Sr. Security Engineer, Leo Security

About The Position

Requirements

• 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Experience as a mentor, tech lead or leading an engineering team
• Bachelor’s degree in CS, CE, or related field, or equivalent work experience
• 8+ years delivering security assessments or reviews
• 5+ years experience assessing the security of distributed software systems in Python, Java, Rust, GoLang or C/C++
• 3+ years experience in delivering security for cloud-native environments and embedded environments

Nice To Haves

• Master's degree in Cybersecurity, Information Security, or a related field
• Experience in performing and/or participating in technical security assessments, e.g. code level and design level assessments
• Strong analytical and quantitative skills with the ability to use data and metrics to back up assumptions and recommendations that produce results
• Familiarity with programming and scripting or experience developing security tools & processes that work at scale
• Experience triaging security risks/vulnerabilities and ensuring that they are properly understood by the business and fixed and/or mitigated.
• Hands-on experience with satellite communications and management software
• Experience with low-level programming and embedded systems

Responsibilities

• Establish product-specific security bar, threat models, and security priorities to ensure consistent security execution.
• Identify design & implementation defects.
• Support product development processes by providing consultation services on difficult security decisions.
• Collaborate with business leaders to define security priorities.
• Act as a trusted advisor to product leaders, providing direction that makes security easy.
• Help leaders measure their organization's security execution.
• Guide teams towards outcomes that produce products that safely handle customer data.
• Collaborate with builder teams to assess technical debt and risk.
• Provide strategic direction that addresses vulnerabilities and fortifies products.
• Lead the burn down of long-term risk.
• Guide teams towards solutions that are secure by default.
• Invent & propose secure-by-default solutions if they don’t exist.
• Leverage support from automation teams that find discoverable vulnerabilities.
• Advocate for the creation & deployment of new testing tools and detection mechanisms.
• Enable builder teams to become proactive & self-sufficient on security.
• Work with builder teams to understand their build processes.
• Ensure builder teams use appropriate security linting & static analysis tools.
• Help builders find security solutions that reduce security operations costs over time.
• Instill a security culture in builder teams.
• Mentor builders who aspire to become security advocates & security engineers via 1-1 sessions & office hours.
• Assist Red Teams in identifying security testing priorities.
• Assist in scoping penetration tests and help deep-dive on these engagements.
• Investigate emerging security issues, root cause them, and devise mechanisms to prevent them.
• Propose a security vision for the business that delivers security that protects customers.
• Hack some really cool bleeding edge tech.

Benefits

• Health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• Paid time off
• Parental leave