Security Engineer, Leo Security

About The Position

Requirements

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
• 3+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
• 3+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
• Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
• Knowledge of industry-based security vulnerabilities and remediation techniques
• U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.

Nice To Haves

• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
• Knowledge of networking protocols such as HTTP(S), DNS, and TCP/IP
• Experience with AWS products and services
• Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing

Responsibilities

• Define, develop, and implement Leo's detection pipeline.
• Advocate for the creation & deployment of new testing tools and detection mechanisms.
• Leverage support from automation teams to find discoverable vulnerabilities.
• Identify design & implementation defects and build compensating detective controls.
• Support product development processes by providing consultation services on difficult security decisions.
• Collaborate with business leaders to define security priorities.
• Support product leaders by acting as a trusted advisor.
• Provide direction that makes security easy.
• Help leaders measure their org's security execution.
• Guide teams towards outcomes that produce products that safely handle customer data.
• Collaborate with builder teams to assess technical debt and risk.
• Provide strategic direction that addresses vulnerabilities and fortifies our products.
• Be a resource that leads the burn down of long-term risk.
• Instill a security culture in builder teams.
• Mentor builders who aspire to become security advocates & security engineers via 1-1 sessions & office hours.
• Assist Red Teams in identifying security testing priorities.
• Assist in scoping penetration tests and help deep-dive on these engagements.
• Investigate emerging security issues, root cause them, and devise mechanisms to detect them.
• Hack some really cool bleeding edge tech!

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave
• sign-on payments
• restricted stock units (RSUs)