Security Engineer

About SecurityScorecard:

SecurityScorecard is the global leader in cybersecurity ratings, with over 12 million companies continuously rated, operating in 64 countries. Founded in 2013 by security and risk experts Dr. Alex Yampolskiy and Sam Kassoumeh and funded by world-class investors, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their digital footprint.

Headquartered in New York City, our culture has been recognized by Inc Magazine as a "Best Workplace,” by Crain’s NY as a "Best Places to Work in NYC," and as one of the 10 hottest SaaS startups in New York for two years in a row. Most recently, SecurityScorecard was named to Fast Company’s annual list of the World’s Most Innovative Companies for 2023 and to the Achievers 50 Most Engaged Workplaces in 2023 award recognizing “forward-thinking employers for their unwavering commitment to employee engagement.” SecurityScorecard is proud to be funded by world-class investors including Silver Lake Waterman, Moody’s, Sequoia Capital, GV and Riverwood Capital.

Role Overview:

We are seeking a skilled and motivated Security Engineer to join our growing security team. You will play a crucial role in enhancing and maintaining our internal security posture, as well as contributing to the security of our products and services. This is a hands-on position requiring a solid understanding of various security domains and the ability to operate effectively in a fast-paced environment.

Key Responsibilities:

As a Security Engineer, your responsibilities will include a range of activities essential to our security program, such as:

• Implementing, monitoring, and maintaining security controls across our corporate and cloud environments.
• Participating in the application security program, including supporting security testing, vulnerability management, and secure development practices.
• Managing and improving our identity and access management (IAM) solutions and processes.
• Contributing to our incident response capabilities, including participating in security incident detection, analysis, and remediation efforts.
• Supporting corporate security initiatives, including security awareness training, policy enforcement, and compliance activities.
• Assisting with the third-party risk management program, including security reviews and assessments of vendors and partners.
• Performing regular security assessments, vulnerability scans, and penetration testing (or coordinating external tests).
• Administering and optimizing various security tools and technologies.
• Collaborating with IT, Engineering, and other teams to ensure security best practices are integrated into daily operations and new projects.
• Developing and maintaining security documentation, procedures, and runbooks.
• Staying current with the latest security threats, vulnerabilities, and industry trends.

Required Qualifications:

• 6+ years of progressive experience in a dedicated cybersecurity role.
• Demonstrated experience in Application Security (AppSec) principles and practices.
• Direct experience administering and optimizing key security tools, including Okta (IAM), CrowdStrike (EDR), and Wiz (Cloud Security Posture Management).
• Proven experience with Cloud Security concepts and best practices (experience with at least one major cloud provider required).
• Hands-on experience with Identity Management and Access Control systems.
• Experience participating in Incident Response processes and procedures.
• Understanding of corporate security principles and their practical application.
• Experience with third-party risk management processes and security assessments.
• Solid understanding of networking fundamentals and security protocols.
• Familiarity with common security frameworks and standards (e.g., NIST, ISO 27001, FedRAMP, StateRAMP).
• Excellent problem-solving skills and the ability to work independently and as part of a team.
• Strong written and verbal communication skills.

Preferred Qualifications:

• Experience with specific security tools and platforms such as:
  • IdP
  • Cloud Service Provider
  • Cloud Security Posture Management tools
  • Endpoint Detection and Response solutions
  • Google Workspace (security features and administration)
• Security certifications such as Security+, CySA+, CEH, cloud-specific security certifications (e.g., AWS Certified Security – Specialty).
• Experience working in a cybersecurity vendor environment.

Benefits:

Specific to each country, we offer a competitive salary, stock options, Health benefits, and unlimited PTO, parental leave, tuition reimbursements, and much more!

The estimated total compensation range for this position is $135,000 - $160,000 (base plus bonus). Actual compensation for the position is based on a variety of factors, including, but not limited to affordability, skills, qualifications and experience, and may vary from the range. In addition to base salary, employees may also be eligible for annual performance-based incentive compensation awards and equity, among other company benefits.

SecurityScorecard is committed to Equal Employment Opportunity and embraces diversity. We believe that our team is strengthened through hiring and retaining employees with diverse backgrounds, skill sets, ideas, and perspectives. We make hiring decisions based on merit and do not discriminate based on race, color, religion, national origin, sex or gender (including pregnancy) gender identity or expression (including transgender status), sexual orientation, age, marital, veteran, disability status or any other protected category in accordance with applicable law.

We also consider qualified applicants regardless of criminal histories, in accordance with applicable law. We are committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or accommodation due to a disability, please contact talentacquisitionoperations@securityscorecard.io.

Any information you submit to SecurityScorecard as part of your application will be processed in accordance with the Company’s privacy policy and applicable law.

SecurityScorecard does not accept unsolicited resumes from employment agencies. Please note that we do not provide immigration sponsorship for this position. #LI-DNI