Security Engineer

About the Team:

Foursquare is seeking an experienced Security Engineer to lead efforts and implement solutions to keep our users' and customers' data private and our systems secure.

The Security team works with infrastructure and feature engineering teams to identify and mitigate risks to the business. We propose, design, plan and implement strategic and tactical security improvements — from remote access systems for employees, to authorization rules on our production fleet, to forward-thinking policy initiatives. Our infrastructure and feature engineering teams will be active and supportive partners, but the Security Team organizes and leads these efforts across the entire organization. We are trusted to stay one step ahead of malicious actors in a rapidly-changing threat landscape.

As part of the Security Team, your work will be instrumental in ensuring both the safeguarding of our users' data and Foursquare’s future business success. 

Our Tech Stack:

• Languages: Java, Scala, Python, Clojure, Ruby
• Tools for pipeline orchestration: Airflow, Luigi
• Frameworks: Spark, MapReduce, Scalding, Spring Boot
• Infrastructure: AWS, Hadoop, Kubernetes, Docker
• Other technologies: Postgres, Hive, HBase, MongoDB

Responsibilities:

• Propose, design, plan, and implement security improvements across the organization, including surfacing risks and attack surfaces.
• Investigate potential threats and present actionable intelligence and recommendations to mitigate them.
• Play a key role in cross-team efforts with infrastructure and engineering teams.
• Establish and promote security recommendations and best practices, as well as perform research and provide security insight.
• Respond to Security Events, including isolating, mitigating, and investigating active threats. Conduct post-mortems to elevate the security posture of the company.
• Advocate for the security culture of the organization, including collaborating with stakeholders across the company.

Qualifications:

• 1+ years of experience in security engineering
• Familiarity with common access control patterns and terminology: RBAC, authentication/authorization, SAML, OAuth, SSO
• Experience developing and implementing employee remote access policies and systems
• Experience with conducting security investigations, such as identifying phishing emails, handling infected files etc.
• Strong written and verbal communication skills
• Comfortable using Linux and *nix operating systems
• Familiarity with at least 1 scripting or programming language (such as Python)

Nice to haves:

• Experience in securing cloud environments (preference to AWS)
• Security research, penetration testing, or other red team experience
• Experience in designing, writing, and deploying technical projects
• Experience with understanding, predicting, and managing human factor risks.