Security Operations Engineer

FormAssembly is seeking an experienced Security Operations Engineer with exceptional technical skills to join our Security and Compliance department. As a Security Operations Engineer, your role will be to work with other business units to ensure the highest level of security and compliance obligations are met.

We seek a motivated self-starter and team player to lead several aspects of security and compliance at FormAssembly. Responsibilities include ensuring FormAssembly meets the highest security standards, administering security audits, making infrastructure improvements, and helping achieve/maintain security standards such as PCI DSS Level 1, ISO-27001, HIPAA, GDPR, FedRAMP and others.

About Us:

FormAssembly is a 100% remote, fast-growing SaaS company with teammates all over the world that come together every day to help customers streamline data collection processes. We’re chasing major growth goals year after year, and we’re looking for talented, driven individuals to join our dynamic team.

FormAssembly works with 5,000+ leading companies worldwide to help them collect data quickly and securely, including Amazon, PayPal, Dell, Harvard, and more. We have been recognized in the 2020 Inc. 5000 list of fastest growing private companies for four years in a row, and we are a G2 Crowd Winter 2021 Leader. As we grow rapidly and adapt our product to better serve our impressive roster of customers, we’re also dedicated to fostering community and building relationships with our coworkers.

For a glimpse at what it’s like to work at a SaaS company with 35% year over year growth and teammates from all over the world who live out our core values of transparency, accountability, curiosity, ambition, composure, and kindness, learn about our awesome team and how and why we work remotely.

If you share our core values and want to work together to build something great for our customers, we’d be thrilled to have you apply for this position. FormAssembly is an equal opportunity employer. If you belong to an under-represented group in tech, you’ll find a welcoming culture that thrives on diversity.

This is a full-time position, open to most locations (working remotely from home).

About this position:

• This is a lead technical role, requiring technical hands-on experience with SaaS providers.
• The Security Engineer candidate will have experience building and architecting security operations and response programs as part of a small team with shared responsibilities. This individual will also help drive system improvements with our products and infrastructure teams.
• An ideal candidate will work effectively with security and engineering teams to design security tools, automate where we can, and assist development teams in improvement planning.

Requirements

Requirements:

• 5+ years of experience in designing, configuring, and operating security event platforms (such as Elastic SIEM, Splunk, SumoLogic, or AlienVault)
• 5+ years of experience working with secure code development tools such as Snyk, SonarQube, or similar
• 3+ years experience with identity management tools such as Keycloak or Auth0
• Experience in Laravel and Cake PHP frameworks, Amazon AWS tools such as SecurityHub and GuardDuty, and basic scripting knowledge
• Familiarity with compliance standards such as CIS benchmarks for Cloud providers, PCI DSS Level 1, ISO-27001, HIPAA, GDPR, FedRAMP and others.

Preferred Certifications:

• AWS Certified Cloud Practitioner
• AWS Certified Security Specialist
• Certified Cloud Security Professional (CCSP)
• Offensive Security Certified Professional (OSCP), or similar

In this position you will:

• Drive our security event management platform and SIEM by working alongside IT, Engineering, and Product teams to identify/configure log repositories, forwarders, and correlation/response rules
• Validate product security configuration and standards, execute security testing, and work with product/engineering teams to prioritize improvements in our code development processes
• Continually monitor, test and harden our infrastructure security in AWS.
• Support SDLC optimization and code scanning processes
• Work alongside our compliance team to prioritize key risk areas, and respond to technical inquiries from our Enterprise and Government customers.
• Share responsibilities for investigating and responding to security events
• Participate in audits such as SOC 2, PCI-DSS, ISO-27001, etc as needed

Benefits

FormAssembly offers several benefits that help to facilitate a healthy team, personal growth, and a work-life balance, all of which contribute to creating a more engaged and passionate workforce.

• Health benefits (health, dental, vision) for team members based in the United States
• 401(k) with 4% company match for team members based in the United States
• Unlimited paid vacation and 9 company holidays
• Flexible work schedule
• Paid parental leave
• Charitable contribution match
• Budget for professional development
• Company provided Mac laptop

You'll be joining a talented and fun team, working together to build something great!