Sr. Enterprise Security Engineer

About The Position

Requirements

• 6+ years of experience in a security role with a focus on application and network security, security engineering, infrastructure engineering, incident response/handling, penetration testing, threat modeling, red or blue team operations, intrusion detection, firewall/access control technologies, risk management, identity management, Windows, Mac or Linux security, encryption technologies, or endpoint security controls.
• Knowledge of key areas pertaining to security such as common network security models and protocols, methods of resolving integrity and providing confidentiality, operating systems internals and vulnerabilities, public key infrastructure and digital certificates, exploit mitigation techniques, and application security.
• Strong experience performing security assessments with common tools such as BurpSuite, Nexpose, Nessus, Metasploit, and Nmap.
• Experience performing manual and tool-assisted code reviews (Java, JavaScript, Python, and other languages).
• Hands-on experience designing solutions or performing security testing of cloud environments (AWS, Azure, Google Cloud).
• Excellent communication skills, with the ability to work as a team and collaborate effectively with diverse stakeholders.

Nice To Haves

• Confirmed scripting experience in one or more of these languages: Bash, PowerShell, Python, Java, JavaScript / NodeJS.
• Experience with DevOps, CI/CD pipelines, or secure development lifecycles.
• Security certification such as OSCP, OSEP, GCIH, GCIA, GPEN, GWAPT, GMOB, GPPA, CCNP, CCNP Security, CCIE Security.
• Knowledge of development and security practices on the Salesforce platform, Heroku, Slack, Mulesoft, and/or Tableau.

Responsibilities

• Perform full stack security assessments (such as architecture and design reviews, code reviews, and penetration tests) across a diverse and sophisticated range of environments including: Web applications/SaaS applications Operating system and hardware platforms (server and client endpoints, mobile and other embedded devices) Network infrastructure (switches, routers, wireless access points, load balancers, firewalls, VPN, SDN, cloud) Authentication and authorization services (SAML, OAuth, Radius, Kerberos) Public cloud infrastructure platforms and technologies (AWS, GCP, Azure, Terraform) Middleware and API services
• Threat model common attacker methods to develop appropriate mitigation techniques, providing guidance that balances security requirements with functional requirements.
• Develop automated processes and support improvement of tooling to identify and solve problems at scale.
• Collaborate with engineering teams and business partners to drive solutions through a secure development lifecycle.
• Define and develop technical security standards and guidelines with business partners.
• Research new technologies, emerging threats, and vulnerabilities for strategic planning and process improvements.

Benefits

• time off programs
• medical, dental, vision, mental health support
• paid parental leave
• life and disability insurance
• 401(k)
• an employee stock purchasing program