[Hiring] Senior Information Security Engineer @Stack Overflow

Role Description

Stack Overflow is looking for an Information Security Engineer to join our existing team and help us support engineering, lines of business, and our customers. As a Senior Information Security Engineer, you’ll bring your expertise to reduce risk, mentor Security Analysts, and represent our team in cross-functional projects. You’ll also be helping us build a SecOps program and create an infosec ecosystem.

What you’ll work on:

• Lead and contribute to security requirements in designing, developing, and deploying large-scale services and platforms.
• Conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies.
• Design and develop platform-level solutions to promote security-related initiatives and improvements.
• Review source code for potential security issues, recommend and implement fixes.
• Provide specific risk assessment and remediation guidelines for developers and business owners.
• Belief in automation and tooling as a critical part of the software lifecycle.
• Document and disseminate security guidelines for common security issues, remediation guidance, and security baselines.
• Contribute to SOC2 and ISO 27001/27701 audits as needed.
• Work with developers to provide security guidance.
• Actively promote improving the security culture and education within the organization.
• Eager to learn new technologies and solutions.
• Be curious about how systems work and how they fail, design them to be sustainable in the face of failures.

Our ecosystem includes:

• ISMS program built on ISO 27001/27701.
• Cloud - Azure and Google Cloud Platform.
• SSO - Okta.
• Servers - Windows and Linux, VMware Virtual Machines and Cloud.
• Device Management - AzureAD, Carbon Black, and WorkspaceOne.
• Network - Cisco, Fortinet, and OpenVPN WAF, SASE, Zero Trust VPN.
• Development and Tools - Python, Terraform, Puppet, C#, ASP.NET.
• Client Systems - MacOS and Windows.

Qualifications

• Strong verbal and written communication and documentation skills. “Document as you go.”
• Strong desire to secure systems, define and improve processes.
• Familiarity with: Containers, Cloud, Servers, Networking, DNS, and PaaS & SaaS.
• Deep technical understanding of the OWASP Top 10.
• Experience with Splunk or similar SIEM.
• Experience with Nexpose or similar vulnerability scanning tools.
• Experience integrating security tools to work as an ecosystem.
• Solid experience in threat modeling and identification techniques.
• Ability to work with developers to resolve security issues.
• Experience in code reviews, vulnerability detection, and root cause analysis.
• 25+ years of experience in web application security, secure application design and architecture, threat modeling, secure coding, and cryptography.
• Strong sense of ownership, urgency, and drive.
• Self-motivated and proactive, discovering and resolving issues before they become problems.

Benefits

• Competitive Base Salary.
• Generous paid vacation.
• Generous parental leave (16 weeks at 100% pay), family care leave, and unlimited sick days.
• Industry-leading health benefits that are applicable per country of residence for all our full-time employees.
• Company-paid Life Insurance.
• Home Internet stipend.
• Professional allocation for your growth and development.
• One-time allowance to assist with your home office setup.
• Company-paid access to Calm, Bravely, LinkedIn Learning, MyAcademy, and Overdrive.

Company Description

Stack Overflow is a remote-first company with Hiring HUBs based in the US, Canada, UK, and Germany. We are recognized as a Best Company to Work For, in addition to being recognized for Best Company Leadership, Best Company Happiness, Best Company Perks and Benefits, Best Company Work-Life Balance, Best Company Compensation, and Best Company Outlook.

Stack Overflow is proud to be an equal opportunity workplace. We value diversity, inclusion, equity, and belonging, and these pillars are at the heart of how we work together here at Stack. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

For individuals based in California, and other locations where required, we will consider employment qualified applicants with arrest and conviction records.