Senior Security Engineer

Key Skills

AWS, Bash scripting, DevSecOps, Effective communication skills, Git, GoLang, JavaScript, Python Programming

Job Description

The Role

As a Senior Security Engineer at Striveworks you’ll be challenged—and trusted—on day one to be a core contributor to the direction of the company.

Striveworks is a cutting-edge software startup that provides companies with tools to build and support machine learning models at scale. Our team is composed of experts in machine learning, software development, and cloud as well as on-prem infrastructure. We are committed to helping both government and commercial organizations harness the power of AI.

We are seeking an experienced Senior Security Engineer to ensure we provide customers with best-in-class security protection. As a Security Engineer, you will be responsible for identifying and mitigating security risks, as well as implementing and maintaining security tools and processes.

What you’ll own and do:

• Identify vulnerabilities in our software product(s) using the following methods (not an exhaustive list):
  • Black/Grey/White box penetration testing
  • Vulnerability scanning
  • Static/Dynamic Code Analysis
  • Review pull-requests/merge-requests (as requested and/or time permitting)
• Submit tickets and automate tests for individual issues, and assist in prioritization
• Mitigate security risks in a variety of ways, including:
  • Security evangelization, based on known threat profiles, industry best-practices, etc.
  • Assisting developers with, for example, static code analysis hits by elaborating on the reason the code failed the test, along with suggestions on how to accomplish functionality goals without failing that test. (PR/MR reviews and/or Pair programming)
  • Targeted training
  • Automated tests in the DevSecOps pipeline
• Automate the deployment, configuration, and maintenance of security tools, such as log aggregators, firewalls, intrusion detection systems, and security information and event management (SIEM) systems
• Develop and maintain security policies, procedures, and standards to ensure compliance with industry best practices and regulatory requirements
• Conduct Information Security training for employees and provide guidance on security best practices
• Configure and respond to security alerts and incidents.

The anticipated base pay range for this position is $175,000–$220,000/year. Striveworks’ total compensation package includes a competitive base salary, annual performance-based equity grants, and a lucrative yearly cash bonus.

This position offers a fully remote work environment, or you can work hybrid/onsite at our office in northwest Austin, TX.

The Right Fit

We spend a lot of time during our hiring process talking about shared values.

Why? We passionately believe that fostering an environment where people can self-actualize and pursue greatness is the best way to achieve our individual and collective goals.

What does this mean for you? We want to provide you with the conditions to thrive in an environment where you can achieve your goals, where you know the team shares your goals, and where you make and accept decisions for the team with humility. At Striveworks, we want your say/do ratio to be 1 and to know that being part of a top-tier team means that there is no smartest person in the room. If that makes sense, we’re already on the same page.

What we’re looking for:

• 6+ years relevant experience
• Extensive knowledge of software security tools and practices, such as vulnerability scanners, penetration testing, secure coding practices, encryption, and access control
• Strong understanding of web application security and cloud security
• Familiarity with industry standards and regulatory requirements, such as NIST SP 800-171, NIST SP 800-53, NIST RMF, ISO 27001, SOC 2, and GDPR
• Comfortable writing scripts and/or simple CLI applications in a scripting or programming language (Python, Go, JavaScript, Bash, etc.)
• Comfortable working with Git on the command-line
• Familiarity with AWS technologies
• Relevant examples of tools and practices:
  • Vulnerability scanners, such as Nessus or Qualys
  • Penetration testing tools, such as Metasploit or Burp Suite
  • Secure coding practices, such as OWASP Top 10 and SANS Top 25
  • Encryption standards, such as AES or RSA, and their vulnerabilities
  • Access control methodologies, such as role-based access control (RBAC) and attribute-based access control (ABAC)
  • Web application security practices, such as input validation, output encoding, and session management
• Excellent communication and collaboration skills
• Driven, self-directed personality
• Strong sense of mission and commitment to making a difference
• Bachelor's or Master's degree in computer science, software engineering, or a related field

The Benefits

• Top-of-market salary and total compensation
• Generous equity plan
• Health/vision/dental insurance
• Flexible PTO
• Parental leave