Principal Security Engineer

Formstack improves people’s lives with practical solutions to their everyday work. We are looking for the next Stacker to help us accomplish this mission.  Formstack is a remote-first company with team members who live and work across the U.S., Canada, and the globe. We offer more than just a job; we provide a community where you can learn, grow, and thrive your way. Join a dynamic and diverse team that values relationships as much as results. Come build what matters with Formstack.
Who You AreYou have high attention to detail and are motivated to learn how to improve our security posture by breaking large projects into manageable chunks to make them easier to work on and consume. You can identify roadblocks, maybe not always fix them, but you can call them out so the team can put their heads together to find a proper solution. You know how to find small wins in large projects that can take considerable time to accomplish by setting measurable goals and prioritizing work(also, shifting priorities when needed).

What You Will Do

• Architects and designs security controls
• Implements, maintains, and operates security controls as part of a team
• Work with the DevOps team to share responsibility for implementing security-related changes
• DevOps provides the tools to perform this work and can assist with it
• Analyzes trends, news, and changes in threat and compliance environment with respect to organizational risk
• Advises organization management and develops and executes plans for compliance and risk mitigation
• Assist with compliance and compliance audits

How You Will Succeed

• You will direct and help drive the strategic technical security roadmap and have a strong vision for where the organization can improve in the future
• Work closely with DevOps and the Information Security team to prioritize and share workload between the three teams where appropriate
• Find and document potential security risks, including priority, risk, and mitigation
• Use software and automated tools to identify security vulnerabilities
• Mentor other team members
• Enjoys actively searching for problems and discussing their findings with other team members
• Travel (<10%) for team meetups, conferences, etc.
• On-call but only for rare security occurrences
• We will protect your time as we provide the flexibility you need to succeed

What We Are Looking For

• Excellent communication skills
• Ability to prioritize tasks
• Not afraid to ask questions and set priorities for yourself
• A team player who excels in highly collaborative environments
• Must be fluent in written and spoken English
• 10+ years of experience in identifying security issues and risks, developing mitigation plans

Bonus Points

• Security Qualifications
• Experience with Terraform
• Experience with configuration management such as Ansible, Chef, Puppet, etc.
• Familiarity with SQL, PHP, Node.js, Java

• Salary Range: $150,000 - $200,000 USD/year
• Plus a potential annual bonus of up to 10% of the salary.
• This is a target starting cash range for a candidate who meets the minimum qualifications for this role. The final cash pay for this role will depend on a variety of factors, including a specific candidate’s experience, qualifications, skills, and projected impact.
• ***This is a remote position***

What Formstack Offers for Full-Time Employees in the US and Canada:- Competitive health plans, Dental, Vision, Disability, and Life Insurance Benefits for US and Canadian full-time employees.- Monthly Health & Wellness and Technology stipends- Half-day Fridays- Unlimited PTO for all employees.- 401k & Roth w/ safe harbor match (the US and Canada)- The most up-to-date technology, including company-issued Macs, the latest software, and other tools needed to excel at your job- Company-paid conferences and extended learning opportunities- Yearly company and team gatherings
Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every qualification. Formstack is dedicated to building a diverse, inclusive, and authentic workplace. if you’re excited about this role, but your experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.
Formstack is an equal-opportunity employer. We are passionately committed to equitable hiring and boldly dedicated to diversity in our work and staff. We do not discriminate in employment opportunities or practices based on actual or perceived race, color, religion, national origin, sex (including pregnancy, childbirth, or related conditions), age, marital status, sexual orientation, gender identity or expression, veteran status, uniform service member status, disability or any other characteristic protected by law. Women, people of color, bilingual and bicultural individuals, LGBTQ+ persons, and people with disabilities are encouraged to apply.
All data collected in our application process, from resume collection to application questions, is used for recruitment purposes only. We will store it in our applicant tracking system, Lever, and will not share this data with anyone else. We will keep your data until the role is filled and only continue to store it if we feel you may fit future roles.