Principal Security Engineer

Who We Are

The Team

Your Day-to-Day

• Develop, update, and maintain threat models and conduct application security reviews for various software projects.
• Create and implement security policies, guidance, and training programs for employees across all teams.
• Lead the development of security processes and automated tools to prevent security issues.
• Collaborate with software developers to ensure secure coding practices and establish a proactive security posture.
• Partner with engineering teams to continuously improve security processes, priorities, and decisions.
• Reproduce, triage, and address application security vulnerabilities, leading the team in these efforts.
• Achieve and maintain compliance with SOC 2 Type II, ISO27001, and PCI DSS standards.
• Support and manage the bug bounty program.

What we look for

• 10+ years of application security, including threat modeling and security reviews.
• 10+ years of cloud security experience in AWS, Azure, or Google Cloud environments.
• Proven experience and proficiency in developing and implementing security policies, procedures and training programs for multiple medium or large organizations (200+ people).
• Successfully completing compliance audits for standards such as SOC 2 Type II, ISO27001, and PCI DSS for a large organization.
• Familiarity with various security tools and technologies, such as static and dynamic analysis tools, intrusion detection/prevention systems, and SIEM platforms.
• Strong understanding of network security principles and practices.
• Experience in creating and managing automated security tools and processes.
• Strong understanding of secure coding practices and experience working closely with software development teams.
• Proven ability to improve security processes and prioritize security initiatives.
• Experience with vulnerability management, including reproducing, triaging, and remediating security issues.
• Strong analytical and problem-solving skills, with the ability to identify and resolve complex security issues.
• Excellent communication and interpersonal skills, with the ability to explain technical concepts to non-technical stakeholders.
• Strong sense of ownership, urgency, and drive
• Bachelor’s Degree in Computer Science, Computer Engineering, Computer Security, Information Systems, or related field.

Nice to have

• Experience in securing payments-related products
• Relevant security certifications such as CISSP and CEH.
• Track record of managing mission-critical, 24x7 production software systems
• Open-source project experience

Perks & Benefits

• Competitive compensation and equity packages
• Leading configured work computers of your choice
• Paid time off policy
• Fully covered, high-quality healthcare, including fully covered dependent coverage
• Additional health coverage includes access to One Medical and the option to enroll in an FSA
• 16 weeks of paid parental leave for the primary caregiver and 8 weeks for all new parents
• An understanding that successful remote work requires flexibility and an appreciation for asynchronous work
• Access to industry-leading technology across all of our business units — stemming from our philosophy that we should invest in resources for our team that foster innovation, optimization, and productivity