Security Engineer

At SimpliSafe we design, develop, manufacture, and sell our own line of wireless, connected home security systems: home sensors, cameras, and locks. Our technology and service platform secures the homes of millions of Americans without the hassles, long term contracts, or fees of traditional Home Security. Protecting our customers and their families is a tremendous responsibility, so we are doubling our Information Security team to help build, develop and drive our security program. With each new product release, we have new and complex problems to unravel.

As a Security Engineer, you will partner primarily with our Operations teams (Cloud engineering, Network, and IT) as well as Managed Security Services providers to implement, configure and respond to security controls and alerts to protect systems and assets from security incidents. Building on our strong security-conscious culture, you will frequently face captivating security challenges, including response automation, engineering for Zero-Trust, and be trusted to oversee SOC operations. This will require you to balance the needs of the business with robust security controls: prevention, detection and response for networks, endpoints and identities.

Do you feel passionate about securing people and their data in a rapidly growing business with ambitious goals? Can you nurture Engineering teams’ security mindset to help detect and respond to advanced adversaries’ Tactics, Techniques, and Procedures (TTPs) with the right automation? Are you invested in identifying exposed systems and access controls, finding and prioritizing threats to defeat attacks, and improving continuously? If so, you should fit right in - do apply!

Strong candidates will demonstrate experience in security operations and incident response, but will prefer implementing proactive controls with automation ingenuity (on existing and new layers of protection). They will be comfortable with at least one scripting language and have proficiency in cloud infrastructure management on platforms such as AWS or Google Cloud.

Responsibilities:

• Drive incident detection, response, and resolution
• Automate response and containment techniques (such as SOAR)
• Accountable for SOC operations/management and administration of Enterprise SIEM
• Teach and share knowledge of relevant threats, TTPs, and NIST/SANS’ top security controls
• Identify/deploy/manage appropriate defense in-depth controls (IPS/IDS/EDR/DLP/CSPM)
• Harden network segmentation and perimeter controls, including client access and other VPNs and WAF in front of public-facing web applications 
• Coordinate mitigation for vulnerabilities, DDOS, brute-force, or credential stuffing vectors
• Drive network, host-level, and application-level alert detection strategies for deployed assets and workloads
• Blend with and understand our agile-based software development methodologies
• Partner with Architects and tech leads for continuous improvement (e.g.: AuthN/AuthZ)
• Collect metrics from tooling and use them to help steer security strategy

About You:

• You love building relationships with teammates across multiple functional business units, as key to your pragmatic mindset and vigilance towards business operations impact
• Have a curious, investigative mind, a deep interest in information security, and the ability to communicate complex ideas to varied audiences plainly and concisely
• Solid understanding of information security and computer systems and cloud concepts, encryption protocols, and networking protocols
• No shortage of incident response war stories to share; even better if they include executive-level engagement
• Willingly navigate ambiguity with humility, understanding, and a growth mindset
• You have several years of experience with at least one programming language and a terminal emulator
• CEH, CompTIA Security+, or a background in PCI and/or GDPR compliance is a plus
• Experience with active roles in security monitoring on one or more SIEM technologies
• Proficient with AWS security best practices and solutions

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.