Security Monitoring and Incident Response Engineer
Who we are:We're a small Security Incident Response Team (SIRT) within the larger Security Org, with a passion for startup security, which means we are always thinking of newer and better ways to tackle hard security problems. We take on ambitious projects that have a big impact on our customers and the security of our company. We talk about our methods and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you to create innovative security solutions for distributed systems and architecture, we'd love to hear about your approach and introduce you to our team. A little more about our team:
- Our contributions to the the OWASP ZAP Project
- Our CISO’s Approach to Building a Security Team and Program
- We deleted every employees’ AWS keys!
- We help organize the OWASP SF chapter, the AppSec California, B-Sides SF, and Day of Shecurity conferences
What we do:
- We protect the company, its applications, servers, and its users.
- We build systems and processes to make it easier for our employees to do their job in a secure way.
- We enjoy hearing from our bug-bounty researchers (still private, for now) and fixing the flaws they identify.
- We collect, analyze, and respond to what we find in our logs.
- We love sharing our knowledge (see our blog posts and conference talks!) (Ex: https://segment.com/blog/secure-access-to-100-aws-accounts/ and https://appseccalifornia2018.sched.com/speaker/coleen_coolidge.1xem12h6)
- We love open source: https://open.segment.com
Who we are looking for:
- You run towards the fires of security incidents, you want to find out what happened and how and get those problems fixed.
- You’re focused on great monitoring for an environment, and turning the large sea of data into actionable alerts that help the Incident Response process.
- You hate repetition, automation is a friend that aids you in focusing on important items.
- You know that in any monitoring data, there’s a ’bad’ story to find and share.
- You're empathetic, patient, and love to help your teammates grow.
- You're focused, driven, and can get challenging projects across the finish line.
Projects We’re Working On:
- Automating incident response and vulnerability management workflows.
- Building our detection abilities via system monitoring and log analysis.
- Guiding the company as it targets ISO compliance and certification.
- Previously - Created an easy way to manage AWS accounts and our engineers’ access.
- You have 4+ years of security engineering experience in a cloud-production (AWS, GCP, Azure, etc.) environment, which means you've been developing software and have a working knowledge of service-oriented architectures, as well as experience with different logging tools fit for a cloud environment.
- You’ve previously held a SIRT role (monitoring, IR, or both) in a professional environment and you’re a capable security subject-matter expert on internal security issues.
- You have done monitoring and/or response for cloud data centers and container technology.
- You’ve implemented and maintained infrastructure, perhaps intelligence tracking systems, to support an Incident Response team and their 24x7 availability requirements.
- You subscribe to the hunter style of incident response, have found signs of attackers, and turned your methods into alerts in case they came back.
- You are excited to work across the stack on a variety of different security challenges and initiatives.
- You have a degree in Computer Science or related field
We encourage you to apply if this role excites you - even if you think you may not meet all of the qualifications. At Segment, we live by four values: karma, drive, tribe, and focus. We are always looking for outstanding individuals with diverse backgrounds and perspectives who embody these values. To learn more about life at Segment and our commitment to diversity, equity, and inclusion, visit our LinkedIn page. We’re excited to meet you!
Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment in all terms and conditions of employment regardless of sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, race, color, religion, creed, national origin, ancestry, age (over 40), physical disability, mental disability, medical condition, genetic information, marital status, domestic partner status, military or veteran status, height, weight, AIDS/HIV status, and any other protected category under federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.#LI-Remote