Sr. Security Engineer
About Spring Labs:
Spring Labs is redefining how data is exchanged for the new age of data sharing, security, and consumer privacy through decentralization. Our Spring Protocol Tech Stack, which includes the use of Blockchain and Cryptography, allows institutions to share information among themselves to verify identities and reduce fraud - all while protecting consumer data.
Working at Spring Labs is about being part of a collaborative team, comprised of some of the most talented people in the industry. You would be welcomed into a fun, inclusive environment where we care as much about our employees as we do about our product.
As part of our Information Security & DevOps Team, the Senior Security Engineer will be responsible for continuously improving and maintaining the security of our cloud platform and products. The ideal candidate will have experience working in SaaS environments and collaborating with, and advising Product, Engineering, and DevOps teams.
• Work with Product, DevOps, and Software Engineering teams to help design secure products
• Work with Developers and DevOps to identify, prioritize and remediate security vulnerabilities
• Drive internal and external vulnerability and penetration testing
• Maintain security policies and drive remediation processes
• Perform proactive research to detect new attack vectors
• Perform reactive incident response when a security event occurs
• Serve as a subject matter expert on internal product security engineering questions/requests
About You
- Proven ability to communicate and educate engineering teams on security matters
- Can think like an attacker and use that context to effectively communicate and document potential threat vectors
- Familiarity with technical security controls, guidelines, and frameworks such as SOC2, ISO 27001/27013, NIST 800-53
- Familiarity with widely accepted vulnerability frameworks and guidance (i.e. CVSS, OWASP, NIST, etc.)
- Experience with Application Security tools (static code analysis, dynamic scanning, WAF, etc.)
- Experience with Cloud Infrastructure and Security tools
- Knowledge of web/application-layer security and attack vectors
- Solid working knowledge of Digital Forensics and Incident Response
- Demonstrable experience scripting with languages like PowerShell, bash, etc.
- Ability to work in a fast-paced environment
- Ability to collaborate with other teams/functions with a positive attitude and respect.
- Can think about problems from an out-of-the box perspective, doesn't always default to industry norms
- Experience with Python a plus
Perks
- Casual Work Environment
- Fully Stocked Kitchen
- Free Gym
- Weekly Office Events
- Unlimited PTO
- Comprehensive Medical/Dental/Vision
- 401(k)
Equal Opportunity Statement:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.