Senior Security Engineer

Remote (US-Based)

Full Time Senior-level / Expert
Thorn logo

Thorn

We are dedicated to ending child sex trafficking and the sexual exploitation of children. And we won’t stop until every child, can just be a kid.
Apply now Apply later

Thorn is a non-profit focused on building technology to defend children from sexual abuse. Working at Thorn allows you to apply your skills, expertise, and passions to directly impact the lives of vulnerable and abused children. Our staff solves dynamic, quickly evolving problems with our network of partners from tech companies, NGOs, and law enforcement agencies. If you can bring clarity to complexity and lightness to heavy issues, you could be an excellent fit for our team. 

In 2019, our CEO, Julie Cordua, took the stage at TED and shared our audacious goal of eliminating child sexual abuse material from the internet.

About the Role

The Senior Security Engineer role exists to reduce risk to our mission through the collaborative development and operation of a comprehensive application threat management program. The success of this program will have a direct impact on the efficacy of our products, programs, and partnerships; the safety of Thorn employees, customers, partners, and victims; and the longevity of the organization as a whole.

What You’ll Do 

This is a multi-faceted role that will require prioritizing the most important tasks on a day to day basis from the responsibilities below.

Role Specific:

  • You will participate in and support application security reviews and threat modeling, including code review and dynamic testing.
  • You will own and perform application security vulnerability management.
  • You will consult and interface with Thorn engineers to develop solutions to security issues while considering business requirements. 
  • You will analyze and recommend security controls and procedures for Thorn systems and products and monitor for compliance.
  • You will prepare and conduct internal penetration and vulnerability assessments, and recommend corrective action. 
  • You will stay current with cybersecurity trends, threat analysis, and the compliance environment with respect to organizational risk.
  • You will monitor and analyze information systems for security incidents and vulnerabilities; develop monitoring and visibility capabilities; report on incidents, vulnerabilities, and trends.
  • You will work with product teams to evaluate options for new, third-party software from a security perspective. Develops recommendations based on risk assessments.
  • ​​Develop security training and socialize the material with internal development teams.
  • Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.

Team Specific:

  • You will integrate new and existing software systems with Okta Single Sign-On and document policies and access controls for systems that cannot be integrated for future reference.
  • You will respond to employee requests for help accessing and using Thorn information systems and write documentation to answer common user questions.
  • You will perform administrative actions such as creating Google Shared Drives, email aliases, service tokens, etc. in a timely manner so as to unblock employee work.
  • You will develop solutions whenever possible to allow employees to self-service their IT requests with proper audit trails.
  • You will routinely audit access to systems and take corrective action.
  • You will communicate IT changes to Thorn staff, including considerations made of risk reduction and employee agency.

What We’re Looking For

  • You have a commitment to putting the children we serve at the center of everything you do
  • You believe in the right balance between maintaining secure systems and allowing for speed of development for engineers
  • You are a subject matter expert (SME) in at least 1 technical area impacting the security of the product
  • You have strong experience working closely with developers
  • You have experience with defining security programs and implementing them on teams
  • You have experience managing and administering company-wide IT systems at a small fast-growing startup
  • You can work with shifting requirements in a fast-paced and fluid environment, and collaborate with both internal and external stakeholders
  • You have experience with security frameworks and audits (e.g., SOC2, FedRamp, etc.)
  • You have a passion for information technology and security and an aptitude to work in a collaborative environment, can demonstrate empathy and strong advocacy for our users, while balancing the vision and constraints of technology
  • You communicate clearly, efficiently, and thoughtfully. We’re a highly-distributed team, so written communication is crucial

Technologies We Use

  • GSuite
  • Okta
  • AWS
  • Terraform
  • Docker / Kubernetes
  • Python
  • Typescript
  • GitHub Advanced Security

At Thorn, we understand the value of developing a team with different perspectives, educational backgrounds, and life experiences. We prioritize diversity within our team and encourage people from underrepresented backgrounds to apply. Your skills are needed here.

Job perks/benefits: Startup environment
Job region(s): Remote/Anywhere North America
Job stats:  5  1  0
  • Share this job via
  • or

Explore more Information Security career opportunities