Security Engineer - remote

Posted 3 years ago
Stack Overflow

About Ceros

Ceros is an experiential platform that empowers the creation of bespoke, immersive digital experiences without code. We’re passionate about helping companies transform their static digital content into engaging experiences. From custom microsites to immersive interactive webpages, you can build it with Ceros. Publish and update live content and instantly embed it into your site or social media platforms such as Pinterest or Snapchat. Join us and be part of the movement to enable everyone to create experiences that matter.

Our customers include some of the world’s leading brands, such as Mashable, Bloomberg, Red Bull, United Airlines, and AIG.

We are well-funded and institutionally-backed by prominent investors including Sumeru Equity Partners, Grotech Ventures, Greycroft, and Starvest Partners.

The Role

Security is baked into all we do at Ceros. We are looking for a highly skilled DevSecOps Engineer to help us continue to iterate and innovate quickly while maintaining the highest standards of security. We value both breadth and depth of knowledge and you will have the ability to influence every area of our security posture. Our ideal candidate will have well-rounded security knowledge, strong software engineering skills, and an ability to think both defensively and offensively. Reporting into our Director of Engineering, the DevSecOps Engineer will own, create, advise and execute on all security practices and programs at Ceros.

Key Responsibilities

  • Lead security operations including the implementation of secure development procedures, incident and vulnerability management practices and tools such as static code analysis or threat protection agents
  • Manage Identity Management (core infrastructure), including access management, key management and MFA
  • Manage security architecture including system hardening standards and infrastructure-as-code
  • Lead current security initiatives including: generic account remediation, password management, Patch, Malware, customer data encryption
  • Be a security subject matter expert across the business
  • Collaborate with other engineers in security code reviews to identify and fix issues in our applications
  • Develop tooling to automate manual security processes
  • Lead security-related projects from inception to successful completion
  • Perform hands-on internal assessments of our cloud infrastructure
  • Provide effective incident response, remediation, and forensics services when required
  • Assist the compliance team to ensure continued compliance with SOC 2 and ISO 27001
  • Lead open source library management, including inventory and vulnerability assessments

Practical stuff we anticipate you having

  • Minimum of four (4) years prior experience in a security engineering role or as a penetration tester
  • Solid understanding of the OWASP Top 10 such as SQLi, XSS, CSRF, and business logic flaws across large code bases
  • Strong knowledge of cryptography principles and authentication infrastructure (e.g., SAML, oAuth)
  • Experience with securing and monitoring AWS or similar cloud environments
  • Performed hands-on security threat modeling, risk assessment, and operational security analysis
  • Prepared and presented detailed, written and verbal technical information for both internal and external audiences
  • Security assessment experience, penetration testing, incident response, forensics, network traffic analysis either internally or as a consultant
  • Experience with Security architecture and risk mitigation
  • Experience of having worked in an environment where DevOps principles are practiced
  • Relevant industry certifications are a bonus (CISSP, SANS/GIAC, CompTIA, Microsoft, Linux, Cisco)

What we’re looking for from the heart

  • Passion, enthusiasm, energy, humor, humility and the ability to convey this through the work that you do
  • You demonstrate an insatiable curiosity and desire to learn new things. You’re always seeking new knowledge and trying to expand your skill set
  • A team-player mentality;you put your team first and are willing and able to do anything to help your team and your peers succeed
  • Comfortability working in a fast paced, hyper growth environment
  • Natural leadership abilities

Key Things to Know

  • We want you to start ASAP
  • This is a full-time position
  • This is a remote first role with the ability to work primarily on east coast time;travel periodically to our NY offices, and global team meetups

Benefits

  • Competitive salary
  • Stock options
  • Premium health insurance
  • Paid parental leave
  • Unlimited vacation days
  • Wellness Fridays (shorter work days)
  • Excellent gear (15”Macbook Pro, external monitor, etc.)
  • Virtual experiences in which Cerosians can collaborate, educate, and create social connections with one another

At Ceros, we are deeply committed to the recruitment, retention, and growth of diverse talent;uniting people from unique backgrounds in our shared passion for unlocking creativity through technology.

As an equal opportunity employer, we prohibit any unlawful discrimination against a job applicant on the basis of their race, color, religion, veteran status, parental status, gender identity or expression, transgender status, sexual orientation, national origin, age, disability or genetic information. We respect the laws enforced by the EEOC and are dedicated to going above and beyond in fostering diversity across our company.