Security engineer

About this Role
Writer is seeking a highly skilled and experienced Security Engineer to join our dynamic and innovative team. The Security Engineer will play a crucial role in enhancing our information security and privacy posture by engaging with engineering and operations teams to perform security reviews, threat modeling, and other critical security activities. This role requires a deep understanding of information security principles, a strong technical background, and the ability to collaborate effectively across various teams.

The Security Engineer will report to the Head of Information Security & Compliance, and will work closely with the Information Security Management Leadership, the Engineering, Product, and Design Team, and other relevant stakeholders.

Location(s): London; New York, Austin, Chicago, San Francisco, Remote

????️ Your Responsibilities

• Design and implement robust security architectures that align with industry standards and best practices; ensure that security controls are integrated into the design and implementation of new systems and applications.
• Provide technical guidance and recommendations to engineering and operations teams to enhance the security of our infrastructure; help ensure security is integrated into the secure software development lifecycle (SSLDC).
• Conduct comprehensive security reviews of software applications and systems to identify potential vulnerabilities and security gaps.
• Build and maintain threat models for new and existing applications, ensuring that all potential attack vectors are identified and mitigated.
• Develop and maintain security automation scripts and tools, such as SAST/DAST, to detect and respond to threats; automate security monitoring and alerting using Splunk, ELK, or Chronicle; develop security-as-code practices using Terraform, Ansible, or Kubernetes security policies.
• Harden and secure AWS/Azure/GCP, endpoint, and IAM environments and enforce cloud security best practices.
• Perform offensive activities and proactively hunt for vulnerabilities.
• Participate in the incident response process, providing technical expertise to manage and resolve security incidents; contribute to the development and maintenance of incident response plans, ensuring that they are up-to-date and effective.

️ Is This You?

• CISSP, CISA, or CISM certification is strongly recommended, but not required.
• ISO 27001/27701/42001, SOC-2, PCI DSS, and GDPR knowledge, experience, and qualifications are highly desirable.
• At least 5 years of relevant industry experience in information security, with a focus on security architecture and threat modeling.
• Proven experience in performing security reviews, threat modeling, and risk assessments; strong understanding of information security principles, including confidentiality, integrity, and availability.
• Experience with security tools and technologies, including vulnerability scanners, intrusion detection systems, and security information and event management (SIEM) systems.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Strong problem-solving and analytical skills, with the ability to identify and mitigate complex security risks.
• Ability to work in a fast-paced environment, managing multiple priorities and meeting deadlines.

Benefits & perks (UK full-time employees):

• Generous PTO, plus company holidays
• Comprehensive medical and dental insurance
• Paid parental leave for all parents (12 weeks)
• Fertility and family planning support
• Early-detection cancer testing through Galleri
• Competitive pension scheme and company contribution
• Annual work-life stipends for:
• Home office setup, cell phone, internet
• Wellness stipend for gym, massage/chiropractor, personal training, etc.
• Learning and development stipend
• Company-wide off-sites and team off-sites
• Competitive compensation and company stock options