The Senior Security Engineer will identify security risk in the corporate network, communicate those risks to management and assist with the mitigation efforts. Common technologies this position will need to work with include vulnerability scanning, intrusion detection, SIEM, database monitoring, and file integrity monitoring. The Senior Security Engineer must have the ability to document policies and procedures and keep them updated according to industry compliance requirements.
The Senior Security Engineer primary job responsibilities include:
- Determine, monitor and maintain our security posture, in collaboration with Engineering.
- Perform security audits
- Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients
- Select and acquire additional security solutions or enhancements to existing security solutions to improve overall enterprise security
- Oversee and manage the deployment, integration and configuration of security solutions and of any enhancements to existing security solutions and the enterprise’s security documents.
- Develop and maintain threat models for cloud environments and train engineering teams to develop attacker/risk driven design skills
- Provide deep expertise to engineering teams on SDLC practices including secure design, secure development, secure testing, security runtime for software and firmware development
- Actively partner with infrastructure, application and other stakeholders to ensure deployed solutions minimize security and privacy risks.
- Maintain up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks.
- Maintain Incident Response Program.
- Recommend actions/practices to management in order to ensure compliance with security and regulatory requirements in decision-making processes.
- Suggest actions in order to mitigate risk in any activity that potentially impacts security of existing IT and information management.
- Craft responses to client and partner security questionnaires
Key Skills and Experience
- B.A. or B.S. (or higher level degree) in Computer Science or a similar engineering program with strong academic performance preferred
- 4+ years of information security experience
- CISSP, CISA, CEH, OSCP or other information security certification
- Perform security reviews of application designs, source code and deployments
- Must have knowledge and stay up to date on the latest security advisories, alerts and vulnerabilities.
- Strong verbal and written communication skills for a highly collaborative environment
- Rigorous attention to detail and focus on quality of deliverables
- Familiar with AWS services like EC2 & ECS, WAF & VPC configuration & IAM rules.
- Familiarity with something like Terraform/CloudFormation.
- Comfortable with Python and able to read Java when necessary.
- Proven team experience and comfort in a team-oriented environment
- Passion for working with technology and excitement for creating high quality consumer technology product
Why work for EnergyHub?
- Collaborate with outstanding people: Our employees work hard, do great work, and enjoy collaborating and learning from each other.
- Make an immediate impact: New employees can expect to be given real responsibility for bringing new technologies to the marketplace. You are empowered to perform as soon as you join the team!
- Gain well rounded experience: EnergyHub offers a diverse and dynamic environment where you will get the chance to work directly with executives and develop expertise across multiple areas of the business.
- Work with the latest technologies: You’ll gain exposure to a broad spectrum of IoT, SaaS and machine learning challenges, including distributed fault-tolerance, device control optimization, and process modeling to support scalable interaction with disparate downstream APIs.
- Be part of something important: Help create the future of how energy is produced and consumed. Make a positive impact on our climate.
- Focus on fun: EnergyHub places high value on our team culture. Happy hours and holiday parties are important to us, but what’s also important is how our employees feel every single day.
EnergyHub is a growing enterprise software company that works with the most forward-thinking companies in smart energy. Our platform lets consumers turn their smart thermostats, electric cars, water heaters, and other products into virtual power plants that keep the grid stable and enable higher penetration of solar and wind power. We work on technology that already provides energy and cost savings to millions of people through partnerships with the leading companies in the Internet of Things.
EnergyHub offers a generous benefits package including 100% paid medical for employees and a 401(k) with employer match. We offer a casual environment, the flexibility to set your own schedule, a fully stocked fridge and pantry, free Citi Bike membership, secure bike rack, gym subsidy, paid parental leave, and an education assistance program.
EnergyHub is an Equal Opportunity Employer
In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we may collect include your name, government-issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future positions, recordkeeping in relation to recruiting and hiring, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.