Senior Security Engineer

Evernote is looking for a security engineer to join our Security Team.  You will be a generalist across the various security functions, though will have a heavier focus on helping secure our build infrastructure.  Your role will be a mix of analyst, operations, threat modeling and engineering work and you will report directly to Evernote's head of security.

Your teammates will be senior security professionals who are passionate about providing practical security mentorship across the entire company, including our production environment. Our customers trust us with billions of their notes, projects, and ideas and we are here to protect them.

Job Responsibilities

• Assist in the specification, design, implementation and documentation of security solutions.
• Perform security analysis utilizing SIEM technologies
• Provide support for Security Operations and Incident Response
• Collaborate with business and technology leaders to ensure the successful remediation of identified security weaknesses
• Assist with Information Security program development, developing procedures that align to security policies, standards, guidelines, etc.
• Own the security of our build pipelines/DevOps processes

Required Skills

• Working knowledge of TCP/IP, the OSI model, DNS, HTTP, VPN, routing & switching, and load balancer technologies for virtual and physical networks
• Solid understanding of common security threats, attack vectors, vulnerabilities, exploits and defense in depth strategies
• DevOps/SecDevOps experience
• Working knowledge of incident, problem, and change management
• Curious, inquisitive, innovative, lifelong learner and self-starter
• Strong documentation and communication skills
• BA/BS preferred with 4+ years of overall information security engineering and technology operations experience

Preferred Skills

• Proficiency in a Scripting Language(Python, Golang, Bash)
• Experience working with containers and container orchestration(Kubernetes, DC/OS, etc.)
• Industry intermediate-level certification(s) preferred (Examples: CCSP, CISA/CISM, CISSP)
• Knowledge of Cloud Security Controls and Concepts
• Operational experience with security logging, event correlation, and SIEM technologies.
• Basic understanding of configuration management tools
• Knowledge of forensic practices and chain of custody processes
• Knowledge of OWASP, MITRE ATT&CK, and CIS Critical Security Controls

We are committed to an inclusive and diverse Evernote. We believe that different perspectives lead to better ideas, and better ideas allow us to better understand the needs and interests of our diverse, global Evernote Community. We welcome people of different backgrounds, experiences, abilities and perspectives and are an equal opportunity employer.

California privacy notice: Read our privacy policy for job applicants at https://evernote.com/privacy/policy