At SimpliSafe, we design, develop, manufacture, and sell our own line of wireless, connected home security systems: home sensors, cameras, and locks. Our technology and service platform secures the homes of millions of Americans without the hassles, long-term contracts, or fees of traditional Home Security. Protecting our customers and their families is a tremendous responsibility, so we are doubling our Information Security team to help build, develop and drive our security program. Each new product release has unique and complex problems to unravel.

As a Senior Security Engineer, you will partner primarily with our Operations teams (Cloud engineering, Network, and IT) and Managed Security Services providers to implement, configure, test, and respond to security controls and alerts to protect systems and assets from security incidents. Building on our strong security-conscious culture, you will frequently face captivating security challenges, including response automation, engineering for Zero-Trust, and be trusted to oversee SOC operations. This will require you to balance the needs of the business with robust security controls: prevention, detection, and response for networks, endpoints, and identities.

Are you passionate about securing people and their data in a rapidly growing business with ambitious goals? Can you nurture Engineering teams’ security mindset to help detect and respond to advanced adversaries’ Tactics, Techniques, and Procedures (TTPs) with the right automation? Are you invested in identifying exposed systems and access controls, finding and prioritizing threats to defeat attacks, and improving continuously? If so, you should fit right in - do apply!

Strong candidates will demonstrate experience in security operations and incident response but prefer implementing proactive controls with automation ingenuity (on existing and new layers of protection). They will be comfortable with at least one scripting language and proficient in cloud infrastructure management on platforms such as AWS or Google Cloud.

Responsibilities:

• Drive readiness and resolution for incident detection & response

• Accountable for SOC operations/management and administration of Enterprise SIEM

• Automate containment and recovery techniques (such as orchestrating response)

• Teach and raise awareness of relevant security operations: tabletop exercises, threats, TTPs, and NIST/SANS’ top security controls

• Identify/deploy/manage appropriate defense in-depth controls (EDR/IPS/IDS/DLP/CSPM)

• Harden network segmentation and perimeter controls, including client access and other VPNs and WAF in front of public-facing web applications 

• Coordinate mitigation for vulnerabilities, DDOS, brute-force, or credential stuffing vectors

• Drive network, host-level, and application-level alert detection strategies for deployed assets and workloads

• Blend with and understand our agile-based software development methodologies

• Partner with Architects and tech leads for continuous improvement (e.g., AuthN/AuthZ)

• Collect metrics from tooling and use them to help steer security strategy

About You:

• You love building relationships working with teammates across multiple functional business units, as key to your pragmatic mindset and vigilance towards business operations impact

• Have a curious, investigative mind, a deep interest in information security, and the ability to communicate complex ideas to varied audiences plainly and concisely

• Solid understanding of information security and computer systems and cloud concepts, encryption protocols, and networking protocols

• No shortage of incident response war stories to share; even better if they include executive-level engagement

• Willingly navigate ambiguity with humility, inquiry, and a growth mindset to understand and adapt.

• You have several years of experience with at least one programming language and a terminal emulator

• CEH, CompTIA Security , or a background in PCI and/or GDPR compliance is a plus

• Experience with active roles in security monitoring on one or more SIEM technologies

• Proficient with AWS security best practices and solutions

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Likewise, we are committed to full support of qualified individuals in hiring and employment. In keeping with this commitment, we will work with qualified individuals with disabilities to assess whether a reasonable accommodation may be provided to perform the essential functions of their role, absent undue hardship. If a reasonable accommodation may be needed to fully participate in the job application or interview process, to perform the essential functions of a position, or to receive other benefits and privileges of employment, please contact people.operations@simplisafe.com.