Information Security Engineer
At SimpliSafe we design, develop, manufacture, and sell our own line of wireless home security systems (sensors, cameras, locks, etc), so we always have new and complex problems to unravel. Our technology and service platform protects millions of Americans without the hassles, contracts, and fees of traditional Home Security. Protecting this number of customers and their families comes with tremendous responsibility, so we're looking for an Information Security Engineerto help build, develop and drive our security program.
In this role, you can expect to cooperate with the larger engineering organization to design, implement, and configure real-time security countermeasures such as IDS, DLP, and WAF. You will frequently find yourself deepening your knowledge of technical security concepts as you perform thorough data sanitization or dig into the nitty gritty details of AES encryption. Because of our strong security-minded culture, it is not unusual to field several engaging questions per week, often balancing the demands of the security goal with the needs of the business.
Do you love the idea of crafting an automated security strategy and backing it with policies and procedures? Do you want to focus on value-generating projects to help secure a rapidly growing business with ambitious goals? Are you excited to flex your interpersonal skills to collaborate with teams and communicate to the wider organization? Do you feel comfortable poking at software applications to find and reproduce vulnerabilities, and then teaching the engineering organization how to patch them? If you answered yes to these questions, then please apply.
Finding someone with every skill we need is unlikely, but if you have deep expertise in some skills, familiarity with others, and a willingness and curiosity to learn, your application will still be seriously considered.
- Inform network, host-level, IoT, mobile, and application-level security architecture
- Regularly draft policies and design corresponding procedures; implement the technical security measures necessary to support policies and prove compliance.
- Blend with and understand our agile-based software development methodologies
- Collect metrics from tooling and use them to steer security strategy
- Implement SAST, DAST, RASP, and/or IAST in pursuit of shift-left security paradigm
- Identify appropriate IPS/IDS tooling and install/configure accordingly
- Deploy WAF in front of public-facing web applications and assist in mitigation of other DDOS, brute-force, or MiTM vectors
- Standardize compliance-related logging using a SIEM or other mechanism
- Detect and help remediate XSS/CSRF/SQLi vulnerabilities
- Teach and share knowledge of the OWASP Top 10 and/or SANS Top 25
- Establish SDLC/OSS compliance system based on automated scanning and categorization
- Assess viability of IdP/SSO in SimpliSafe's environment and guide rollout
- Previous involvement securing MacBook, Chromebook, and/or Linux hosts
- Background in PCI and/or GDPR compliance is a plus
- Love building relationships with teammates across multiple functional business units
- Eager to engage in a role that demands software engineering skill and the ability to consistently execute on solutions
- No shortage of incident response war stories to share; even better if they include executive-level engagement
- Always vigilantly consider impact to business operations when identifying and implementing new security processes
- Willingly navigate ambiguity with humility, understanding, and a growth mindset
- You have several years of experience with at least one programming language and feel at home operating a terminal emulator
- You have firsthand experience deploying web services to AWS (or other cloud service provider)
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.