Senior Security Engineer

RECUR is a technology company that designs & develops dedicated branded experiences that allow fans to buy, collect, and re-sell digital products and collectibles. RECUR is the only blockchain-agnostic NFT platform ultimately giving its brand partners the widest range of distribution and their fan bases the widest range of utility. RECUR also co-authored the recurring royalty standard for NFTs, allowing for creators, artists, athletes, and brands to participate in the secondary sales of their assets in perpetuity.

As a Senior Security Engineer, you’ll lead and be responsible for key areas of RECUR’s security program while collaborating across teams to deliver meaningful and pragmatic solutions.

What do we at RECUR believe makes a great security engineering team? 

Here are our team's core beliefs:   

• We are pragmatic and easy to do business with
• We seek team members who care more about the team’s results than their achievements
• Leadership is tolerant of making mistakes
• Team members help, teach, and mentor one another
• Our mission is clear and we minimize the distractions
• We operate in small teams and empower those teams with ownership and minimize their dependencies
• We encourage self-directed innovation

What you will do at RECUR

• Take the lead in engineering security solutions for our SaaS and public cloud technologies
• Provide security engineering advisory services to your business partners in IT, Risk, Compliance, and Infosec
• Design, build , and monitor technology controls that align with our overall infosec program objectives
• Own security detection and response capabilities

What you bring to RECUR

• Enthusiasm for scalable, reproducible security management
• Experience in Bash, Python or Go for security automation
• Experience handling incident management, including assist engineering teams with incident response
• Self-motivated and creative problem-solver able to work independently with minimal guidance
• Strong ability to work collaboratively across teams
• Experience supporting internal and third-party audits, including driving any discovered issues to resolution
• Experience supporting a bug bounty program
• Conducting risk and controls assessments to identify risks and any associated weaknesses, as well as make recommendations on how to mitigate those risks
• Ability to automate as much work as possible, including using SOAR tooling
• Testing for vulnerabilities and configuration errors using off-the-shelf and custom tools
• Collaborating with others to enhance event monitoring, security alerting, and incident response workflows
• Owning and building relationships with key external stakeholders such as customers, vendors, and auditors
• Ability to manage multiple competing priorities and use good judgment to establish order or priorities on the fly
• Ability to influence internal and external customers to expediently resolve issues and achieve organizational objectives
• Ability to thrive in an “infrastructure as code” environment
• Ability to design and operate controls that are easy to test and audit
• An understanding of standards such as SOC 2, ISO 27001/27002, and the NIST Cybersecurity Framework desirable
• Experience with cloud security monitoring tools like Datadog and Bettercloud is a plus

Benefits & Perks

• Commitment to being a remote-first company & embracing remote work best practices
• Comprehensive insurance plans - health, dental, and vision disability and life Insurance
• Equity in RECUR
• 401(k) with 2% company matching, no waiting period
• Flexible Spending Account and Dependent Care Accounts
• 4 weeks paid vacation, 11 company holidays, 3 floating holidays
• Parental Leave - Primary & Secondary
• $100 per month stipend for internet & cell phone
• Learning and development reimbursement (including online courses, certifications, conferences, seminars, etc.)
• Free monthly subscription to Headspace, Aaptiv, Omada