Senior Security Engineer
Posted on Friday, October 13, 2023
At Deputy we’re on a mission to change the way the world works and we are looking for fantastic people to help us do that. Our mission is to simplify shift work, with our longer term vision to enable thriving workplaces in every community.
Deputy is a SaaS workforce management company designed to simplify employee scheduling, time and attendance tracking, and task management for businesses. We are headquartered in Sydney (AU) and San Francisco (USA), with offices in Melbourne (AU), and London (UK). We’ve helped employers across all industries in 70+ countries optimize their workforce and improve operational efficiency. As a fast-growing tech company, Deputy offers an exciting and dynamic work environment with opportunities for career growth and development.
This is a remote role (working from home), so we are totally happy for you to be based anywhere in the US.
You do not need to match every listed expectation to apply for this position. Here at Deputy, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.
The Senior Security Engineer role encompasses several security domains covering cloud and application security, physical security, threat detection, security orchestration and incident response. This role will be focused on Security Operations, SIEM management and threat detection.
If you are currently in a security engineering or security operations role and are passionate about automation and designing secure products and solutions, this role is for you. In this position, you will be an expert in several of the listed domains looking to explore multiple facets of an end-to-end security program.
- Suggest appropriate controls to address threats to the organization
- Select new technology vendors, and implement and maintain the solutions over time
- Design and implement anomaly detection alerting and monitoring mechanisms across the web application, cloud/infrastructure, and physical environments
- Lead threat-hunting efforts and communicate findings to stakeholders
- Respond to alerts
- Setup and disseminate information from threat intelligence feeds
- Participate in or lead incident response activities
- Implement and manage the SIEM system
- Design, implement, and manage security orchestration (SOAR) capabilities
- Technical responsibilities focus on several aspects of security including: cloud and infrastructure security assessments; vulnerability management and remediation; anomaly detection and response; threat hunting and detection; incident response; SIEM platform management; building internal security tooling and automation
- Expertise in security best practices and concepts, software architecture, cloud/infrastructure security, threat & anomaly detection and response
- Experience in working as a team and collaborating with software engineers, product managers and senior managers to understand projects, and give well-reasoned opinions, backed by past experience, on topics around threat mitigation and security
- Strong knowledge of cloud security best practices (we use AWS), their tools around security, risk mitigation, etc.
- Strong knowledge of SIEM technologies (Splunk, Devo, Datadog)
- Strong knowledge and experience with scripting languages and automation tools
- Experience with Infrastructure as Code (IaC) and security baselines.
- Experience with source code repositories, CI/CD pipelines, and associated security tooling (e.g., GitHub, GitLab, Jenkins, etc).
- Experience in implementing and maintaining a Cloud Security Posture Management (CSPM) and Vulnerability Management tools
- Experience in performing or leading cloud/infrastructure and network penetration testing
- Experience with incident response procedures - preparation to lessons learned
- Familiar with Bug Bounty programs Have written security blogs, papers or presented at security conferences
- Experienced with information security management frameworks, such as ISO27001, NIST CSF, SOC2 or ISM
- Experienced with information privacy, including privacy by design, privacy impact assessments and legislation are them (e,g: GDPR)
- Highly effective at collaborating with other areas of the business and leading with influence rather than relying on authority
- Strong presentation and written documentation skills, working together requires telling a story everyone can understand
- A “builder” mindset: ready to learn, aren’t afraid to ask questions and execute with a high agency
- Resilient and experienced in working in a fast-paced, high-pressure environment
The pay range for this position takes into account multiple factors that are all considered to determine an individual candidate’s starting pay. These factors include but are not limited to: market factors, experience, technical and non-technical skills, education, certifications, and other business acumen. This range does not include any potential incentive programs, such as individual or organizational performance bonuses.
For candidates based outside San Francisco Bay Area or New York City, the pay range for this position is $131,000 - $150,000.
- Employee Stock Ownership
- Competitive Compensation Packages
- 401k Company Match
- Comprehensive Health Benefits
- Commuter Reimbursement Program
- Flexible Work Schedule
Learn More About Deputy
Best Employee Scheduling Software 2023 (Forbes Advisor)
Deputy believes in equal opportunity and that inclusiveness and diversity promotes innovation. Our global team members are from a variety of cultures. And we welcome different perspective and skills.