Senior Information Security Engineer
Who we are:
Zwift is a digital destination for fitness enthusiasts that are redefining indoor exercise. We took the boring indoor routine and game-ified it, by developing an at-home training experience that connects cyclists and runners with each other around the world. We’re on a mission to make more people, more active, more often.
Launched from the sunny beaches of Long Beach, CA with offices in NYC, London, Rio de Janeiro, Tokyo, and Melbourne, the Zwift community is active in 195 countries (yup - more countries than the United Nations) and growing. We’re endlessly positive, relentlessly inventive, and always looking to improve…wanna join?
About the team:
The Zwift InfoSec Team is responsible for the security and availability of all services offered by Zwift, as well as providing security support for teams leveraging those services. The Zwift InfoSec team works with service teams to design and build secure solutions, participate and coordinate cross-organization security initiatives, and solve security challenges at scale. This is an exciting and visible role – you will directly influence the security postures for Zwift products and services.
- Work with engineering teams across Zwift to prioritize security issues identified during Security Due Diligence and Application Security Reviews.
- Provide expert advice and consultancy to internal customers on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
- Implement information security controls and patterns that support risk assessments and the development of secure architectures.
- This will involve understanding Zwift service interdependencies and driving secure technical solutions for multi-tiered systems.
- Collaborate with engineering teams to drive product roadmaps, by providing security requirements that map security controls to service features.
- Address bottlenecks, provide escalation management, anticipate and make tradeoffs, and balance the business needs versus technical constraints.
- Partner with multiple teams across multiple locations with varying sets of priorities to ensure timely delivery and secure solutions.
- Clarify and drive project commitments as well as establish and maintain clear chains of accountability.
- Lead internal process improvement projects, including the development and implementation of internal security tools.
- Provide security training and outreach to internal development teams.
- Provide security guidance documentation.
- Provide assistance with metrics delivery and improvements.
- Provide assistance with recruiting activities and administrative work.
Who we’re seeking:
The Zwift InfoSec Team is looking for a Sr. Security Engineer to help build and grow security operations within acquired service teams in order to address both deeply technical and programmatic security issues, as well as emerging new threats. This individual will lead security due diligence efforts, plan security integration, and execute efforts for M&A acquisitions. The role requires partnering with executive business sponsors to define key security issues for potential acquisitions, implementing actionable plans to achieve remediation of security threats, and diving deep on tactical security aspects of a service in need of extra attention. Security Engineers oversee and influence cross-functional security diligence and integration teams to ensure all relevant security tasks are completed.
Successful Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and not fazed by adversity or ambiguity. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cloud security threats, the ability to influence people from customers to managers through technical solutions, and the desire to be an individual contributor to securing Zwift’s platform and system/services technology.
What we’re looking for:
- Bachelor's Degree in Computer Science or a related field (or 7 years equivalent experience)
- Minimum of 5+ years of progressive security architecture experience; preferably within a professional services firm or similar environment working with startups and large security mature companies.
- 5+ years of application security experience designing, building or testing web and API-based architectures.
- 5+ or more years of related experience in Information Security, Cybersecurity, Identity and Access Management (IAM) and/or Information Technology to include accountability for complex tasks and/or projects.
- 5+ years of experience working with stakeholders across many functions.
- 5 years of experience in Security Engineering, DevOps or IT Operations roles, strong familiarity with the principles of DevOps and Agile development.
- 3+ years of hands-on experience securing cloud applications and infrastructure (AWS strongly preferred).
- Understanding of security vulnerabilities, attacker exploit techniques and methods for remediation of such.
- Excellent understanding/working knowledge of the public cloud infrastructure and services in AWS (IAM, VPC, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.) is a strong plus.
- Experience implementing and leveraging the logging and monitoring solutions is a plus.
- Experience communicating technical concepts to a non-technical audience.
- Prior working experience in or with a Software Development Team.
- Corporate development, management consulting, or mergers and acquisitions experience.
- Demonstrated experience in areas such as system security, network, and/or application security experience.
- Understanding of best practices in one or more security engineering specialties: secure development, cryptography, network security, security operations, systems security, policy, and incident response.
- Experience developing and interpreting security compliance standards and guidance.
- Scripting skills (e.g., Python, C, C++, Java, Ruby, or PowerShell)
- Socially confident with good organization, communication and presentation skills.
- Self-starter with good analytical skills and a proactive approach to problem-solving
- Capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance.
Top Five Reasons Why We Think You’ll Love It Here
- Great Employee Fitness Program… earn a bike or other fitness equipment!
- Amazing office location on the 18th floor with a killer view
- Competitive Benefits (including Medical, Dental, and Vision)
- Awesome team of diverse individuals that love what they do
- Did we mention that we ride bikes at work and run at work?