About Us

We are a growing company specializing in fraud detection through machine learning models. Our technical team consists of 15 data engineers, 15 data scientists, and 5 full-stack developers. The Ops Engineering team, which you'll be joining, supports these groups by building automations and infrastructure as code.

The Role

We're seeking a Security Engineer to join our 2-person Ops Engineering team. This role will focus on managing and improving our security posture.

Key Responsibilities

• Lead quarterly access reviews covering cloud IAM policies, firewalls, and account permissions across sub-processors (GCP, AWS, GitHub, Google Workspace, Auth0, JIRA, Looker)
• Remediate security concerns using our Compliance Automation Software, Vanta
• Monitor hardware security using MDMs (Jamf, Vanta Agent, Google Endpoint Management) and communicate with team members about security issues
• Complete security questionnaires from clients' InfoSec departments
• Manage networking rules on our Zero Trust Network Access setup
• Oversee notification systems for security and compliance issues
• Monitor new infrastructure creation to ensure best practices are met
• Improve incident response reporting and conduct root cause analysis on incidents
• Develop Pub/Sub automations based on log-based findings
• Implement Data Loss Prevention (DLP) automations
• Write Terraform configurations for all new security-related configurations
• Create Python scripts to automate security processes and deploy them to Airflow for consistent execution
• Identify and address security concerns across the entire 50-person company

Required Skills and Experience

• Proficiency in Terraform for infrastructure as code
• Strong understanding of IAM management principles
• Strong understanding of firewall configuration and network security
• Advanced Python programming skills
• SQL knowledge for data analysis and management
• Experience with authentication methods, including OAuth 2.0 and OpenID Connect
• Familiarity with cloud security best practices (GCP, AWS)
• Experience with security compliance frameworks (e.g., SOC 2 Type II, ISO 27001)
• Strong problem-solving and analytical skills
• Excellent communication skills

Preferred Qualifications

• Experience with Apache Airflow for workflow management
• Familiarity with BigQuery or similar cloud-based data warehouses
• Knowledge of containerization technologies (e.g., Docker, Kubernetes)
• Experience with log analysis and SIEM tools
• Familiarity with DevSecOps practices
• Relevant security certifications (e.g., CISSP, CEH, OSCP)

What We Offer

• Opportunity to shape the security strategy of a growing company
• Collaborative work environment with cutting-edge technologies
• Professional development opportunities
• Hybrid work model: 3 days in-office, 2 days remote per week
• Flexible hours to accommodate your most productive work times