Senior Security Engineer

We’re living at the dawn of a borderless world, but most people still don't have the tools needed to engage in critical high-trust services including everything from access to financial services, to sharing assets in peer-to-peer marketplaces, and even managing talent. At MetaMap, our work is centered on addressing this gap by building an identity data protocol that surfaces merits in the form of legal, financial, and work data. We’re energized by the unlimited potential that comes from this collective coordination, the removal of barriers to access, and the future we’re building towards — one that is interconnected and equitable. If you believe in our mission to help unlock borderless growth too, come join the MetaMap team!

About the Role :

As a Senior Security Engineer, you will lead and manage a variety of projects in MetaMap's Cybersecurity team. In this role, you will introduce new security services, technologies, and technical solutions to secure MetaMap Application & infrastructure.

What You'll Do :

• Implement best practices and tools for secure SDLC: SAST, DAST, SCA, etc.
• Review and develop security architecture for new features and products
• Conduct manual and automated source code reviews
• Carry out manual security assessment and automated scans for web applications and network services
• Implement best security practices for AWS cloud infrastructure
• Harden the infrastructure at the database and network levels
• Report security bugs and help other teams deliver fixes
• Own the vulnerability management process for instances and images
• Respond to security incidents and data breaches

Skills & Experience :

• At least 6 years of relevant experience
• You have in-depth experience as a security engineer at a scaling startup
• Strong knowledge of OWASP Top 10 risks, discovery and exploitation techniques for them
• Strong knowledge of AWS environments and their security tools
• Strong knowledge of cryptographic concepts like encryption, hashing, digital signature, etc
• Knowledge of the following concepts, protocols, and standards SSO, Auth2.0, SAML, OIDC, etc
• Knowledge of endpoint and server operating systems (e.g., Windows, macOS, Linux) and relevant security risks, controls, and vulnerabilities
• Familiarity with enterprise security tools (antivirus, firewalls, email monitoring, two-factor authentication, SIEM, IDS/IPS, etc.)
• Familiarity with vulnerability management concepts, such as CVE and CVSS
• Knowledge of engineering controls for the the frameworks and standards like SOC 2 Type II, ISO 27001, CIS Benchmark

MetaMap is building tools that power a borderless world where everyone has equal access to opportunity based on their merits. As a proud equal opportunity employer, we live by these same values, celebrate diversity, and are committed to creating an inclusive environment for all of our employees. We are also committed to a fair and inclusive interview experience, including providing reasonable accommodations to disabled applicants throughout the recruitment process. We encourage applicants to share any needed accommodations with their recruiter, who will treat these requests as confidentially as possible. 

We evaluate all employees and job applicants consistently, without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, or any other legally protected class. All employment decisions including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. Additionally, we consider qualified applicants with criminal histories for employment on our team, and always assess candidates on an individualized basis.