About Us
We are a growing company specializing in fraud detection through machine learning models. Our technical team consists of 15 data engineers, 15 data scientists, and 5 full-stack developers. The Ops Engineering team, which you'll be joining, supports these groups by building automations and infrastructure as code.
The Role
We're seeking a Security Engineer to join our 2-person Ops Engineering team. This role will focus on managing and improving our security posture.
Key Responsibilities
- Lead quarterly access reviews covering cloud IAM policies, firewalls, and account permissions across sub-processors (GCP, AWS, GitHub, Google Workspace, Auth0, JIRA, Looker)
- Remediate security concerns using our Compliance Automation Software, Vanta
- Monitor hardware security using MDMs (Jamf, Vanta Agent, Google Endpoint Management) and communicate with team members about security issues
- Complete security questionnaires from clients' InfoSec departments
- Manage networking rules on our Zero Trust Network Access setup
- Oversee notification systems for security and compliance issues
- Monitor new infrastructure creation to ensure best practices are met
- Improve incident response reporting and conduct root cause analysis on incidents
- Develop Pub/Sub automations based on log-based findings
- Implement Data Loss Prevention (DLP) automations
- Write Terraform configurations for all new security-related configurations
- Create Python scripts to automate security processes and deploy them to Airflow for consistent execution
- Identify and address security concerns across the entire 50-person company
Required Skills and Experience
- Proficiency in Terraform for infrastructure as code
- Strong understanding of IAM management principles
- Strong understanding of firewall configuration and network security
- Advanced Python programming skills
- SQL knowledge for data analysis and management
- Experience with authentication methods, including OAuth 2.0 and OpenID Connect
- Familiarity with cloud security best practices (GCP, AWS)
- Experience with security compliance frameworks (e.g., SOC 2 Type II, ISO 27001)
- Strong problem-solving and analytical skills
- Excellent communication skills
Preferred Qualifications
- Experience with Apache Airflow for workflow management
- Familiarity with BigQuery or similar cloud-based data warehouses
- Knowledge of containerization technologies (e.g., Docker, Kubernetes)
- Experience with log analysis and SIEM tools
- Familiarity with DevSecOps practices
- Relevant security certifications (e.g., CISSP, CEH, OSCP)
What We Offer
- Opportunity to shape the security strategy of a growing company
- Collaborative work environment with cutting-edge technologies
- Professional development opportunities
- Hybrid work model: 3 days in-office, 2 days remote per week
- Flexible hours to accommodate your most productive work times
