYIS is an Equal Opportunity Employer and all Qualified Applicants will receive consideration for employment without regard to Race, Color, Religion, Sex, National Origin, Disability Status, Protected Veteran Status or any other Characteristic Protected by Law.

    See more jobs at CIYIS LLC

    Apply for this job

    Samsara is hiring a Remote Senior Security Engineer - SIEM

    Who we are

    Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that depend on physical operations to harness Internet of Things (IoT) data to develop actionable insights and improve their operations. At Samsara, we are helping improve the safety, efficiency and sustainability of the physical operations that power our global economy. Representing more than 40% of global GDP, these industries are the infrastructure of our planet, including agriculture, construction, field services, transportation, and manufacturing — and we are excited to help digitally transform their operations at scale.

    Working at Samsara means you’ll help define the future of physical operations and be on a team that’s shaping an exciting array of product solutions, including Video-Based Safety, Vehicle Telematics, Apps and Driver Workflows, Equipment Monitoring, and Site Visibility. As part of a recently public company, you’ll have the autonomy and support to make an impact as we build for the long term. 

    Recent awards we’ve won include:

    Glassdoor's Best Places to Work 2024

    Best Places to Work by Built In 2024

    Great Place To Work Certified™ 2023

    Fast Company's Best Workplaces for Innovators 2023

    Financial Times The Americas’ Fastest Growing Companies 2023

    We see a profound opportunity for data to improve the safety, efficiency, and sustainability of operations, and hope you consider joining us on this exciting journey. 

    About the role:

    The Senior Security Engineer - Enterprise Security is responsible for building, operating, and maintaining Samsara’s core security infrastructure. Reporting to the Director of Information Security, you will collaborate with a global team of engineers to build a world-class security engineering program utilizing modern principles across corporate and product infrastructure.

    You take security seriously and strive to build low-friction solutions developed in close partnership with others. You are passionate about building automated alerting and response capabilities and helping to drive insights around potentially malicious activity within production environments. You will use your familiarity with a diverse set of technologies and practices to build a leading program in our industry.

    You should apply if:

    • You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
    • You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment.
    • You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
    • You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best. 

    Click hereto learn about what we value at Samsara. 

    In this role, you will: 

    • Contribute to the development, deployment, and management of Samsara’s enterprise security program, including endpoint detection and response, vulnerability management, device trust, identity lifecycle management, and secure web gateways.
    • Be responsible for one or more key security systems, working directly with stakeholders and vendors to ensure seamless integration and operation.
    • Write documentation and runbooks around key enterprise security needs.
    • Occasionally collaborate with Security Operations to provide subject matter expertise around security investigations and incident management.
    • Assist with other automated security tooling, such as just-in-time access management, least privilege access, and other security engineering priorities.
    • Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices.

    Minimum requirements for the role:

    • Deep subject matter expertise within enterprise security, including extensive experience managing endpoint security, identity lifecycle, or device trust efforts.
    • Significant (4+ years) experience working in enterprise security in the technology sector.
    • Willingness to collaborate and mentor security operations analysts, including via documentation writing, code pairing, and other activities.

    An ideal candidate also has:

    • Experience building out security programs using modern SaaS platforms such as Zscaler, Crowdstrike, Wiz, Splunk, and other tools.
    • Experience driving efforts around least privilege, just-in-time access management, and identity lifecycle management.

    Samsara’s Compensation Philosophy:Samsara’s compensation program is designed to deliver Total Direct Compensation (based on role, level, and geography) that is at or above market. We do this through our base salary + bonus/variable + restricted stock unit awards (RSUs) for eligible roles.  For eligible roles, a new hire RSU award may be awarded at the time of hire, and additional RSU refresh grants may be awarded annually. 

    We pay for performance, and top performers in eligible roles may receive above-market equity refresh awards which allow employees to achieve higher market positioning.

    The range of annual base salary for full-time employees for this position is below. Please note that base pay offered may vary depending on factors including your city of residence, job-related knowledge, skills, and experience.
    $135,482$227,700 USD

    At Samsara, we welcome everyone regardless of their background. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender, gender identity, sexual orientation, protected veteran status, disability, age, and other characteristics protected by law. We depend on the unique approaches of our team members to help us solve complex problems. We are committed to increasing diversity across our team and ensuring that Samsara is a place where people from all backgrounds can make an impact.

    Benefits

    Full time employees receive a competitive total compensation package along with employee-led remote and flexible working, health benefits, Samsara for Good charity fund, and much, much more. Take a look at our Benefits site to learn more.

    Accommodations 

    Samsara is an inclusive work environment, and we are committed to ensuring equal opportunity in employment for qualified persons with disabilities. Please email accessibleinterviewing@samsara.com or click hereif you require any reasonable accommodations throughout the recruiting process.

    Flexible Working 

    At Samsara, we haveadopted a flexible way of working, enabling teams and individuals to do their best work, regardless of where they’re based. We value in-person collaboration and know a change of scenery and quiet space to work is welcomed from time to time, but also appreciate that the world of work has changed. Our offices remain open for those who prefer to collaborate or work in-office, but we also encourage fully remote applicants.As most roles are not required to be in the office, we are able to hire remotely where Samsara has an established presence. If a role is required to be in a certain location and candidates do not have work authorization for that location, Samsara will conduct an immigration assessment. If the role is not required to be in a specific location, Samsara will move forward with the remote location that works best for the business. All offers of employment are contingent upon an individual’s ability to secure and maintain the legal right to work at the company. 

     

    Please be aware that Samsara does not accept or assume responsibility for unsolicited resumes from agencies. We do not charge fees to applicants at any stage of the hiring process. Official communication about your application will only come from emails ending in '@Samsara.com' or '@us-greenhouse-mail.io'.

    Apply for this job

    17d

    Cybersecurity Engineer

    ClientSolvTechnologiesDallas, TX, Remote

    ClientSolvTechnologies is hiring a Remote Cybersecurity Engineer

    Job Description

    We are seeking an experienced and CISSP certified Cybersecurity Engineer for a 3 month contract-to-hire role.  This role can work remotely from anywhere within the U.S. 

    In this role, you will apply Information Technology (IT) security principles, methods and security products to protect and maintain the availability, integrity, confidentiality and accountability of   IT resources and physical security access of property and personnel. You will be accountable for executing assigned tasks to implement the goals of the organization's Information Security initiatives, on time and within approved budget.

    Essential Duties and Responsibilities:

    • Maintains configurations for IT security technologies to optimize protective equipment functions and capabilities.
    • Develops, documents and maintains methodology for sensitive and critical application and general support for IT security systems.
    • Researches technical and IT security topics; maintains information on industry trends.
    • Collaborates with others in the Company (i.e. Information Technology engineers, Network Engineers, etc) to perform design review and analysis of network infrastructure modifications.
    • Develops policies, procedures and maintains scripts, routines and software for accomplishing security studies and assessments to provide professional level analysis in recognizing system threats and vulnerabilities; detects malware or malicious activities.
    • Periodically reviews firewall and router rules and access control lists.
    • Monitors and reviews intrusion detection systems and firewall logs to identify adverse patterns and coordinate mitigation responses.
    • Performs security assessments, risk identification and mitigation planning and execution.
    • Leads vulnerability management efforts and actively participates in patch management and risk management processes.
    • Participates in emergency operations, including the Computer Security Incident Response Team.
    • Responsible for PKI Infrastructure management and support - User and Server Authentication
    • Draft policy based on NIST, FISMA, PCI, PII and CJIS compliance.
    • Ensures processes and procedures are developed, documented, maintained and adhered to for incident identification, investigation and response, analysis and recommendations for risk management, collection of forensic data and regulatory require

       

    Qualifications

    • 5+ years of professional experience as a Cybersecurity Engineer
    • Experience working with Technical tools and implementing them such as
      • Identity Access Management
      • Privilege Access Management Identity Access Management
      • Vulnerability Management
      • Threat Hunting
    • Must have CISM, CISA, CRIS, CISSP, or similar certification
    • SIEM tools -Splunk
    • BS in Information Technology or equivalent combination of directly applicable experience and certification
    • Strong experience working with market standard Vulnerability Assessment tools
    • Must have experience with network monitoring, network security, network equipment programming, firewall configurations and DLP solutions, log monitoring and event correlation
    • Experience with policy and process documentation
    • Understanding of DNS, DHCP and LDAP
    • System hardening experience utilizing STIGs, CIS or USGCB
    • Security Incident Response experience
    • Strong oral and written communication abilities with experience writing policies
    • Must possess strong analytical and troubleshooting skills
    • Must be able to serve as a technical resource to IT staff

    Apply for this job

    Level is hiring a Remote Head of Security

    At Level, we believe using your benefits should be as easy as buying a cup of coffee. We’re unlocking the full value of compensation by rebuilding benefits as a simple payments experience — fast, flexible, and transparent. Our mission is to empower people to build better financial futures, and we’re accomplishing that by transforming the status quo of benefits.

    Level is a B2B2C fintech company comprised of a diverse team from industry-leading companies like Square, Oscar, Google, Uber, and Airbnb. Together, we’re creating a new payments tech stack to help employers offer more accessible and personalized benefits for their teams — and this is just the beginning.

    At Level, collaboration is our superpower. By leveraging each other’s strengths and curiosity, we’ve been able to build a best-in-class product, culture, and business. Plus, our employee benefits are so awesome that we let our customers buy them too.

    What You'll Do:

    • Define Level’s security roadmap
    • Get hands-on with implementation, design, and execution
    • Work directly with our research teams to protect our core assets
    • Ensure compliance with relevant frameworks, such as PCI-DSS, HIPAA, SOC 2, ISO-27001, and conduct compliance audit in collaboration with legal, IT, and other teams
    • Maintain and develop security documentation to reflect design and best practices in areas such as network security, data flow diagrams, and related topics
    • Support on-call activities such as incident response, daily log/dashboard reviews, and design and code reviews
    • Lead customer security interactions, answer questionnaires, and confidently represent Level during security reviews to build customer trust
    • Conduct annual vendor reviews and assess ongoing vendor risk management
    • Proactively identify and mitigate security threats
    • Build and evangelize security policies, programs and best practices

    Who You Are:

    • 10+ years of security experience
    • 3+ years leading and managing teams in a fast-paced environment
    • Strong experience in protecting at least one cloud platform and a willingness to become an expert with AWS
    • Deep knowledge of attack surfaces for enterprise systems and services
    • Experience defending against state-level actors a plus
    • Willingness to dive in to problems to formulate plans and drive execution
    • Expertise in thinking through insider threat scenarios
    • Experience defining threat models for a small or medium size organization
    • You have strong written and verbal communication skills, building strong relationships with stakeholders and teams around the organization
    • Excellence in problem-solving, strategic thinking, and collaboration with cross-functional teams
    • Experience working with highly sensitive confidential information ideally financial and/or health data

    What We Offer:

    • Competitive salary and equity
      • Remote first, with an office in NYC (HQ) as an option to work from
    • For those not in the NYC area, we offer up to $500 monthly for renting a co-working or office space
    • 100% employer paid medical
    • 100% employer paid dental through Level with a $2,500 benefit allowance
    • 100% employer paid vision through Level with a $600 benefit allowance
    • 401(k)
    • Generous additional fringe benefits offered through Level’s platform:
      • $25 monthly through our R&D funds to help stress-test new products and features
      • $150 monthly through our Wellbeing lifestyle spending account
      • $500 in New Hire Office Funds available in your first 90 days to assist with getting your remote workspace set up
      • $1,000 annually through Level’s Mental Health EAP
      • $3,000 annually in Education benefits (made available upon your 1 year anniversary) that can be used to continue professional education or be applied towards student loan payments
      • $4,000 lifetime balance through our Medical Travel EAP
      • $5,000 annually through our Gender Affirmation Fund
    • Flexible paid time off: take the time you need when you need it!
    • 10 days of paid sick leave per year
    • Company paid STD, LTD and life insurance
    • Voluntary life, legal and pet insurance
    • 8-16 weeks of paid parental leave
    • Quarterly company sponsored events
    • The chance to work at a leading innovator and trailblazer in the world of benefits and payments!

    This position has a minimum base salary of $236,000 and a midpoint base salary of $263,000. The base pay may vary depending on job-related knowledge, skills, and experience. In addition to a competitive base salary this position is also eligible for equity awards.

    Level is proud to be an Equal Opportunity Employer. We celebrate diversity and are committed to creating a welcoming and inclusive environment for all. Please apply to this role if you feel you are a good fit, regardless of your race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other perceived limiting factor. We welcome applicants from all walks of life.

    E-Verify Program Participant: Level participates in the Department of Homeland Security U.S. Citizenship and Immigration Services' E-Verify program (For U.S. based applicants and employees only). Please click below to learn more about the E-Verify program:

    See more jobs at Level

    Apply for this job

    Dataprise is hiring a Remote Cyber Security Analyst II

    Cyber Security Analyst II - Dataprise - Career Page

    See more jobs at Dataprise

    Apply for this job

    Webflow is hiring a Remote Senior Application Security Engineer

    At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code. By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative. It’s the web, made better. 

     

    We’re looking for a Senior Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures.

     

    About the role 

    • Location: Remote-first (United States; BC & ON, Canada) 
    • Full-time
    • Exempt 
    • The cash compensation for this role is tailored to align with the cost of labor in different US geographic markets. The base pay for this role ranges from $143,000 in our lowest geographic market up to $198,000 in our highest geographic market. These figures are in $USD and apply to candidates in the United States. The specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
    • Reporting to the Director of Security

     

    As a Senior Application Security Engineer, you’ll … 

    • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
    • Bring security best practices to the software development lifecycle.
    • Work as part of a team to champion security standards while balancing business strategies and requirements.
    • Support Webflow’s security current and future compliance frameworks
    • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
    • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
    • Cross-train entry and mid-level application security engineers

     

    In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

     

    About you 

    You’ll thrive as a Senior Application Security Engineer if you:

    • Have 2+ years of software development experience in security
    • Are passionate about security in general, and always hungry to learn
    • Have expertise in evaluating application/software with an eye to improve security design, continuous commitment to risk reduction and sustainable security.
    • Have experience fully rolling out secure code development lifecycle (SDLC) processes improvements, tools, and automation including planning, communication, and deployment of such tools.
    • Have solid experience penetration testing, finding and developing medium complexity application vulnerabilities
    • Have experience supporting software supply chain risks
    • Have experience with Threat Modeling 
    • Love to share knowledge, and the gift of explaining complex security concepts with your colleagues.
    • Have a solid understanding of web application security, secure software design, and secure coding, and insecure engineering practices.
    • Have set-up or supported bug bounty programs.

    Even if you don’t meet 100% of the above qualifications, you should still seriously consider applying. Research shows that you may still be considered for a role if you meet just half of the requirements.

    Our Core Behaviors:

    • Obsess over customer experience.We deeply understandwhatwe’re building andwhowe’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers.
    • Move with heartfelt urgency.We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment.
    • Say the hard thing with care.Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care.
    • Make your mark.We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as ateamto get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

    Benefits & wellness

    • Equity ownership (RSUs) in a growing, privately-owned company
    • 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (US; full-time Canadian workers working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent on insurance plan selection. Employees also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness
    • 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave. Employees also have access to family planning care and reimbursement
    • Flexible PTO with an mandatory annual minimum of 10 days paid time off, and sabbatical program
    • Access to mental wellness coaching, therapy, and Employee Assistance Program
    • Monthly stipends to support health and wellness, as well as smart work, and annual stipends to support professional growth
    • Professional career coaching, internal learning & development programs
    • 401k plan and financial wellness benefits, like CPA or financial advisor coverage
    • Commuter benefits for in-office workers

    Temporary employees are not eligible for paid holiday time off, accrued paid time off, paid leaves of absence, or company-sponsored perks.

    Be you, with us

    At Webflow, equality is a core tenet of our culture. We arecommittedto building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law.

    Stay connected

    Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, Twitter, and/or Glassdoor. 

    Please note:

    To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.

    If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

    Protecting your privacy and the security of your data is a longstanding top priority for Webflow. Please consult our Applicant Privacy Notice to know more about how we collect, use and transfer the personal data of our candidates.

     

     

    See more jobs at Webflow

    Apply for this job

    Lampenwelt GmbH is hiring a Remote IT Security Engineer (f/m/d)

    Stellenbeschreibung

    Wir suchen einen engagierten IT Security Engineer (f/m/d), der unsere Sicherheitsarchitektur mit Leidenschaft stärkt. In deiner Rolle als Experte für IT Security spielst du eine zentrale Rolle bei der Identifizierung, Analyse und Minderung von Sicherheitsrisiken. Du arbeitest Hand in Hand mit verschiedenen Teams, um unsere Sicherheitsstrategien, überwiegend in Projekten, weiterzuentwickeln, zu implementieren und kontinuierlich zu verbessern und bist Sparringspartner in der täglichen Analyse von Security Alerts. 

    Gelegentliche Vor-Ort-Einsätze sind erforderlich, ansonsten ist auch Remote-Arbeit möglich. 

     

    Wo deine Skills gefragt sind

    • Weiterentwicklung, Implementierung und Überwachung von Security Policies, um die Einhaltung von Standards und Best Practices sicherzustellen 
    • Administration und Beratung hinsichtlich unserer Security Infrastruktur, inklusive IAM, Cloud-, Endpoint- und Network Security
    • Durchführung von Security Assessments, inklusive Risiko-, Schwachstellen- und Compliance-Management
    • Proaktives Incident Management, von der schnellen Reaktion auf Sicherheitsvorfälle bis hin zum Business Continuity Management
    • Förderung der Sicherheitskultur durch Unterstützung bei der Durchführung regelmäßiger Security Awareness Trainings und Penetrationstests sowie Sicherheitsscans
    • Stetige Weiterentwicklung und Verfeinerung der Shared LUQOM IT-Services mit Fokus auf IT Security

    Qualifikationen

    Lampenwelt ist der richtige Ort für dich, wenn du Veränderungen als Chance begreifst und neugierig auf das Unbekannte bist. Wenn du dich jeden Tag aufs Neue herausforderst, um die beste Lösung zu finden. Hier wird dir Verantwortung übertragen, damit du deine Ideen nicht nur einbringen, sondern auch selbst umsetzen kannst. Bei Lampenwelt gehen wir jeden Tag ein Stück weiter, handeln schnell, sind offen und setzen auf eine direkte und lösungsorientierte Kommunikation auf allen Ebenen. 

    Was dir helfen wird, zukünftige Herausforderungen zu meistern 

    • Tiefgehendes Verständnis für IT-Sicherheitskonzepte und -technologien
    • Fundiertes Wissen über Netzwerktechnologien, Cloud- & On-Prem Security Lösungen, End Point Protection, Betriebssystemen und SIEM
    • Kenntnisse im Umfeld von Microsoft Defender von Vorteil, insbesondere im Bereich Defender for Endpoint, Cloud sowie Identity
    • Starkes Interesse an neuen Technologien und fortlaufender persönlicher sowie beruflicher Weiterentwicklung
    • Eigeninitiative und Teamgeist bei der Durchführung von IT-Projekten
    • Analytische, konzeptionelle, strukturierte und eigenständige Arbeitsweise
    • Ausgeprägte Teamfähigkeit, Kommunikationsstärke und Engagement
    • Abgeschlossene Ausbildung im IT-Bereich oder ein Studium in Wirtschaftsinformatik, Informatik oder einem verwandten Feld
    • Sehr gute Deutsch- und Englischkenntnisse in Wort und Schrift

    See more jobs at Lampenwelt GmbH

    Apply for this job

    21d

    IT Security Engineer

    Timocom GmbHErkrath, Germany, Remote

    Timocom GmbH is hiring a Remote IT Security Engineer

    Stellenbeschreibung

    Als IT Security Engineer (m/w/d) bei TIMOCOM erarbeitest du gemeinsam mit deinem Team Maßnahmen, Konzepte und Richtlinien zur kontinuierlichen Verbesserung des Betriebs- und Sicherheitsniveaus.

    • Dabei bist du für die Definition, Einführung, sowie Weiterentwicklung und Implementierung von IT-Sicherheitsvorgaben verantwortlich.
    • Für den IT-Betrieb evaluierst und betreust du IT-Sicherheitslösungenund identifizierst IT-Sicherheitsrisiken sowie Schwachstellen.
    • Du konzipierst Sicherheitsanforderungen für Web-Applikationen und etablierst einen Secure Software Development Lifecycle.
    • Zudem führst du Sicherheitsprüfungen und Sicherheitsanalysen der IT-Infrastruktur durch.
    • Du berätst Softwareentwicklern sowie Fachbereiche und Projektgruppen zu Themen der IT-Sicherheit und empfiehlst Maßnahmen zur Steigerung des IT-Sicherheitsniveaus.
    • Es steht dir frei, entweder 100 Prozent remote zu arbeiten oder flexibel unsere TEAMocom Spaces vor Ort zu nutzen.

    Qualifikationen

    • Du bringst mehrjährige Berufserfahrung im Bereich der IT-Sicherheit mit.
    • Mit Client- und Server-Betriebssystemen wie Microsoft und Unix kennst du dich bestens aus.
    • Zudem bringst du fundiertes Wissen zur sicheren Konfiguration und Überwachung der Office 365 Cloudmit.
    • Du hast ein gutes Verständnis für Best-Practices der IT-Sicherheit, sowie für Netzwerk- und Betriebssystem-Architekturen (z.B. ISO 27001, ISO 22301).
    • Bestenfalls konntest du erste Erfahrungen im Bereich von Pentesting und Red Teaming sammeln.
    • Damit du dich in deinem Team gut verständigen kannst, bringst du gute Deutsch- und Englischkenntnisse mit.

    See more jobs at Timocom GmbH

    Apply for this job

    24d

    Product Security Engineer

    Accesa - RatiodataEmployees can work remotely, Romania, Remote

    Accesa - Ratiodata is hiring a Remote Product Security Engineer

    Job Description

    The Security Expert is responsible to:

    • Strategically plan, develop, and coordinate an effective Application Security program.
    • Develop, establish, and maintain processes, procedures, and guidelines to promote the security within development responsible teams.
    • Manage the operations and effectiveness of the security pipeline tools.
    • Lead the security function for the business.
    • Manage security specialists and ensuring their output aligns with the organization’s goals and priorities.
    • Identify new security opportunities and challenges, ensuring that the right actions are taken to avoid risks.
    • Encourage self-sustaining security practices and behaviors within delivery teams.
    • Perform risk assessments for threats and incidents.
    • Ensure that regulatory and legal requirements are met.
    • Establish teams to implement new security solutions and managing budgets.
    • Take ownership and responsibility for reaching objectives and meeting goals.
    • Review the existing security position and stay updated on the security industry globally to propose positive changes.

     

    Will coordinate the planning, implementation, and deployment of security features and improvements. May take the project management role on occasion and fulfill other duties as assigned.

     

    Qualifications

    • At least 4 years of relevant security experience in manufacturing industry
    • Experience with crisis / emergency situations
    • Knowledge of IT security technology, SDLC process with it's security touchpoints and security standards.
    • Profound knowledge of security design strategies and corresponding standards that support the efficient execution of those strategies.
    • Excellent communication skills, negotiation skills and assertiveness.
    • Initiative and a sense of responsibility.
    • Strong analytical thinking skills and the ability to quickly grasp and process complex relationships in a way that is appropriate for the addressee
    • Integrity, impartiality, responsibility and confidentiality
    • Proficient in English language. German language would be a plus.
    • Compliance standards (IEC 62443, TISAX, ISO 27001) and EU security directives knowledge would be a big plus.

    Apply for this job

    DHIS is hiring a Remote Application Security Engineer (Remote)

    Job Description

    DHIS2 is hiring an Application Security Engineer who will join our security team to support our secure software development lifecycle. It is a full-time, remote position. Our application security engineer will:

    • Perform secure design reviews and help the software team with secure code review
    • Validate incoming vulnerability reports and advise on mitigation solutions
    • Contribute to the ongoing implementation of OWASP ASVS requirements
    • Develop and maintain security automation tools
    • Provide ad-hoc security advice and organize training for DHIS2 developers and implementers
    • Contribute to security documentation and training materials

    Qualifications

    • Previous working experience as an application security engineer for 3+ years
    • Previous experience with implementing OWASP ASVS or MASVS requirements
    • Active contributor to the security community (public speaking, research, blogging)
    • Fluent in English to a professional level (written and oral)
    • Knowledge of French or Spanish will be considered an advantage
    • Knowledge of the DHIS2 technology stack will be considered an advantage
    • Willing to travel occasionally to support our implementors on security matters or participate in community events

    See more jobs at DHIS

    Apply for this job

    StockX is hiring a Remote Senior Cloud Security Engineer

    Help empower our global customers to connect to culture through their passions.

    Why you’ll love this role

    This hands-on security engineering position will be part of StockX's Information Security Cloud & Application Engineering team.  This team is responsible for leading efforts to enhance the security of the cloud infrastructure and applications all across StockX. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements, mitigate risks, and ensure compliance. They provide ongoing engineering support for security systems in our cloud native environment.  This is a critical IC role on the StockX Information Security team and will work with several stakeholders in Product, Engineering, Operations, Customer Service, Safety & Trust, & IT.

    What you’ll do

    • Partner with the Platform Engineering and IT teams to design, implement, and manage security measures for our AWS & Azure cloud infrastructure.
    • Collaborate with cross-functional teams to automate and expedite integration of security best practices into the entire development lifecycle, from design to deployment.
    • Use available tooling to assess risks and vulnerabilities and implement strategies to mitigate and remediate identified security risks.
    • Automate enforcement security of policies and related controls for AWS cloud services and data protection.
    • Monitor and respond to security incidents, conduct investigations, and implement incident response procedures as needed with confidentiality and professionalism.
    • Design and implement identity and access management (IAM) solutions for secure access control.
    • Partner with other teams to ensure IAM controls are part of a defense in depth strategy
    • Ensure the continuing operation and effectiveness of key identity and access management controls
    • Stay abreast of the latest cloud security trends, threats, and vulnerabilities, and implement proactive measures to address emerging risks.
    • Possess knowledge of reliable and low-touch infrastructure using technologies such as Terraform, Kubernetes, and Docker supported by other engineering teams.
    • Provide mentorship and guidance to junior members of the security team.
    • Ability to quickly analyze logs and configurations using; Python, JQ, cURL, etc.
    • Integrate application security tooling within the existing CI/CD environment to improve application security.

    About you

    • 4-7 years of relevant security experience.
    • Bachelor's degree preferred but not required.
    • Cyber security certifications preferred e.g. CISSP, CISM, Security +, AWS Security
    • Strong experience with cloud native environments and with multiple cloud services providers
    • Experience with scripting across multiple cloud providers and infrastructure APIs to analyze security posture and configurations.
    • Detailed understanding of cloud and network security
    • Experience reading other engineer’s code across a number of languages to identify security issues.
    • Understanding of modern cloud technology components and deployment patterns: containers, Kubernetes, serverless, infrastructure as code, etc.
    • Experience with OAuth/SAML techniques and OIDC
    • Deep understanding of Identity & Access Management security controls and tooling
    • Strong understanding of securing distributed cloud and on-premesis networks using security groups, network ACLs, VPNs, and WAFs among other technologies
    • Strong understanding of security monitoring tools for cloud environments such as CSPM, CASB, cloud audit logs such as AWS Cloudtrail, etc
    • Strong understanding of application security tools such as Snyk, Sonarcloud, Dependabot or Renovate, GitGuardian, etc 
    • Technical understanding of how threats like Spam, Phishing, DDoS Attacks, Brute Force Attacks, SQL Injections, XSS are executed and how to protect against them across an organization.

     

    Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

    Pursuant to the various pay transparency laws/acts, the base salary range is $140,000 to $160,000 plus opportunities for benefits (e.g., medical, dental), equity and discretionary bonuses. Compensation is dependent on geography and may vary.

    About Us

    StockX is proud to be a Detroit-based technology leader focused on the large and growing online market for sneakers, apparel, accessories, electronics, collectibles, trading cards, and more. StockX's powerful platform connects buyers and sellers of high-demand consumer goods from around the world using dynamic pricing mechanics. This approach affords access and market visibility powered by real-time data that empowers buyers and sellers to determine and transact based on market value. The StockX platform features hundreds of brands across verticals including Jordan Brand, adidas, Nike, Supreme, BAPE, Off-White, Louis Vuitton, Gucci; collectibles from artists including KAWS and Takashi Murakami; and electronics from industry-leading manufacturers Sony, Microsoft, Nvidia, and Apple. Launched in 2016, StockX employs more than 1,000 people across offices and verification centers around the world.
     
     
    We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position. StockX reserves the right to amend this job description at any time.

    See more jobs at StockX

    Apply for this job

    27d

    Security Engineer

    SamsaraRemote - US
    linuxpythonAWS

    Samsara is hiring a Remote Security Engineer

    Who we are

    Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that depend on physical operations to harness Internet of Things (IoT) data to develop actionable insights and improve their operations. At Samsara, we are helping improve the safety, efficiency and sustainability of the physical operations that power our global economy. Representing more than 40% of global GDP, these industries are the infrastructure of our planet, including agriculture, construction, field services, transportation, and manufacturing — and we are excited to help digitally transform their operations at scale.

    Working at Samsara means you’ll help define the future of physical operations and be on a team that’s shaping an exciting array of product solutions, including Video-Based Safety, Vehicle Telematics, Apps and Driver Workflows, Equipment Monitoring, and Site Visibility. As part of a recently public company, you’ll have the autonomy and support to make an impact as we build for the long term. 

    Recent awards we’ve won include:

    Glassdoor's Best Places to Work 2024

    Best Places to Work by Built In 2024

    Great Place To Work Certified™ 2023

    Fast Company's Best Workplaces for Innovators 2023

    Financial Times The Americas’ Fastest Growing Companies 2023

    We see a profound opportunity for data to improve the safety, efficiency, and sustainability of operations, and hope you consider joining us on this exciting journey. 

    About the role:

    As a member of our Security Operations Team, you will collaborate with a global team of engineers to proactively identify and mitigate risks, monitor and respond to security events, respond to and assist in security incidents as a security incident responder, and protect Samsara’s corporate infrastructure and operations.

    You will also be responsible for creating and maintaining runbooks, assisting in creating automated workflows, and assisting in process refinement and implementation. You will collaborate with a diverse team of analysts, engineers and key stakeholders on security initiatives across the company. Above all, your focus is bringing Security expertise to the table in a collaborative, humble, and practical manner.

    This role requires availability during the Pacific Standard Time business hours, including being on call.

    You should apply if:

    • You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
    • You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, countless opportunities to experiment and master your craft in a hyper growth environment.
    • You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
    • You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best. 

    Click hereto learn about what we value at Samsara. 

    In this role, you will: 

    • Monitor security events and provide technical analysis on alerts
    • Respond to cyber security incidents by executing the incident response strategy through incident closure, while providing incident updates to the incident commander throughout the incident
    • Protect Samsarawhile partnering across the organization to drive remediation and ensure Samsara infrastructure is sufficiently protected
    • Manage post-incident activity such as POMO and Corrective Action assignments
    • Manage security event analysis
    • Assist with developing and maintaining security policies, processes and incident response procedures
    • Deliver security guidance clearly and concisely for cloud and enterprise infrastructure initiatives
    • Coordinate the building of services, capabilities, integrations, and implementations of technologies to support security operations and incident response
    • Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices

    Minimum requirements for the role:

    • 2+ years of relevant experience in security operations and/or incident management 
    • Strong reasoning skills and the ability to accurately document procedures and findings during analysis
    • Practical hands-on experience assisting in security incident response, including triage, and coordinating across teams to drive incidents to closure
    • Concise verbal and written communication skills
    • Strong problem-solving skills, adaptable, proactive, and willing to take ownership
    • Experience with analysis and forensics techniques on macOS, Windows, and Linux
    • Ability to work flexible hours and be on call for potential security incidents

    An ideal candidate also has:

    • Bachelor’s degree in Information Technology, Risk Management or a related field
    • Experience utilizing SIEM tools and building infrastructure to support large-scale threat detection efforts
    • Familiarity with common security frameworks and standards, including NIST Cybersecurity Framework and ISO 27001
    • Experience in cloud architecture and security (AWS, GCP) and cloud-based services
    • Experience conducting security investigations across clouds, user endpoints, and servers
    • Programming experience in Python; scripting is also desirable
    • Familiarity with data privacy regulations and compliance
    • Technical knowledge of network fundamentals and common Internet protocols
    • Relevant information security certifications

    Samsara’s Compensation Philosophy:Samsara’s compensation program is designed to deliver Total Direct Compensation (based on role, level, and geography) that is at or above market. We do this through our base salary + bonus/variable + restricted stock unit awards (RSUs) for eligible roles.  For eligible roles, a new hire RSU award may be awarded at the time of hire, and additional RSU refresh grants may be awarded annually. 

    We pay for performance, and top performers in eligible roles may receive above-market equity refresh awards which allow employees to achieve higher market positioning.

    The range of annual base salary for full-time employees for this position is below. Please note that base pay offered may vary depending on factors including your city of residence, job-related knowledge, skills, and experience.
    $109,480$184,000 USD

    At Samsara, we welcome everyone regardless of their background. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender, gender identity, sexual orientation, protected veteran status, disability, age, and other characteristics protected by law. We depend on the unique approaches of our team members to help us solve complex problems. We are committed to increasing diversity across our team and ensuring that Samsara is a place where people from all backgrounds can make an impact.

    Benefits

    Full time employees receive a competitive total compensation package along with employee-led remote and flexible working, health benefits, Samsara for Good charity fund, and much, much more. Take a look at our Benefits site to learn more.

    Accommodations 

    Samsara is an inclusive work environment, and we are committed to ensuring equal opportunity in employment for qualified persons with disabilities. Please email accessibleinterviewing@samsara.com or click hereif you require any reasonable accommodations throughout the recruiting process.

    Flexible Working 

    At Samsara, we haveadopted a flexible way of working, enabling teams and individuals to do their best work, regardless of where they’re based. We value in-person collaboration and know a change of scenery and quiet space to work is welcomed from time to time, but also appreciate that the world of work has changed. Our offices remain open for those who prefer to collaborate or work in-office, but we also encourage fully remote applicants.As most roles are not required to be in the office, we are able to hire remotely where Samsara has an established presence. If a role is required to be in a certain location and candidates do not have work authorization for that location, Samsara will conduct an immigration assessment. If the role is not required to be in a specific location, Samsara will move forward with the remote location that works best for the business. All offers of employment are contingent upon an individual’s ability to secure and maintain the legal right to work at the company. 

     

    Please be aware that Samsara does not accept or assume responsibility for unsolicited resumes from agencies. We do not charge fees to applicants at any stage of the hiring process. Official communication about your application will only come from emails ending in '@Samsara.com' or '@us-greenhouse-mail.io'.

    Apply for this job

    27d

    Sr. Security Engineer

    InMarketRemote (US Only)
    agileterraformmobilerubyc++kuberneteslinuxpythonAWSjavascript

    InMarket is hiring a Remote Sr. Security Engineer

    Title:Sr. Security Engineer                                        

    Location:Remote - US ONLY

    About inMarket

    Since 2010, InMarket has been the leader in 360-degree consumer intelligence and real-time activation for thousands of today’s top brands. Through InMarket's data-driven marketing platform, brands can build targeted audiences, activate media in real time, and measure success in driving return on ad spend. InMarket's proprietary Moments offering outperforms traditional mobile advertising by 6x.* Our LCI attribution platform, which won the MarTech Breakthrough Award for Best Advertising Measurement Platform, was validated by Forrester to drive an average of $40 ROAS for our clients.
    *Source: Wordstream US Google Display Benchmarks for Mobile Media

    About the Role

    Join the team responsible for protecting our customers, our data, and our company from malicious actors at all levels. We are an outcomes focused team, focused on enabling our internal customers for success by providing them with clear guidance and strong security controls. We're looking for an exceptional engineer to join the team at the center of security and safety here at InMarket.

    Your Daily Impact as a Sr. Security Engineer
    In this role you will be responsible for working with great depth and breadth to build safeguards, detections, and controls to protect InMarkets vast amounts of data. Here you’ll truly be at the front lines taking on meaningful work to defend our company and our peers.

    You will be working and communicating closely with many technical teams to develop context and foresight into what our true risks are, and work towards holistic longlasting remediation with guidance and real world solutions. Our goal is to create a cohesive balance between risk, operational effectiveness, and compliance.

    The ideal candidate for this team is someone who is a strong, interested, well rounded engineer with a passion for security as well as a natural collaborator who can understand business needs and develop security solutions that empathize with people's experiences.

    Your Experience and Expertise

    • BS in computer science / cybersecurity, or equivalent experience
    • 5+ years of experience in engineering, information security operations or related IT operations
    • Strong experience in Linux administration
    • Strong development & scripting experience. (Javascript / Ruby, Python preferred)
    • Strong experience in AWS, GCP, or both
    • Good networking fundamentals

    Nice to Haves 

    • Ability to provide a sample portfolio or work examples is highly preferred
    • Varied security engineering experience with a specialty in one or more areas of security such as: (Cloud Security, Vulnerability Management, Application Security, Penetration Testing / Offsec, DevSecOps, Third Party / SaaS Security, Identity and Access Management, Incident Response)
    • Experience performing security / architecture / code reviews
    • Hackthebox, CTF, or Hackathon experience
    • Good hands-on background in building tooling using many security products
    • Terraform / IaC experience
    • Kubernetes / Container experience
    • Controls and Standards knowledge (SOC2, NIST CSF, 800-53, CIS)
    • SOC2 audit experience
    • Familiar with Security Reference Architectures and actual best practices
    • Experience building out security tooling from common vendors
    • Active member or speaker in the security / technology community
    • Ability to work and multitask under high pressure situations
    • Excellent written and verbal communication skills. Ability to communicate highly complex security concepts to both technical and non-technical audiences

    Finally, here are a few more reasons why we love this work and think that you will too:

    • This is a diverse role with unparalleled visibility where you’ll be able to learn new tech daily.
    • You will have the opportunity to shape the security function with the support and autonomy to actually do it.
    • Great support from executive leadership who understand the true value in security and genuinely back the mission.

    Benefits Summary

    • Competitive salary, stock options, flexible vacation
    • Medical, dental and Flexible Spending Account (FSA)
    • Company Matched 401(k)
    • Unlimited PTO (Within reason)
    • Talented co-workers and management
    • Agile Development Program (For continued learning/professional development)
    • Generous Paid Parental Leave

     

    For candidates in California, Colorado, and New York City, the Targeted Base Salary Range for this role is $130,000 to $175,000. 

    Actual salaries will vary depending on factors including but not limited to work experience, specialized skills and training, performance in role, business needs, and job requirements. Base salary is subject to change and may be modified in the future. Base salary is just one component of InMarket’s total rewards package that also may include bonus, equity, and benefits.  Ask your recruiter for more information!

    At InMarket we are committed to a culture that supports diversity, inclusion, belonging and equal opportunity. We celebrate all people and believe everyone deserves respect regardless of race, gender, sexual orientation, backgrounds, experiences, abilities or beliefs.

    InMarket is an Equal Opportunity Employer (EOE). Qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, or veteran status.

    Privacy Notice for California Job Applicants: https://inmarket.com/ca-notice-for-job-applicants/

    #LI-Remote

    See more jobs at InMarket

    Apply for this job

    28d

    Application Security Engineer

    PodiumRemote, US
    Designazurerubyjavac++linuxpythonAWSjavascriptPHP

    Podium is hiring a Remote Application Security Engineer

    At Podium, our mission is to help local businesses win. Our lead conversion platform, powered by AI and integrations, helps local businesses convert leads faster, communicate easier, and make more sales. Every day, thousands of local businesses utilize our review management, communication, marketing, and payments products. 

    Our work and focus on helping local businesses thrive has been recognized across the industry, including Forbes’ Next Billion Dollar Startups, Forbes’ Cloud 100, the Inc. 5000, and Fast Company’s World’s Most Innovative Companies.

    At Podium, we believe in fostering a culture that thrives on hiring and developing exceptional talent. Our operating principles serve as a compass, guiding daily behavior and decision-making, and ensure we hire people who will thrive at Podium. If you resonate with our operating principles and are energized by our mission, Podium will be a great place for you!

    The Role:

    As an Application Security Engineer at Podium, you will be responsible for validating that application services are designed and implemented with high security standards. You will analyze application security, addressing both legacy and emerging security issues, and implement repeatable secure development practices to prevent program flaws that could lead to exploitation. You will constantly assess applications for weakness, provide resolutions and communicate findings to the technical leadership team for effective risk mitigation. You will be constantly assessing applications for weaknesses and finding resolutions before they can be abused.

    In this role, you will also assess the security of applications for business-to-business initiatives, third-party relationships, and vendors. As a highly knowledgeable individual, you will recommend programmatic controls, and monitor and manage secure development practices to tackle modern-day issues. You will think like an attacker, but will always act with integrity and not abuse your privilege. 

    Checkout this video from our Director of Security Sean Jackson talking more about this position. 

    What you will be doing:

    • Perform vulnerability and penetration testing, emphasizing automation for testing and remediation.
    • Collaborate with developers, DevSecOps, and other teams to conduct repetitive validation testing and ensure a continuous cycle of secure development.
    • Stay updated on public-facing security issues, adopt new testing tactics, and actively participate in application projects and change management committees.
    • Define and follow a security review process, utilizing dynamic and static code analysis resources.
    • Document delivery advances meeting service-level agreements (SLAs) and business metrics.
    • Align with architects and development teams for secure design, actively engaging in information security projects.
    • Respond to service and escalation tickets, conduct performance testing, and contribute to local security groups/organizations and conferences.

    What you should have:

    • 4+ years of cybersecurity experience with a deep background (preferably 5+ years) in application programming.
    • Technical and analytical expertise, including threat modeling, vulnerability testing, and proficiency in software development (Java, Python, C++, Ruby, etc.).
    • Solid understanding of network and web protocols, experience with intra-company and third-party APIs, and proficiency with dynamic and static analysis tools.
    • Excellent communication of business risk from cybersecurity issues and a track record of integrity, excellence, curiosity, and adaptability.

    What we hope you have:

    • Experience with applications in AWS, Microsoft Azure, or GCP, and proficiency in cryptography controls.
    • DevOps background in public and private clouds, scripting skills in Python, JavaScript, PowerShell, PHP, or Ruby.
    • Familiarity with ISO 27001, NIST, PCI DSS, HIPAA, HITECH Act, SOX, GDPR, CIS standards, or SOC 2.
    • Working knowledge of Windows, Linux, Unix, and state privacy laws.
    • Highly trustworthy with leadership qualities.
    • Bachelor’s degree in computer science, information assurance, MIS, or related field, or equivalent experience.
    • Certifications preferences: SANS certifications (GWAPT), CISSP (preferred, or CSSLP), OSCP, and related certifications.

    Benefits:

    • Open and transparent culture 
    • Life insurance, long and short-term disability coverage
    • Paid maternity and paternity leave
    • Fertility Benefits
    • Generous vacation time, plus three 4-day summer holiday weekends
    • Excellent medical, dental, and vision benefits
    • 401k Plan with competitive company matching
    • Bi-annual swag drops with cool Podium gear and apparel 
    • A stellar HQ (Utah) gym with local professional coaches and classes offered
    • Onsite HQ (Utah) child care center, subsidized for employees
    • Additional benefits for fully remote employees

    Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status or veteran status.

    See more jobs at Podium

    Apply for this job

    Pindrop is hiring a Remote Lead Security Engineer

    Lead Security Engineer

    US Remote

    Who we are

    Are you passionate about innovating at the intersection of technology and personal security? At Pindrop, we recognize that the human voice is a unique personal identifier, increasingly susceptible to sophisticated fraud, including the threat of deepfakes. We're leading the way in developing cutting-edge authentication, fraud prevention, and deepfake detection. Our mission is to provide seamless and secure digital experiences, safeguarding the most personal aspect of our identity: our voice. Here, you'll be part of a team driven by values of Innovation, Customer Advocacy, Excellence, and Impact. We're not just creating a safer digital landscape by fortifying trust and integrity with those we serve, we’re also building a dynamic, supportive workplace where your contributions make a real difference.

    Headquartered in Atlanta, GA, Pindrop is backed by world-class investors such as Andreessen-Horowitz, IVP, and CapitalG.

    What you’ll do 

    • Lead and examine and secure systems, network, infrastructure and applications to assess and improve the current on premises and cloud security posture.
    • Lead administration, management and incident response of security tools and technologies such as EDR (Endpoint Detection & Response), SIEM (Security Information & Event Management), DLP (Data Loss Prevention), Vulnerability Management, Firewalls, WAF (Web Application Firewalls)
    • Support daily security operations (SecOps) functions such as configuring, monitoring and responding to security alerts. Assist with Incident Response, and investigations.
    • Build automation for security tools and SecOps functions such as compliance checks, alerts and reporting.
    • Lead security analysis, review and deployment of solutions (systems, network, infrastructure and applications) to protect Pindrop assets in the cloud and our data centers.
    • Lead technical security assessments, security reviews, code audits and offensive security exercises to test security controls and detection capabilities
    • Be aware of Information security standards such as ISO27001, SOC2, PCI and support internal and third party audits.
    • Provide thought leadership and technical direction based on security news, research, threats, attack vectors, technologies, certifications, laws and regulations and report on anything that could impact the company. 
    • Collaborate with stakeholders, provide security guidance and support and develop dashboards, reports, and alerts to meet their cybersecurity operational information requirements.    

    Who you are

    • You are an engineer at heart with strong problem-solving, analytical, communication and interpersonal skills and who has knowledge or experience in several areas such as - defending against and/or mitigating system vulnerabilities (including enterprise level concerns, infrastructure, and host/endpoint), intrusion detection and incident response, network traffic analysis, scripting languages, software reverse engineering, network security devices (e.g., firewalls, intrusion and detection systems), cloud and compliance frameworks.
    • You continuously look for automation and programmatic efficiencies in security processes
    • You have excellent written and verbal communication skills and can communicate technical details in a clear, concise, understandable manner
    • You work independently and as part of a team with minimal supervision
    • You are resilient in the face of challenges, change, and ambiguity
    • You are optimistic and believe that you can make a problem into a solution
    • You are resourceful, excited to uncover innovative solutions and teach yourself something new when needed
    • You take accountability, do the things you say you’ll do, under-promise and over-deliver
    • You are nimble and adaptable when priorities change and continue to see the “forest through the trees” 

    Your skill-set: 

    • At least 7 years of experience with administering and managing security technologies and tools such as EDR, SIEM, Vulnerability Management, SAST and DAST, Data Loss Prevention and File Integrity Monitoring tools.
    • At least 5 years of experience with Security Operations (SecOps), incident response, security investigations.
    • At Least 1 year of experience with a scripting or programming language: python, golang, ruby, bash, Java.
    • Strong understanding of  Networks, Cloud, Containers, API, Application Security, SDLC, Web security, Docker, and Kubernetes
    • Fundamental understanding of accepted security practices, known attack vectors and vulnerability assessment methodologies
    • Nice to have:
      • Prior experience as a software developer
      • Prior architectural experience
      • Knowledge of common information security standards, such as ISO 27001/27002, NIST, CIS, PCI DSS, ITIL, and COBIT.

    What’s in it for you:

    As a Pindropper, you join a rapidly growing company making technology more human with the power of voice. You will work alongside some of the best and brightest). We’re a passionate group committed to excellence - but that doesn’t stop us from enjoying the journey as a team with chess and poker tournaments, catered lunches and happy hours, wellness programming, and more. Because we take our jobs seriously, we add in time for rest with Unlimited PTO, Focus Thursday, and Company-wide Rest Days. 

    Within 30 days you’ll

      • Complete onboarding and attend New Employee Orientation sessions with other new Pindroppers
      • Learning about Pindrop culture, values and teams
      • Building relationships with key stakeholders and the team

    Within 60 days you’ll

      • Learning existing processes, tools and techniques
      • Learning SecOps best practices based on industry guidelines and comparing with current practices

    Within 90 days you’ll

      • Defining SecOps best practices based on industry guidelines and planning to improve with current practices
      • Design and architect new security deployments and solutions.
      • Teach us something new

    What we offer

    As a part of Pindrop, you’ll have a direct impact on our growing list of products and the future of security in the voice-driven economy. We hire great people and take care of them. Here’s a snapshot of the benefits we offer:

    • Competitive compensation, including equity for all employees
    • Unlimited Paid Time Off (PTO)
    • 4 company-wide rest days in 2024 where the entire company rests and recharges!
    • Generous health and welfare plans to choose from - including one employer-paid “employee-only” plan!
    • Best-in-class Health Savings Account (HSA) employer contribution
    • Affordable vision and dental plans for you and your family
    • Employer-provided life and disability coverage with additional supplemental options
    • Paid Parental Leave - Equal for all parents, including birth, adoptive & foster parents
      • One year of diaper delivery for your newest addition to the family! It’s our way of welcoming new Pindroplets to the family!
    • Identity protection through Norton LifeLock
    • Remote-first culture with opportunities for in-person team events
    • New hire and recurring monthly home office allowance
    • When we need a break, we keep it fun with happy hours, ping pong and foosball, drinks and snacks, and monthly massages!
    • Remote and in-person team activities (think cheese tastings, chess tournaments, talent shows, murder mysteries, and more!)
    • Company holidays
    • Annual professional development and learning benefit
    • Pick your own Apple MacBook Pro
    • Retirement plan with competitive 401(k) match
    • Wellness Program including Employee Assistance Program, 24/7 Telemedicine

    What we live by

    At Pindrop, our Core Values are fundamental beliefs at the center of all we do. They are our guiding principles that dictate our actions and behaviors. Our Values are deeply embedded into our culture in big and small ways and even help us decide right from wrong when the path forward is unclear. At Pindrop, we believe in taking accountability to make decisions and act in a way that reflects who we are. We truly believe making decisions and acting with our Core Values in mind will help us to achieve our goals and keep Pindrop a great place to work:    

    • Audaciously Innovate - We continue to change the world, and the way people safely engage and interact with technology. As first principle thinkers, we challenge standards, take risks and learn from our mistakes in order to make positive change and continuous improvement. We believe nothing is impossible.
    • Evangelical Customers for Life - We delight, inspire and empower customers from day one and for life. We create a partnership and experience that results in a shared passion.   We are champions for our customers, and our customers become our champions, creating a universal commitment to one another. 
    • Execution Excellence - We do what we say and say what we do. We are accountable for making the tough decisions and necessary tradeoffs to deliver quality and effective solutions on time.
    • Win as a Company - Every time we win, we win as a company. Every time we lose, we lose as a company. We break down silos, support one another, embrace diversity and celebrate our successes. We are better together. 
    • Make a Difference - Every day we have the opportunity to make a positive impact. We operate with dedication, passion, and uncompromising integrity, creating a safer, more secure world.

    Not sure if this is you?

    We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you’re not sure if you qualify, apply anyway! We carefully consider every application and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

    Pindrop is an Equal Opportunity Employer

    Here at Pindrop, it is our mission to create and maintain a diverse and inclusive work environment. As an equal opportunity employer, all qualified applicants receive consideration for employment without regard to race, color, age, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, marital and/or veteran status.

     

    #LI-Remote

     

    See more jobs at Pindrop

    Apply for this job

    hims & hers is hiring a Remote Senior Security Analyst

    Hims & Hers Health, Inc. (better known as Hims & Hers) is the leading health and wellness platform, on a mission to help the world feel great through the power of better health. We are revolutionizing telehealth for providers and their patients alike. Making personalized solutions accessible is of paramount importance to Hims & Hers and we are focused on continued innovation in this space. Hims & Hers offers nonprescription products and access to highly personalized prescription solutions for a variety of conditions related to mental health, sexual health, hair care, skincare, heart health, and more.

    Hims & Hers is a public company, traded on the NYSE under the ticker symbol “HIMS”. To learn more about the brand and offerings, you can visit hims.com and forhers.com, or visit our investor site. For information on the company’s outstanding benefits, culture, and its talent-first flexible/remote work approach, see below and visit www.hims.com/careers-professionals.

    ​​About the Role:

    We are seeking a Senior Security Analyst to help build our Security Operations discipline. Our team moves at a fast pace and always looking to help drive best security practices at our core. This dynamic team enables multiple areas of the business to be able to stay agile, but with always being vigilant to keep our infrastructure secure and drive innovation. This is an opportunity to directly drive change and security in our business.

    You Will:

    • Advanced Security Monitoring and Analysis: Oversee the continuous monitoring and in-depth analysis of network traffic, system logs, and security alerts, employing cutting-edge SIEM solutions and leveraging advanced threat intelligence feeds to detect and respond to sophisticated cyber threats
    • Incident Response Mastery: Develop, refine, and lead the execution of advanced incident response plans and procedures, orchestrating multifaceted incident handling activities with a focus on rapid containment, eradication, and recovery. Serve as the ultimate technical authority during high-stress security incidents
    • Vulnerability Assessment and Management Expertise: Lead the identification and prioritization of vulnerabilities across our intricate technology stack, conducting comprehensive vulnerability assessments and overseeing advanced remediation efforts, including penetration testing and code review
    • AWS, Azure, and GCP Security Expertise: Utilize your extensive knowledge of AWS, Azure, and GCP security best practices to assess and enhance the security of cloud environments. Implement and maintain security configurations, identity and access controls, and encryption mechanisms specific to each cloud platform. Conduct security assessments and audits to identify vulnerabilities and provide recommendations for remediation
    • Pioneering Threat Intelligence Integration: Maintain an expert understanding of emerging cybersecurity threats and trends, actively integrating advanced threat intelligence into security operations to drive proactive threat detection and support the development of custom threat-hunting methodologies
    • Master of Security Automation and Tooling: Spearheaded the development and deployment of highly sophisticated scripts, automation tools, and custom security solutions to optimize and streamline complex security tasks, enhance operational efficiency, and enable rapid response to evolving threats
    • Prior experience with Threat Hunting and making recommendations on findings
    • Experience in Red team, Blue team, Purple team, and table top exercise
    • Recommend and implement security enhancements to proactively address emerging threats
    • Assist in the development and enforcement of security policies, standards, and procedures
    • Prior experience with industry regulations and standards, such as NIST, CIS, and GDPR

    You Have:

    • Bachelor's degree in a relevant field or equivalent work experience
    • Minimum of 5 years of experience in a security analyst role
    • Strong expertise in cloud computing, with a preference for AWS
    • Proficiency in Sumo Logic for creating Insights and Signals
    • Experience researching through logs for security investigations
    • Familiarity with security platforms such as Netskope, CrowdStrike, Tenable, Cisco Meraki, and Proofpoint, or similar products
    • Certifications such as OCSP, CompTIA Security+, Pentest+, or AWS Certified Security – a plus
    • Excellent problem-solving and analytical skills
    • Strong communication, documentation, and teamwork abilities
    • Ability to work independently and under pressure in a fast-paced environment
    • Exposure to penetration testing platforms such as Burp Suite, Kali Linux, Metasploit, Nexpose
    • Skilled with network security tools such as Palo Alto Firewalls, Cisco VPNs, Palo Alto IDS
    • Understanding of regulatory compliance (NIST CSF, SOX, ISO)

     

    Our Benefits (there are more but here are some highlights):

    • Competitive salary & equity compensation for full-time roles
    • Unlimited PTO, company holidays, and quarterly mental health days
    • Comprehensive health benefits including medical, dental & vision, and parental leave
    • Employee Stock Purchase Program (ESPP)
    • Employee discounts on hims & hers & Apostrophe online products
    • 401k benefits with employer matching contribution
    • Offsite team retreats

     

    #LI-Remote

     

    Outlined below is a reasonable estimate of H&H’s compensation range for this role.  

    H&H also offers a comprehensive Total Rewards package that includes equity grants of restricted stock (RSU’s) so that H&H employees own a piece of our company.

    The actual amount will take into account a range of factors that are considered in making compensation decisions including but not limited to, skill sets, experience and training, licensure and certifications, and location.

    Consult with your Recruiter during any potential screening to determine a more targeted range based on the job-related factors. We don’t ever want the pay range to act as a deterrent from you applying! 
    An estimate of the current salary range for US-based employees is
    $100,000$115,000 USD

    We are focused on building a diverse and inclusive workforce. If you’re excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.

    Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance.

    Hims & hers is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations@forhims.com. Please do not send resumes to this email address.

    For our California-based applicants – Please see our California Employment Candidate Privacy Policy to learn more about how we collect, use, retain, and disclose Personal Information. 

    See more jobs at hims & hers

    Apply for this job

    Instacart is hiring a Remote Senior Security Engineer, Product Security

    We're transforming the grocery industry

    At Instacart, we invite the world to share love through food because we believe everyone should have access to the food they love and more time to enjoy it together. Where others see a simple need for grocery delivery, we see exciting complexity and endless opportunity to serve the varied needs of our community. We work to deliver an essential service that customers rely on to get their groceries and household goods, while also offering safe and flexible earnings opportunities to Instacart Personal Shoppers.

    Instacart has become a lifeline for millions of people, and we’re building the team to help push our shopping cart forward. If you’re ready to do the best work of your life, come join our table.

    Instacart is a Flex First team

    There’s no one-size fits all approach to how we do our best work. Our employees have the flexibility to choose where they do their best work—whether it’s from home, an office, or your favorite coffee shop—while staying connected and building community through regular in-person events. Learn more about our flexible approach to where we work.

    Overview

    We're looking for experienced Security Engineers to join our fast moving security team. We work on a range of interesting and challenging problems, from supporting thousands of concurrent shoppers and processing millions of data points in real time, to developing and enhancing internal tools, addressing vulnerabilities and managing secrets.

    Our goal is to run the world's most trusted and secure delivery platform. We work across all layers of our infrastructure to ensure we deploy trustworthy systems and protect our customers’, shoppers’, and partners’ data.

    About the Team

    You will be a key member of the Security Engineering team that is responsible for developing security-focused features and frameworks for Instacart in both production and infrastructure space. You will have an opportunity to lead high impactful projects across the platform and assist in defining the internal team processes. You will be directly influencing the security posture of many products and systems across the company. 

    About the Job 

    • Design, implement and ship high-quality security features for the product and internal tools across Instacart with a strong sense of urgency and accountability such as:
      • Secrets & Vulnerability management
      • IAM and Zero Trust
      • Platform abuse prevention & mitigation 
      • Data analytics hardening 
    • Work closely with product managers, designers, data scientists, and peer engineering teams to define project requirements and execution plans.
    • Identify unaddressed areas of security weakness and help the teams come up with efficient and scalable solutions.
    • Provide software engineering resource for sister teams in the areas of infrastructure hardening, detection, and response
    • Participate in the team’s on-call by handling and running incidents

    About You

    MINIMUM QUALIFICATIONS

    • 5+ years of experience in Security Engineering or related role
    • Strong knowledge of common back-end web technologies (such as Ruby on Rails, Python, Golang, SQL, etc) in a large scale distributed system environment
    • An ability to make data-driven decisions & prioritize initiatives that would help improve the key metrics. 
    • An ability to work effectively with cross-functional teams and drive alignment on security objectives and plans. 
    • An ability to balance a sense of urgency with shipping high-quality and pragmatic solutions.
    • Strong self-management and organizational skills
    • Experience developing tools and automation using common devops toolsets and programming languages

    PREFERRED QUALIFICATIONS

    • Bachelor’s degree in Computer Science, Engineering, Math or related work experience
    • Experience working on security or privacy products
    • Experience working with highly ephemeral environments
    • Prior experience assisting in handling and running incidents

    #LI-Remote

    See more jobs at Instacart

    Apply for this job

    snowflakecomputing is hiring a Remote Sr. Security Compliance Analyst

    Build the future of data. Join the Snowflake team.

    Since Snowflake handles a wide variety of data for its customers, Snowflake has implemented a disciplined and strategic data protection program. The Senior Security Compliance Analyst is an extremely high-visibility, internal-facing champion within the Snowflake Security team, responsible for two primary objectives:

    • Partner with internal Snowflake development and operations teams to implement the highest level of rigor in security controls implementation, within our Snowflake Service product and our organization
    • Support Snowflake Security Compliance programs, obligations, and audits, ensuring that the Snowflake Service product meets the widest selection of cybersecurity compliance frameworks

    AS A SENIOR SECURITY COMPLIANCE ANALYST AT SNOWFLAKE YOU WILL :

    • Engage with Engineering and Corporate IT Systems teams to ensure that production and corporate environments are regularly scanned for vulnerabilities, and that vulnerabilities are remediated within established deadlines
    • Identify, triage, and track progress on remediation for all vulnerability findings derived from scans, penetration tests, and reported by 3rd-party partners and customers
    • Ensure that risk management security controls are implemented consistently, and operating as expected, in accordance with the Snowflake Common Controls Framework
    • Assist engineers and product managers in developing and implementing appropriate risk management security controls to meet all applicable industry security frameworks and regulatory requirements
    • Support the development and operations of automated security tools by regularly engaging with security engineers who develop effective means to monitor, alert, and report on the security posture of the Snowflake Data Cloud in real time
    • Become an expert on the security features available for customers to deploy within the Snowflake Data Cloud, including best practices for implementation
    • Engage with engineering development teams to evaluate the compliance impact as part of the SDLC process, identifying security weaknesses in proposed solutions, and working with our Product Security team in evaluating the effectiveness of security products
    • As a Subject Matter Expert, support the initial development of, and maturity updates for, security policies and procedures 
    • Work with personnel across the Global Security Compliance & Risk (GSCR) team to ensure achievement of overall team objectives

    OUR IDEAL SENIOR SECURITY ANALYST MUST HAVE :

    • At least 4-5 years of experience directly working in support of vulnerability detection, management, and remediation efforts, ideally in cloud environments
    • Experience working with and implementing risk management security controls for NIST 800-53 controls. FedRAMP experience is a plus.
    • Self-motivated problem solver who is eager to identify and learn the latest security technologies 
    • Comfortable engaging with numerous stakeholders within a high-paced and complex engineering, production, and corporate enterprise environment
    • Technical competence sufficient to understand and explain the impact of detected vulnerabilities to various Snowflake stakeholders who possess varying levels of cybersecurity skill and understanding
    • Experience using vulnerability management tools such as Tenable.io, Tenable.sc, Wiz, and Orca, including how to configure scanning tools to ensure that all resources are being successfully scanned
    • Experience in creating Web Application Scans (WAS) and developing remediation recommendations based upon scan results
    • Demonstrated understanding and working knowledge of analyzing vulnerabilities using the Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), and Common Weakness Enumeration (CWE) frameworks, to triage and assign appropriate risk categorizations to identified vulnerabilities
    • General experience with cloud computing concepts and architectures

    OUR IDEAL SENIOR SECURITY ANALYST MIGHT ALSO HAVE :

    • Experience working with and implementing risk management security controls with additional frameworks such as PCI-DSS, SOC 1/2, HITRUST, IRAP, etc.
    • Familiarity and understanding of implementing CIS Benchmarks 
    • Familiar with workflow management systems such as Jira and ServiceNow
    • Data analytics or database experience
    • Knowledge of AWS, Microsoft Azure, and/or Google Cloud
    • Achievements that demonstrate candidate is extremely detail oriented
    • Achievements that demonstrate exceptional written and verbal communication skills
    • CISSP, CISM, CISA, or similar certification

    See more jobs at snowflakecomputing

    Apply for this job

    Oscar Health is hiring a Remote Senior Security Engineer, Application Security

    Hi, we're Oscar. We're hiring a Senior Security Engineer, Application Security to join our Security team.

    Oscar is the first health insurance company built around a full stack technology platform and a focus on serving our members. We started Oscar in 2012 to create the kind of health insurance company we would want for ourselves—one that behaves like a doctor in the family.

     

    About the role

    As a Senior Security Engineer, you will collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems. Your primary objective will be to safeguard classified information by thoroughly assessing and examining Oscar's applications and infrastructure by executing and documenting technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. In addition, you will be responsible for presenting identified risks and providing guidance on best practices to prevent future vulnerabilities.

    You will report to the Manager, Security Architecture.

     

    Work Location

    Oscar is a blended work culture where everyone, regardless of work type or location, feels connected to their teammates, our culture and our mission.

    If you live within commutable distance to our New York City office (in Hudson Square), our Tempe office (off the 101 at University Ave), or our Los Angeles office (in Marina Del Rey), you will be expected to come into the office at least two days each week. Otherwise, this is a remote / work-from-home role.

    You must reside in one of the following states: Alabama, Arizona, Colorado, Florida, Georgia, Illinois, Iowa, Kentucky, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New Mexico, North Carolina, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, Vermont, Virginia, or Washington, D.C. Note, this list of states is subject to change. #LI-Remote

     

    Pay Transparency

    The base pay for this role is: $144,000 - $189,000 per year. You are also eligible for employee benefits, participation in Oscar’s unlimited vacation program, company equity grants and annual performance bonuses.

     

    Responsibilities

    • Collaborate closely with cross-functional teams to proactively identify, address, and resolve security concerns across Oscar's comprehensive tech infrastructure, encompassing Web Applications, Mobile Apps, Networks, and Cloud systems, including proposing enhanced controls and procedural strategies to mitigate technical risks 
    • Demonstrate an in-depth comprehension of Oscar's technological landscape
    • Collaborate effectively with Security Leadership, providing insights into technical issues and their potential impacts
    • Engage in multiple-layers of oscars Technology stack to design security measures around protecting Oscars systems
    • Simplify intricate security concerns into actionable steps for effective remediation or risk mitigation
    • Compliance with all applicable laws and regulations
    • Other duties as assigned

     

    What you may work on

    Some sample projects in this role may include:

    • Execute and meticulously document technical assessments based on esteemed industry standards (OWASP) and best practices, meticulously pinpointing security vulnerabilities within Oscar's owned assets. This includes conducting Threat Modeling, Architecture/Design Reviews, Application and Cloud Security Testing (Red Teaming), and Manual Vulnerability Assessments.
    • Spearhead internal workshops involving cross-functional teams to analyze outcomes from technical assessments, devising comprehensive plans to mitigate identified risks effectively.
    • Define robust hardening and secure design standards, leveraging them to conduct thorough application security reviews in collaboration with developer teams.

     

    Qualifications

    • 3+ years experience in Technology related field 
    • 2+ years experience in Security

     

    Bonus Points

    • Familiarity with industry standards and compliance frameworks (such as SOC, SOX., NIST,, HIPAA) and experience in ensuring organizational adherence to these standards.
    • Hands-on experience in developing Web/Mobile Applications.
    • Hands-on experience in evaluating Web Applications, Cloud Environments, Mobile Applications, and Network security.
    • Proficiency in industry-standard methodologies and frameworks for security testing (OWASP, OSSTM, PTES).
    • Proficient familiarity with AWS and GCP.
    • Experience utilizing containers and container orchestration technology (Mesos and Kubernetes).
    • Possession of industry-recognized certifications pertaining to application/offensive security (OSCP, OSCE, OSWP, OSWA, OSWE, CSSLP).
    • Experience in assessing containers for potential security vulnerabilities.
    • Experience Threat Modeling

    This is an authentic Oscar Health job opportunity. Learn more about how you can safeguard yourself from recruitment fraudhere

    At Oscar, being an Equal Opportunity Employer means more than upholding discrimination-free hiring practices. It means that we cultivate an environment where people can be their most authentic selves and find both belonging and support. We're on a mission to change health care -- an experience made whole by our unique backgrounds and perspectives..

    Pay Transparency: 

    Final offer amounts, within the base pay set forth above, are determined by factors including your relevant skills, education, and experience.

    Full-time employees are eligible for benefits including: medical, dental, and vision benefits, 11 paid holidays, paid sick time, paid parental leave, 401(k) plan participation, life and disability insurance, and paid wellness time and reimbursements.

    Reasonable Accommodation:

    Oscar applicants are considered solely based on their qualifications, without regard to applicant’s disability or need for accommodation. Any Oscar applicant who requires reasonable accommodations during the application process should contact the Oscar Benefits Team (accommodations@hioscar.com) to make the need for an accommodation known.

    See more jobs at Oscar Health

    Apply for this job


    Other Job subscriptions you might be insterested in