Job Description

Senior Security Engineer

at Striveworks

Austin, Texas or Remote

The Role

As a Senior Security Engineer at Striveworks you’ll be challengedand trustedon day one to be a core contributor to the direction of the company.

Striveworks is a cutting-edge software startup that provides companies with tools to build and support machine learning models at scale. Our team is composed of experts in machine learning, software development, and cloud as well as on-prem infrastructure. We are committed to helping both government and commercial organizations harness the power of AI.

We are seeking an experienced Senior Security Engineer to ensure we provide customers with best-in-class security protection. As a Security Engineer, you will be responsible for identifying and mitigating security risks, as well as implementing and maintaining security tools and processes.

The anticipated base pay range for this position is $140,000$180,000/year. Striveworks’ total compensation package includes a competitive base salary, annual performance-based equity grants, and a lucrative yearly cash bonus.

This position offers a fully remote work environment, or you can work hybrid/onsite at our office in northwest Austin, TX.

The Right Fit

We spend a lot of time during our hiring process talking about shared values.

Why? We passionately believe that fostering an environment where people can self-actualize and pursue greatness is the best way to achieve our individual and collective goals.

What does this mean for you? We want to provide you with the conditions to thrive in an environment where you can achieve your goals, where you know the team shares your goals, and where you make and accept decisions for the team with humility. At Striveworks, we want your say/do ratio to be 1 and to know that being part of a top-tier team means that there is no smartest person in the room. If that makes sense, we’re already on the same page.

What you’ll own and do:

  • Identify vulnerabilities in our software product(s) using the following methods (not an exhaustive list):
    • Black/Grey/White box penetration testing
    • Vulnerability scanning
    • Static Code Analysis
    • Review pull-requests/merge-requests (as requested and/or time permitting)
  • Submit tickets and automate tests for individual issues, and assist in prioritization
  • Mitigate chronic and/or cultural security issues in a variety of ways, including:
    • Evangelization, based on known threat profiles, industry best practices, etc.
    • Targeted training
    • Automated tests in the DevSecOps pipeline
  • Automate the deployment, configuration, and maintenance of security tools, such as log aggregators, firewalls, intrusion detection systems, and security information and event management (SIEM) systems
  • Develop and maintain security policies, procedures, and standards to ensure compliance with industry best practices and regulatory requirements
  • Conduct Information Security training for employees and provide guidance on security best practices
  • Configure and respond to security alerts and incidents.

What we’re looking for:

  • 6+ years relevant experience
  • Extensive knowledge of software security tools and practices, such as vulnerability scanners, penetration testing, secure coding practices, encryption, and access control
  • Strong understanding of web application security and cloud security
  • Familiarity with industry standards and regulatory requirements, such as NIST SP 800-171, NIST SP 800-53, NIST RMF, ISO 27001, SOC 2, and GDPR
  • Experience with scripting and/or programming languages (c.f., Python, Go, Bash, etc.)
  • Familiarity with Git
  • Familiarity with AWS technologies
  • Relevant Examples of tools and practices:
    • Vulnerability scanners, such as Nessus or Qualys
    • Penetration testing tools, such as Metasploit or Burp Suite
    • Secure coding practices, such as OWASP Top 10 and SANS Top 25
    • Encryption standards, such as AES or RSA, and their vulnerabilities
    • Access control methodologies, such as role-based access control (RBAC) and attribute-based access control (ABAC)
    • Web application security practices, such as input validation, output encoding, and session management
  • Excellent communication and collaboration skills
  • Driven, self-directed personality
  • Strong sense of mission and commitment to making a difference
  • Bachelor’s or Master’s degree in computer science, software engineering, or a related field