You'll also contribute to the security domains of application, governance and compliance, incident detection and response, and infrastructure security -- so you'll never end up working in a silo.
You will assess threats and vulnerabilities, analyze data and code, define measurable objectives, and drive implementations of security solutions. You will also be responsible for building and implementing testing tools and methodologies, including manual and automated processes, deployment, and monitoring.Role & Responsibilities
Design, deploy, manage and improve critical security infrastructure services/tools for authentication and authorization, PKI, secrets management, logging, detection, vulnerability management and more
Partner with teams throughout Glassdoor on technology initiatives to improve security and bring standard methodologies to our products and services
Analyze the latest attacker techniques and develop approaches to detect them across the company's diverse environments and endpoints.
Define, implement, and tune detective capabilities and data sources to detect and remediate malicious activity
Work with engineering and operations teams to implement threat detection signals, deploy new tooling, and improve response capabilities.
Analyze security data and report on threats and incidents across various platforms and environments.
Mentor team members, junior and senior, in state-of-the-art incident response practices
Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate
Assist with security incidents that the company may face in alignment with our response processes
Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
Document security processes and standards. Skills & Qualifications
8+ years of experience with security engineering in e-commerce, internet, or social networking settings
BS/MS/PhD in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience and evidence of exceptional ability.
Must Have: Hands-on expertise operating in an AWS environment with mastery of architecture and security capabilities in the cloud
Mastery of multiple security domains such as intrusion detection, incident response, malware analysis, and forensics.
Strong knowledge of UNIX operating systems
Advanced programming abilities in Python or similar language
Knowledge of web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten
Deep understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle.
Strong verbal and written communication skills, solid team player, with demonstrated abilities in analysis and problem-solvingBenefits
100% company paid medical/dental/vision/life coverage; 80% dependent coverage
Long-Term Incentive Plan
401(k) Plan with a Company Match to prepare for your future
Sunny & peaceful Mill Valley offices located right on the water
Walking, running and biking trails steps away from the office
Onsite gym and fitness classes
Free catered lunch; new menu daily
Paid holidays and flexible paid time off
Your choice between Mac or PC
Dog-friendly office (with dog-free zones if you are so inclined)