Description:
The Security team at Guideline is responsible for ensuring that Guideline’s employees, customers, data, and infrastructure are safe and secure. A few of the areas we are currently focused on to achieve this goal includes product security, privacy, cloud security, fraud, identity and access management, and secure defaults for engineering.
We think about reducing risk at Guideline by building platforms that everyone at the company can use, creating an environment where everyone is a partner with security. This includes platforms security uses like our vulnerability management platform or tooling to manage fraud, and platforms our partners use like our third party risk platform or data encryption framework for engineering.
What You Will Work On
- Design, build, and maintain the security team’s technical infrastructure including our vulnerability management platform and SIEM.
- Consult with engineering and product teams, to help them upgrade existing security primitives around things like data encryption, authentication, and fraud detection.
- Identify patterns across our application that would benefit from a unified secure by default framework, and then work with teams to adopt said framework.
- Consult with our partners like legal on privacy risks, and compliance on fraud risks to develop technical controls to mitigate said risks.
- Contribute to our centralized engineering automation platform to add security improvements like auditing, improved just in time access flows, and integrations with existing engineering workflows on things like Github and Slack.
What We're Looking For
- 8+ years of professional experience designing, building, and maintaining large-scale backend software products and systems
- Experience working on high availability security services like authentication, data encryption, or fraud platforms.
- Familiarity with mature engineering-centric security programs like vulnerability management or security architecture reviews.
- Track record of building resilient and maintainable systems in complicated business domains at scale
- Expert knowledge of a server-side language such as Ruby, Python, or Node
- Comfortable with ambiguity; you enjoy figuring out what needs to be done and setting appropriate deadlines and milestones to achieve business objectives