Security Engineer, Leo Security

About The Position

Requirements

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
• 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
• 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
• Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
• Knowledge of industry-based security vulnerabilities and remediation techniques
• Must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum due to export control laws.

Nice To Haves

• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
• Experience with AWS products and services
• Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing

Responsibilities

• Establishing product-specific security bar, threat models, and security priorities to aid builders in ensuring consistent security execution across the business.
• Identifying design & implementation defects.
• Supporting product development processes by providing consultation services on difficult security decisions.
• Collaborating with business leaders to define security priorities and acting as a trusted advisor to product leaders.
• Providing direction that makes security easy and helping leaders measure their org's security execution.
• Guiding teams towards outcomes that produce products that safely handle customer data.
• Collaborating with builder teams to assess technical debt and risk, and providing strategic direction to address vulnerabilities and fortify products.
• Acting as a resource that leads the burn down of long-term risk.
• Guiding teams towards secure-by-default solutions, and inventing and proposing them if they don't exist.
• Leveraging support from automation teams that find discoverable vulnerabilities.
• Advocating for the creation & deployment of new testing tools and detection mechanisms.
• Enabling builder teams to become proactive & self-sufficient on security by understanding their build processes and ensuring they use appropriate security linting & static analysis tools.
• Helping builders find security solutions that reduce security operations costs over time.
• Instilling a security culture in builder teams and mentoring builders who aspire to become security advocates & security engineers.
• Assisting Red Teams in identifying security testing priorities, scoping penetration tests, and helping deep-dive on these engagements.
• Investigating emerging security issues, root causing them, and devising mechanisms to prevent them.
• Proposing a security vision for the business that delivers security that protects our customers.
• Hacking on bleeding edge tech.

Benefits

• Sign-on payments
• Restricted stock units (RSUs)
• Health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• Paid time off
• Parental leave