Senior Information Security Engineer

| Greater LA Area

Who we are:

Zwift is a digital destination for fitness enthusiasts that are redefining indoor exercise. We took the boring indoor routine and game-ified it, by developing an at-home training experience that connects cyclists and runners with each other around the world. We’re on a mission to make more people, more active, more often.

Launched from the sunny beaches of Long Beach, CA with offices in NYC, London, Rio de Janeiro, Tokyo, and Melbourne, the Zwift community is active in 195 countries (yup - more countries than the United Nations) and growing. We’re endlessly positive, relentlessly inventive, and always looking to improve…wanna join?

About the team:

The Zwift InfoSec Team is responsible for the security and availability of all services offered by Zwift, as well as providing security support for teams leveraging those services. The Zwift InfoSec team works with service teams to design and build secure solutions, participate and coordinate cross-organization security initiatives, and solve security challenges at scale. This is an exciting and visible role – you will directly influence the security postures for Zwift products and services. 

Responsibilities Include:

  • Work with engineering teams across Zwift to prioritize security issues identified during Security Due Diligence and Application Security Reviews.
  • Provide expert advice and consultancy to internal customers on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
  • Implement information security controls and patterns that support risk assessments and the development of secure architectures.
    • This will involve understanding Zwift service interdependencies and driving secure technical solutions for multi-tiered systems.
  • Collaborate with engineering teams to drive product roadmaps, by providing security requirements that map security controls to service features.
  • Address bottlenecks, provide escalation management, anticipate and make tradeoffs, and balance the business needs versus technical constraints.
  • Partner with multiple teams across multiple locations with varying sets of priorities to ensure timely delivery and secure solutions.
  • Clarify and drive project commitments as well as establish and maintain clear chains of accountability.
  • Lead internal process improvement projects, including the development and implementation of internal security tools.
  • Provide security training and outreach to internal development teams.
  • Provide security guidance documentation.
  • Provide assistance with metrics delivery and improvements.
  • Provide assistance with recruiting activities and administrative work.

Who we’re seeking:

The Zwift InfoSec Team is looking for a Sr. Security Engineer to help build and grow security operations within acquired service teams in order to address both deeply technical and programmatic security issues, as well as emerging new threats. This individual will lead security due diligence efforts, plan security integration, and execute efforts for M&A acquisitions. The role requires partnering with executive business sponsors to define key security issues for potential acquisitions, implementing actionable plans to achieve remediation of security threats, and diving deep on tactical security aspects of a service in need of extra attention. Security Engineers oversee and influence cross-functional security diligence and integration teams to ensure all relevant security tasks are completed. 

Successful Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and not fazed by adversity or ambiguity. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cloud security threats, the ability to influence people from customers to managers through technical solutions, and the desire to be an individual contributor to securing Zwift’s platform and system/services technology.

What we’re looking for:

  • Bachelor's Degree in Computer Science or a related field (or 7 years equivalent experience)
  • Minimum of 5+ years of progressive security architecture experience; preferably within a professional services firm or similar environment working with startups and large security mature companies.
  • 5+ years of application security experience designing, building or testing web and API-based architectures.
  • 5+ or more years of related experience in Information Security, Cybersecurity, Identity and Access Management (IAM) and/or Information Technology to include accountability for complex tasks and/or projects.
  • 5+ years of experience working with stakeholders across many functions.
  • 5 years of experience in Security Engineering, DevOps or IT Operations roles, strong familiarity with the principles of DevOps and Agile development.
  • 3+ years of hands-on experience securing cloud applications and infrastructure (AWS strongly preferred).
  • Understanding of security vulnerabilities, attacker exploit techniques and methods for remediation of such.
  • Excellent understanding/working knowledge of the public cloud infrastructure and services in AWS (IAM, VPC, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.) is a strong plus.
  • Experience implementing and leveraging the logging and monitoring solutions is a plus.
  • Experience communicating technical concepts to a non-technical audience.
  • Prior working experience in or with a Software Development Team.
  • Corporate development, management consulting, or mergers and acquisitions experience.
  • Demonstrated experience in areas such as system security, network, and/or application security experience.
  • Understanding of best practices in one or more security engineering specialties: secure development, cryptography, network security, security operations, systems security, policy, and incident response.
  • Experience developing and interpreting security compliance standards and guidance.
  • Scripting skills (e.g., Python, C, C++, Java, Ruby, or PowerShell)
  • Socially confident with good organization, communication and presentation skills.
  • Self-starter with good analytical skills and a proactive approach to problem-solving
  • Capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance.

Top Five Reasons Why We Think You’ll Love It Here

  • Great Employee Fitness Program… earn a bike or other fitness equipment!
  • Amazing office location on the 18th floor with a killer view
  • Competitive Benefits (including Medical, Dental, and Vision)
  • Awesome team of diverse individuals that love what they do
  • Did we mention that we ride bikes at work and run at work?
Read Full Job Description
Apply now
loading ...
Emailed

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • C++Languages
    • JavaLanguages
    • JavascriptLanguages
    • iosLanguages
    • androidLanguages
    • AngularJSFrameworks
    • Node.jsFrameworks
    • SpringFrameworks
    • ReactFrameworks
    • MySQLDatabases
    • Google AnalyticsAnalytics
    • OptimizelyAnalytics
    • ConfluenceManagement
    • JIRAManagement
    • TrelloManagement
    • WordpressCMS

Location

111 west Ocean Blvd, Long Beach, CA 90802

What are Zwift Perks + Benefits

Culture
Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Diversity
Unconscious bias training
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Team workouts
Retirement & Stock Options Benefits
401(K)
Performance Bonus
Child Care & Parental Leave Benefits
Flexible Work Schedule
Acme Co. provides employees with a flexible work schedule that includes Flexible start and end times.
Family Medical Leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Some Meals Provided
Happy Hours
Parking
Recreational Clubs
Relocation Assistance
Relocation assistance for qualifying job openings.
Fitness Subsidies
Reimbursement for qualifying fitness events (marathons, triathlons, etc), Zwift membership, and more!
Professional Development Benefits
Job Training & Conferences
Diversity Program
Lunch and learns
Promote from within
More Jobs at Zwift29 open jobs
All Jobs
Design + UX
Dev + Engineer
Marketing
Operations
Product
Project Mgmt
Sales
Sales
new
Los Angeles
Developer
new
Los Angeles
Marketing
new
Los Angeles
Operations
new
Los Angeles
Developer
new
Los Angeles
Product
new
Los Angeles
Product
new
Los Angeles
Developer
new
Los Angeles
Developer
new
Los Angeles
Developer
new
Los Angeles
Marketing
new
Los Angeles
Marketing
new
Los Angeles
Developer
new
Los Angeles
Operations
new
Los Angeles
Developer
new
Los Angeles
Developer
new
Los Angeles
Developer
new
Los Angeles
Developer
new
Los Angeles
Developer
new
Los Angeles
Developer
new
Los Angeles
Project Mgmt
new
Los Angeles
Developer
new
Los Angeles
Project Mgmt
new
Los Angeles
Developer
new
Los Angeles
Operations
new
Los Angeles
Design + UX
new
Los Angeles