About This Position
As a Security Engineer at Ellevest, you will work hands-on across the organization to provide security support to protect sensitive data like client information and actively monitor our systems. You work directly with the Product organization and review workflow security. You will work with Ellevest engineers on secure development practices and security code reviews, and to proactively identify and fix security vulnerabilities. You will also work closely with the Fraud team to continuously review fraud and ATO controls.
In this role, you will work to maintain and enhance our information security program to create the safest environment for Ellevest members and data, and you’ll play a vital role in scaling and automating security infrastructure and procedures. This is a role on our remote-first team.
- Maintain and enhance information security program
- Develop and implement workflow for entitlements review, onboarding and offboarding in a SaaS world
- Develop, monitor, and investigate security events across the organization, including application vulnerability reports, SIEM events, DLP events, NGAV events, etc.
- Improve and maintain application security products, including vulnerability scanners
- Create efficiencies around logging, correlation, and auditing capabilities
- At least 1 year of experience in Information Security
- Proficiency in one or multiple areas such as Windows, Unix, anti-virus, firewalls, intrusion detection
- Scripting (Python, BASH, Perl, or PowerShell), coding or other development experience.
- Knowledge of security event management, network security monitoring, log collection, and correlation.
- Understanding of Cloud Security
- Knowledge of OWASP Top 10
- Bachelors in Computer Science with some concentration in Information Security or security-specific certifications that demonstrate equivalent proficiency