Senior Security Engineer
Thorn is a non-profit focused on building technology to defend children from sexual abuse. Working at Thorn allows you to apply your skills, expertise, and passions to directly impact the lives of vulnerable and abused children. Our staff solves dynamic, quickly evolving problems with our network of partners from tech companies, NGOs, and law enforcement agencies. If you can bring clarity to complexity and lightness to heavy issues, you could be an excellent fit for our team.
In 2019, our CEO, Julie Cordua, took the stage at TED and shared our audacious goal of eliminating child sexual abuse material from the internet.
About the Role
The Senior Security Engineer role exists to reduce risk to our mission through the collaborative development and operation of a comprehensive application threat management program. The success of this program will have a direct impact on the efficacy of our products, programs, and partnerships; the safety of Thorn employees, customers, partners, and victims; and the longevity of the organization as a whole.
What You’ll Do
This is a multi-faceted role that will require prioritizing the most important tasks on a day to day basis from the responsibilities below.
- You will participate in and support application security reviews and threat modeling, including code review and dynamic testing.
- You will own and perform application security vulnerability management.
- You will consult and interface with Thorn engineers to develop solutions to security issues while considering business requirements.
- You will analyze and recommend security controls and procedures for Thorn systems and products and monitor for compliance.
- You will prepare and conduct internal penetration and vulnerability assessments, and recommend corrective action.
- You will stay current with cybersecurity trends, threat analysis, and the compliance environment with respect to organizational risk.
- You will monitor and analyze information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends.
- You will work with product teams to evaluate options for new, third-party software from a security perspective. Develops recommendations based on risk assessments.
- Develop security training and socialize the material with internal development teams.
- Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
- You will integrate new and existing software systems with Okta Single Sign-On and document policies and access controls for systems that cannot be integrated for future reference.
- You will respond to employee requests for help accessing and using Thorn information systems and write documentation to answer common user questions.
- You will perform administrative actions such as creating Google Shared Drives, email aliases, service tokens, etc. in a timely manner so as to unblock employee work.
- You will develop solutions whenever possible to allow employees to self-service their IT requests with proper audit trails.
- You will routinely audit access to systems and take corrective action.
- You will communicate IT changes to Thorn staff, including considerations made of risk reduction and employee agency.
What We’re Looking For
- You have a commitment to putting the children we serve at the center of everything you do
- You believe in the right balance between maintaining secure systems and allowing for speed of development for engineers
- You are a subject matter expert (SME) in at least 1 technical area impacting the security of the product
- You have strong experience working closely with developers
- You have experience with defining security programs and implementing them on teams
- You have experience managing and administering company-wide IT systems at a small fast-growing startup
- You can work with shifting requirements in a fast-paced and fluid environment, and collaborate with both internal and external stakeholders
- You have experience with security frameworks and audits (e.g., SOC2, FedRamp, etc.)
- You have a passion for information technology and security and an aptitude to work in a collaborative environment, can demonstrate empathy and strong advocacy for our users, while balancing the vision and constraints of technology
- You communicate clearly, efficiently, and thoughtfully. We’re a highly-distributed team, so written communication is crucial
Technologies We Use
- Docker / Kubernetes
- GitHub Advanced Security
At Thorn, we understand the value of developing a team with different perspectives, educational backgrounds, and life experiences. We prioritize diversity within our team and encourage people from underrepresented backgrounds to apply. Your skills are needed here.
Explore more Information Security career opportunities
- Open Vulnerability Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Staff Security Engineer jobs
- Open IT Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Senior Incident Response Analyst jobs
- Open Personnel Security Officer jobs
- Open SOC Analyst jobs
- Open Information Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Sr. Product Security Engineer jobs
- Open IAM Engineer jobs
- Open Information Security Officer jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Staff Engineer, Cloud Security jobs
- Open Azure Security Engineer jobs
- Open Privacy Manager jobs
- Open Software Security Engineer jobs
- Open Threat intelligence-related jobs
- Open PCI-related jobs
- Open Clearance-related jobs
- Open IDS-related jobs
- Open Open Source-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Intrusion detection-related jobs
- Open Encryption-related jobs
- Open Ruby-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open IPS-related jobs
- Open HIPAA-related jobs
- Open DevSecOps-related jobs
- Open PowerShell-related jobs
- Open Cryptography-related jobs
- Open DNS-related jobs
- Open TCP/IP-related jobs