Principal Security Engineer
Seattle, WA
Applications have closed
Outreach.io
Outreach unlocks seller productivity to help sales teams efficiently create and close more pipeline.In this role you will bring your leadership and technical expertise to develop, own, manage, and improve the technical security controls that protect our infrastructure, products, services, and data. This role blends security leadership, engineering and analytical skills. We want you to help design, specify, deploy and operate the solutions that protect our products from attack as well as detect and respond to alerts warning of possible anomalous behavior or vulnerabilities in our systems. You will be responsible for improving our information security operations program including working with other engineering teams to integrate security monitoring into their flows and processes. You must be comfortable working with cloud technologies and how to best leverage the security features provided by our cloud service provider or by choosing our own.
In this role, you will be working with management, technical leaders and engineers, external auditors, and at times, directly with our customers. Candidates will be expected to demonstrate:
Technical Fluency - A passion for security and technology, familiarity with infrastructure as software, Kubernetes and microservices architectures.Advisory Skills - Giving direction, advice and support that helps grow the technical and collaboration skills of the individuals and teams with which they engage.Execution - Planning, coordination, managing dependencies and risks, diving deep when issues arise.
Responsibilities
- Partnering with engineering teams to design, build, select and implement effective technical security controls to detect and alert on security events across the Outreach infrastructure and protect the Outreach platform and customers.
- Providing security technical leadership to set requirements and help other teams understand and meet their security obligations to make good risk-based decisions.
- Writing code where needed to automate controls where possible and to deploy new security capabilities.
- Identifying gaps in coverage of the Outreach security controls and working across teams to specify and deploy improvements that address these gaps.
- Selecting and/or creating specific applications and functions that integrate with the Outreach platform and build systems that provide the right detective controls that alert on suspicious or anomalous behaviors or vulnerabilities.
- Participating in and helping lead information security response activities across Outreach and its products.
- Writing code where needed to automate controls possible and to deploy new security capabilities.
- Developing and implementing solutions to collect, transport, and process security data to support risk-based decision making.
- Integrating security monitoring and measurements that enable engineering teams to quickly spot potential problems and respond to security events within their DevOps processes.
- Interpreting the results of penetration test results and other technical audits and working across teams to champion and implement reasonable mitigations and remediations.
- Using DevOps tooling and processes to implement security remediations.
- Creating data flow diagrams and threat models that guide design recommendations.
- Translating security requirements and obligations into effective security controls.
- Providing security subject matter expertise and training to teams across the company.
- Ensuring cross company support for all aspects of security by establishing partnerships with other Outreach teams with the overarching goal of improving trust of Outreach and its products.
Qualifications
- 12-15 years of experience in information security with at least 5 years in a recent security engineering or relevant DevOps role, including a minimum of 3 years writing code to help solve engineering problems.
- Experience creating, implementing, and managing technical information security controls including developing or leading security incident response processes and teams.
- Experience automating IaaS to support information security goals and mission.
- Direct experience working with SaaS cloud based applications in AWS, Azure or GCP (Azure and GCP preferred).
- Experience defining and implementing security controls for containers, microservices, and orchestration software.
- Experience identifying and collecting the data that supports effective security dashboards (Snowflake, Tableau and Sumo Logic a plus) that summarize the security health of the environment across multiple security domains (e.g., networking, host, application, identity, etc.).
- Demonstrated history of successful cross-organizational efforts.
- Ability to analyze problems and make appropriate decisions quickly.
- Ability to drive large, complex programs and solutions using both direct and virtual teams.
- Experience managing multiple external vendors across broad and complex work engagements.
- Excellent interpersonal and management skills.
- Strong written and verbal communication skills.
- Ability to work flexibly and independently to achieve results within the dynamic Outreach culture.
- Ability to maintain extreme confidentiality.
• Generous medical, dental, and vision coverage for full-time employees and their dependents • Flexible time off • 401k to help you save for the future• Company-organized and personal paid volunteer days to support the community that supports us• Fun company and team outings (or virtual events these days!) because we play just as hard as we work• Diversity and inclusion programs that promote employee resource groups like OWN (Outreach Womxn's Network)• A parental leave program that includes not just extended time off but options for a paid night nurse, food delivery, gradual return to work, and the Gottman Institute's Bringing Home Baby course for new parents• Employee referral bonuses to encourage the addition of great new people to the team• Plus, unlimited snacks and beverages in our kitchen (once we're back in the office, that is!)• We’re an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status
Tags: Audits AWS Azure Cloud DevOps GCP IaaS Incident response Kubernetes Microservices Monitoring SaaS Vulnerabilities
Perks/benefits: Career development Flex hours Flex vacation Health care Home office stipend Medical leave Parental leave Snacks / Drinks Team events Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs