Senior Security Engineer (Remote)

About Super.com
We started Super.com to help maximize lives–both the lives of our customers and the lives of our employees– so that everyone can experience all that life has to offer. For our employees, our promise is that Super.com is more than just a job; it’s an opportunity to unlock one’s potential, where learning is celebrated and impact is realized.  
We are more than a fast-paced, high-growth tech company; we care about our people and take career progression seriously. This is your career and our aim is to supercharge it through the people, the work, and the programs that fuel who we are.
About This Role
We are looking for a Senior Security Engineer to take significant ownership and provide experienced insight into our security program at Super.com. In this role you will be accountable for helping to define and achieve  our security objectives, take ownership over existing security processes, and individually implement new solutions to difficult security challenges. You’ll operate with significant autonomy to identify opportunities, drive DevSecOps initiatives, and implement solutions that leverage technology and automation to scale.
About You
We’re looking for a highly-motivated self starter who shares our excitement for growth and impact. The ideal candidate will be comfortable operating with autonomy and demonstrating strong initiative to drive security outcomes.  In addition, you are a strong communicator (both technical and non-technical), interested in continuous learning, and interested in the startup environment with an emphasis on delivering business value. You’ve got the technical depth to independently execute on the roadmap you’ll create, the time management and communication skills to work with technical and non-technical stakeholders, and high standards when it comes to accuracy and thoroughness. Finally, you are highly collaborative, data-driven, scrappy, and want to empower our organization to manage security risks in a way that empowers our teams to deliver secure solutions on time.

Key Challenges

• “Be an Owner” of security engineering across the company and ensure we identify and mitigate risks early in the development lifecycle.
• Leverage your experience while providing strategic insights to company security roadmap planning
• Drive DevSecOps and other security initiatives from ideation through design, implementation (including coding), deployment, operation, and evangelization. 
• Act as a trusted point of contact for security questions and issues, particularly as a point of escalation during security-related incidents.
• Provide security insights to cross-team technical meetings and discussions, identifying opportunities to improve security processes and engineering productivity
• Interact with external parties on Super.com’s behalf during vendor selection/negotiation, external audits, contract work such as pen-tests, and bug bounty program communications
• Champion Super.com’s values, helping the company view core values from a security perspective

About You

• 5+ years experience in a full-time security role with a broad range of responsibilities
• 1+ year experience working as a software developer, or a relevant education background such as Computer Science indicating experience and comfort with software engineering
• Able to write python scripts
• Experience working with product management, engineers, IT, and non-technical business staff
• Experience framing security problems in business language and building support for security initiatives 
• Has implemented shift-left security tools and methods such as SAST, DAST, SCA, Container Security, and DevSecOps initiatives with a focus on CI pipeline integration
• Has proactively achieved on a broad range of security initiatives, spanning infrastructure security, application security, and implementing business controls/policies in the context of modern web applications
• Experienced working with AWS, Terraform, Kubernetes, Linux, and generally popular security tools

Bonus Points!

• Familiar with Datadog / Prometheus and best practices around infrastructure and application monitoring
• Past involvement in compliance processes such as SOC2, PCI, SOX, ISO/IEC 27000 series
• Experience at similar stage startups / scaleups
• Experienced owning vendor relationships for security tooling, working with auditors, and interacting with external pen-testers and bug bounty hunters
• Experience with the fintech industry

We Believe in Equal Opportunity 
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. 
Accommodations are available on request for candidates taking part in all aspects of the selection process. If needed, please notify our Talent Acquisition Partner.