Sr. Security Engineer (Vulnerability Management), Leo Security

About The Position

Requirements

• 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Experience as a mentor, tech lead or leading an engineering team
• Bachelor’s degree in CS, CE, or related field, or equivalent work experience
• 5+ years delivering security assessments or reviews
• 5+ years experience assessing the security of distributed software systems in Python, Java, Rust, GoLang or C/C++
• 3+ years experience in delivering security for cloud-native environments and embedded environments
• U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.

Nice To Haves

• Experience in performing and/or participating in technical security assessments, e.g. code level and design level assessments
• Strong analytical and quantitative skills with the ability to use data and metrics to back up assumptions and recommendations that produce results
• Familiarity with programming and scripting or experience developing security tools & processes that work at scale
• Experience triaging security risks/vulnerabilities and ensuring that they are properly understood by the business and fixed and/or mitigated.
• Hands-on experience with satellite communications and management software
• Experience with low-level programming and embedded systems

Responsibilities

• Driving scalable security patching mechanisms across a heterogeneous product and enterprise environment, and advise on security priorities.
• Supporting product development processes by ensuring builders start with secure by default assets and infrastructure.
• Collaborating with business leaders to define security priorities.
• Supporting product leaders by acting as a trusted advisor.
• Providing leaders with direction that makes security easy.
• Helping leaders measure their org's security execution.
• Guiding teams towards outcomes that produce products that safely handle customer data.
• Collaborating with builder teams to assess technical debt and risk.
• Providing strategic direction that addresses vulnerabilities and fortifies our products.
• Being a resource that leads the burn down of long-term risk.
• Guiding teams towards solutions that are secure by default.
• Inventing & proposing secure-by-default solutions if they don’t exist.
• Leveraging support from automation teams that find discoverable vulnerabilities.
• Advocating for the creation & deployment of new testing tools, and detection mechanisms.
• Enabling builder teams to become proactive & self-sufficient on security.
• Working with builder teams to understand their build processes.
• Ensuring that they use appropriate security linting & static analysis tools.
• Helping builders find security solutions that reduce security operations costs over time.
• Instilling a security culture in builder teams.
• Mentoring builders who aspire to become security advocates & security engineers via 1-1 sessions & office hours.
• Assisting Red Teams in identifying security testing priorities.
• Assisting in scoping penetration tests and helping deep-dive on these engagements.
• Investigating emerging security issues, root causing them, and devising mechanisms to prevent them.
• Proposing a security vision for the business that delivers security that protects our customers.

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave
• sign-on payments
• restricted stock units (RSUs)