Senior Security Engineer
Who We Are
At sweetgreen, a Senior Security Engineer to help keep our enterprise safe and enable our organization to scale on a reliable, flexible, fast and--most importantly--trustworthy platform. We’re accepting applications from now until we find the right candidate.
In this role, you will build APIs, services and platforms that promote and enforce privacy, security and compliance by design which will be accessible and applicable to every part of our enterprise. What you build will be used in every part of the organization, from the stores, to the corporate environment (called the Treehouse) and even our digital products.
Though there’s more work to do than people to do it, we always aim to achieve our objectives with people, processes and policies before we apply technology. We choose our tooling very carefully with an eye toward how it may be used to help other parts of the organization achieve their goals. To that end, we lean heavily on FOSS (free and open source software) capabilities—such as terraform, kubernetes, recon-ng, osquery and zeek—to help us deliver on our outcomes. We welcome you to contribute to a FOSS community and, as you discover innovative ways to solve the security challenges presented to you, promote sweetgreen’s contributions to the security community.
Top Outcome - Within one year, design, develop, deploy and operate a platform upon which we can collect, analyze, detect and respond to cybersecurity events occurring across the enterprise. The effect of this work is that you will have created an elastic, responsive security sensor grid which spans the entire fleet; you will have created a technology framework which enables the discovery, identification and prioritization of vulnerabilities on every platform sweetgreen owns and operates; you will have generated an accurate, up-to-date inventory of all of our hardware and software assets and; you will have collected the foundational data required for us to be able to define a baseline of normalcy and detect when something goes out of spec in real time.
- Rough-in The Operating Space: Through observation, engagement and interviews with stakeholders across the business including IT, engineering, supply-chain and restaurant systems, by day 21 you should have a good understanding of the core systems and platforms that sweetgreen operates upon and be able to articulate gaps in visibility, detection, alerting and processes.
- Design The Platform & Data-flows: Within 45 days, you should design and propose a solution which allows us to close the visibility gap across the fleet. Your solution must maximize value and minimize costs, drawing upon your knowledge and expertise of AWS, GCP and/or Terraform compute resources to which your sensor--osquery, fleet & zeek--data will flow. Create technical design documents (TDDs) that propose incremental solutions and reach out to stakeholders across the business to get buy-in on any requirements which may require their input or impact their systems.
- Define the Path to Done: By 60 days in seat, you will have presented your TDD(s) to the other stakeholders for feedback for feasibility, scalability, and implications for how your solution would interface with existing systems and secure consensus to implement. From there, you should define & document realistic milestones and deliverables, down to the story-level, describing how you will deploy the sensor grid and collect data for additional analysis
- Lead the Technical Implementation: By day 90, you will spend at least 75% of your time driving the technical production of the solutions and personally building APIs to funnel the data into other enterprise platforms such as Splunk and Snowflake. The primary focus of the technical development effort will be to assume ownership of the platform and resulting data collection. In partnership with your leadership and peers in IT, Engineering, Restaurant Systems and Supply Chain, you’ll hold yourself accountable to the dates that you committed to, completing feature work in your first sprint.
- Documentation: In order to ease future teammate onboarding, debugging, and knowledge sharing of complex services while mitigating the risk of tribal knowledge, within 30 days in seat, you’ll contribute to our established information architecture within Confluence and put a plan in place to realize 100% documentation of the systems you own.
- Monitoring System Health: By day 90, you will have a plan in place to implement missing or leverage existing telemetry and testing, through CI/CD, so you can report on the health of your services, triage bugs, and limit regression.
- Demonstrated track record of building exceptional software
- Comfortable and at home on the command-line and have expert-level proficiency in at least one modern scripting language such as bash, python or powershell
- Knowledge and experience with AGILE methodology.
- Experience consuming RESTful APIs.
- Experience deploying website A/B testing or personalization
- Strong understanding of best practices relating to frontend architecture
- A strong desire to experiment with bleeding edge technology and understand relating market trends.
- Strong problem solving, communication, and creative skills.
- Strong time management.
- Three different medical plans to suit your and your family's needs
- Dental and Vision insurance
- Flexible PTO plan
- 401k; company match of 50% up to 3% of employee contribution
- 5 months paid family leave; we believe in fully supporting new parents
- Employee HSA and FSA
- Complimentary greens
- An opportunity to make a real impact on the people around you, both by growing them and by connecting them to real food
- To live the sweetlife and celebrate your passion + purpose
- A collaborative family of people who live our core values and have your back
- A clear career path with opportunities for development, both personally and professionally
- Free sweetgreen swag
Fortune favors the bold, and nowhere is that more true than sweetgreen cybersecurity. We want you to help us reimagine what security means by turning old, antiquated traditions on their ears and challenging every assumption. While our security program is rooted in the principles of the NIST Cybersecurity Framework, we recognize that delivering on those principles doesn’t look the same for everyone.
We value fire prevention over fire fighting. Yes, you will have some fires to put out, including incident response and remediation, but your focus will be on building foundational apps and services that are fault tolerant and scalable which allow us to quickly isolate and quarantine malicious or unauthorized activity without having to tear down the whole system.
We’re looking for builders. We’re looking for people who are excited to be on the ground floor, knowing that it will be their designs, their plans and their influence which shape the future of sweetgreen s security posture.
Come join the sweetlife!
sweetgreen is on a mission to build healthier communities by connecting people to real food. We passionately believe that real food should be convenient and accessible to everyone. Every day in each sweetgreen restaurant, our 4,000+ team members make food from scratch, using fresh ingredients and produce delivered that morning. And in our local communities, we’re committed to leaving people better than we found them. We’re in the business of feeding people, and we’re out to change what that means. Our people are our most valuable ingredient - the heart of our company, the face of our brand, and what truly makes the sweetgreen experience special and unique.
sweetgreen provides equal opportunities for everyone that works for us and everyone that applies to join our team, without regard to sex or gender, gender identity, gender expression, age, race, religious creed, color, national origin, ancestry, pregnancy, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, any service, past, present, or future, in the uniformed services of the United States (military or veteran status), or any other consideration protected by federal, state, or local law.
sweetgreen participates in the federal government's E-Verify program to determine employment eligibility. To learn more about the E-Verify program, please click here.