Staff Security Engineer

April 5

Apply Now

Get a free AI resume review

Everlaw

WebsiteLinkedInAll Job Openings

Chart a straighter path to the truth.

Legal Technology • Ediscovery • Electronic Discovery • Litigation • Innovation

201 - 500

Description

• Help define and implement Everlaw's security strategy • Lead a team of security engineers to build and integrate tools to ensure a scalable and efficient secure software development lifecycle (SSDLC). You'll draw upon your experience to guide and develop the skills of other security engineers. • Advise other engineers on building a secure platform. You'll lead threat modeling sessions, conduct security design reviews, and review code and configuration changes for security concerns. • Build out security improvements on our AWS accounts, covering areas like authentication, authorization, threat detection, encryption, and reducing attack surface. We have a vision including IAM, AWS Security Hub, Amazon GuardDuty, AWS Config, Service Control Policies, AWS Firewall Manager, and more. You'll add to the vision and help make it reality. • Collaborate with Engineering, Engineering Operations, IT, and GRC teams to help meet our operational security commitments by probing for vulnerabilities, assessing the risk, and advising on how to respond to them. • Triage security events and respond to security incidents, first taking action to contain them and later guiding us to recover normal operations and minimize the chances of recurring threats. • Develop new security processes, procedures, and runbooks, and refine existing ones, to help Everlaw scale with its rapid growth. • Find creative ways to solve problems without saying no to innovation. You'll find many thoughtful coworkers at Everlaw who are interested in making things more secure. The expertise you bring will be valued and will help others develop a security mindset and think like an attacker.

Requirements

• You have an interest in security and want to develop your security knowledge, skills, and abilities. • You have at least 8 years of experience working in security. • You have led significant security projects with a team of engineers that were delivered successfully and impacted multiple functions. • You have programming skills in at least one scripting language (like Python). • You have a keen eye for spotting problems and figuring out how to exploit them or defend against them, and don't like to let them go unfixed. • You're able to collaborate effectively with coworkers on different teams. You can explain technical concepts without jargon, and keep security relatable. A big part of the job is helping others across the company solve security problems. • You are willing to find creative ways to improve security without blocking others. Security is important, but it's just as important for people to be able to do their work, and we need to find the right balance and make security easy for people.

Benefits

• Annual learning and development stipend • Full-time, exempt remote position