We're looking for a Senior or Staff Compliance Engineer to join an established team and help build a new wave of relationships in the federal space.
Logistics: Hybrid in NYC (3 days per week)
Compensation: $160-230k in addition to an annual bonus and stock options.
What you'll be doing:
• Work side by side with engineering and product resources to define security and compliance requirements for new features and services
• Build threat models, testing plans, and validation strategies to ensure a high secure bar for the system
• Review code, infrastructure, and architecture for common security flaws, as well as bespoke, business logic flaws
• Manage penetration tests of critical features
• Assist in managing audits and compliance requirements on an ongoing basis
• Bridge and facilitate communication between engineering teams and other parts of the Security organization
What's required of you:
• 4+ years of experience working as a security engineer
• You understand how to analyze a system and look for potential threats at every stage of the SDLC. You have experience with system design reviews, threat modeling, and common vulnerabilities in Web and Mobile applications
• Hands on experience with cloud-based architectures, especially those built on AWS, Kubernetes, and Docker
• Solid understanding of networking and operating systems
• You can write scripts, and you are proficient in one (or more) of the following languages: Java, Javascript, Python
• You have excellent analytical skills, strong organizational and project management skills, and the ability to prioritize and manage multiple tasks and deadlines.
• You are a strong communicator who can explain security concepts to a variety of audiences and levels, as well as work collaboratively across technical and non- technical teams
• You are comfortable with high levels of autonomy and delivering on complex goals
• You have experience with regulatory and compliance frameworks like NIST 800-53, PCI DSS, and FedRAMP, as well as Identity and Authenticator Assurance Levels like IAL2 and AAL2