Senior Engineer, Information Security Operations
SecurityScorecard is an industry-leading cybersecurity company backed by Google, Sequoia, and Riverwood. Our mission is to make the world a safer place. We measure your and your vendors' cyber-health by assigning a security rating of A through F based on outside-in, non-intrusive data. Our Comprehensive security ratings, advanced data analytics, and actionable insights discover Third-Party Vulnerabilities & Security Gaps In Real-Time. Headquartered in NYC with over 200+ employees globally, raised over $110M USD, used by 1,000+ enterprise customers, and rating 1.5 million companies. We have created a new category of enterprise software, and our culture has helped us be recognized as one of the 10 hottest SaaS startups in NY for two years in a row. Our vision is to create a new language for companies and their partners to communicate, understand, and improve each other’s security posture.
About the team
You will be joining our Infosec team reporting to the CISO. Our team includes security champions within other teams and departments as we evangelize the practice of nine workstreams making up the security program. Our focus is more about process and people than tools (though we make excellent use of infosec tools) because security is not a state, but rather a process and inculcating a culture of security is where the real resilience lives. Security is in our products and also in our DNA. As part of the Infosec team you will help execute a reliable and trusted roadmap through a combination of third-party services and home-grown solutions to protect our customers, our colleagues and our intellectual property from harm.
What you will do
SecurityScorecard is looking for a Senior Engineer, Information Security Operations with an advanced skillset and leadership background to implement our Infosec roadmap and product strategy with high quality, predictability and automation. The ideal candidate will be comfortable with managing several workstreams using both influence as well as individual contributor responsibilities.
The candidate will have significant experience and passion for information security and ideally have worked in a start-up environment previously. It is not so much, however, the familiarity with specific tools and security applications or technologies that matters so much as the attitude of being curious, showing a desire to learn new things and an ability to execute on the goals and initiatives of the organization. The best way to ensure security is embedded in the software and systems development lifecycles is to implement features and functionality securely and not try to implement security as a feature or “bolt-on.”
- 5+ years of infosec experience in incident response for a cloud-based SaaS platform
- Experience implementing DevSecOps tools and techniques
- Experience with Mobile Device Management
- Experience with Anti-Virus/Endpoint Protection programs
- Experience with Vulnerability Management Multi-Factor Authentication/SSO experience. scripting and automation experience
- Expert knowledge of AWS/Google products and ability to secure them
- Ability to work independently as well as collaborate with others effectively
- Higher education desired, but not required
We offer a competitive salary, stock options, a comprehensive benefits package, including health and dental insurance, unlimited PTO, parental leave, tuition reimbursements, and much more!
SecurityScorecard embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skillsets, ideas, and perspectives. We make hiring decisions based upon merit and do not discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.