Senior Security Engineer in Seattle, WA

$80K - $100K(Ladders Estimates)

Sift   •  

Seattle, WA 98160

Industry: Technical Services


Less than 5 years

Posted 46 days ago

What we're looking for:

As a Security Engineer at Sift, you will work across the enterprise to design and develop complex security solutions to protect against today's threats. This high impact role will be part of the Security organization and will be accountable for delivering the security foundation that allows Sift to aggressively move forward, applying the highest standards to protect our customers.

You will have the opportunity to actively monitor for security threats through detection creation and investigations, help secure our network boundaries from attacks and breaches, harden our security applications and infrastructure to protect our customers data and maintain customer confidence that they are secure when accessing the console.

What you'll do:

  • Directly contribute to Sift's growth by designing and developing security solutions
  • Leverage your defensive security skills to continuously evolve and mature Sift's security monitoring capabilities to detect active threats, including: detection creation, investigation and response, and threat hunting
  • Work across the organization to mitigate security events or incidents, establishing scope and impact, performing forensic activities, contributing to internal/external communications, and providing technical guidance to both mitigate the event in a timely manner, but also secure against future attacks
  • Contribute to post-mortem incident reviews for management and leadership, including root cause, remediation steps, and future improvements to protect a recurrence.
  • Work cross-functionally to identify exposed vulnerabilities across Sift applications and infrastructure through automated scanning and actionable reporting
  • Drive security best practices at the ground floor by participating in security reviews, threat modeling, and engineering reviews across the org to help identify potential risks before it reaches the customer
  • Participate in both technical and non-technical discussions as Security SME, building confidence by effectively communication how our solutions defend against active threats
  • Provide input on security initiatives to automate and scale security processes across engineering

What we're looking for:

  • 3+ years of hands-on experience developing and implementing enterprise wide security controls
  • Strong technical understanding of software and application security: (e.g. OWASP Top 10) in a continuous development environment
  • Experience managing SIEM infrastructure, log ingestion, detection creation, investigations and threat hunts
  • Clear understanding of Incident Response process with proven examples of contribution: discovery assessment, response, mitigation, root cause analysis, communication, and failure mitigation
  • Vulnerability scanning experience including scan automation, vulnerability assessments, current attack/defense methodologies, and remediation
  • Experience with various application security solutions/tools such as code analysis (static & dynamic), vulnerability scanning, pen testing
  • Strong communication skills
  • Experience driving threat modeling exercises across big data platforms responsible for managing sensitive data
  • Good understanding of Linux systems
  • Strong scripting skills for process automation

Bonus points:

  • Google Cloud Platform (GCP) experience, specifically around adopting and adapting out of box security controls
  • Bug bounty program development or participation
  • Experience in helping drive compliance programs (SOC2, PCI, etc), risk assessments and developing privacy & security engineering principles and best practices
  • BS in Computer Science or related field

Valid Through: 2019-10-26