Staff Security Engineer, DevSecOps

Remote or San Francisco; Must reside in the U.S.

Full-time

Overview

Play a leading role in baking in Security at every level of Informed.IQ’s serverless cloud native, machine learning platform. Customer and auditor facing responsibility for Industry and Customer Security Compliance. As a member of our Platform Engineering team, help us iterate our tools and techniques to support rapid development iterations, DevSecOps culture and GitOps driven CI/CD systems. Automate all things securely to ensure we smoothly handle our rapidly accelerating growth in customers, traffic and new products.

Responsibilities

• Lead technical/security aspects of SOC2 and other Industry Security Compliance Audits
• Customer facing lead of technical/security aspects at pre/post sales Customer Security Audits for large banks & lenders
• Proactively identify, prevent and mitigate vulnerabilities and reduce the attack surfaces
• Lead, automate and maintain security incident response process and post event forensics – Contribute to business and service continuity & Disaster Recovery
• Set secure coding best practices and participate in the code review process
• Identify, assess, and integrate outside services that make us more efficient.
• Participate in collaborative, DevOps style, lean practices with the rest of the team

About You

• 5+ years experience in DevSecOps related positions
• Ability to thrive in a start-up environment, self-motivated and ingrained sense of end-to-end ownership of projects
• Strong attention to detail, excellent analytical capabilities and a passion for building robust platforms for accelerating delivery to production.
• Ability to write thorough, scalable and clear code and documentation as needed

Highly Desirable Experience (We don’t expect anymore to have all of these)

• Extensive support of high compliance environments such as SOC2, ISO 27000X, PCI
  • Supporting both compliance audits & large bank 3rd party audits
  • Speaking to clients to help them understand the security posture of the application
  • Writing Security policies to utilize industry best practices
• AWS Services particularly IAM Identity Center, Organizations, Serverless
  • Security detection tooling like AWS CloudTrail, GuardDuty, Macie, Security Hub
• Architecting & building Identity and Access Management in AWS & Google Cloud
• Software SDLC and Vulnerability Management (Snyk, SAST,SCA,DAST, etc)
• Investigating and leading Security Incidents in a public cloud environment
• CI/CD pipelines, penetration testing, software scanning, security best practices, high availability and disaster recovery
• Solid understanding of computer networking especially in a public cloud environment.
• Creating security training material and training teams in security best practices.

Bonus Points

• Expertise with Python, Ruby, Rust or another high level language.
• Contributed to Open Source projects
• Experience writing infrastructure as code (Terraform) to build and deploy applications
• Experience with AI, ML, MLOps
• BS/MS/PhD in Computer Science/Engineering

Benefits and Perks

• Competitive salary and stock options: $170,000-$220,000
• Healthcare, dental, and vision partially paid by company
• Two weeks of paid time-off in addition to seven paid company holidays

Our Company

Informed, Inc. is a well-funded ($20M) Series A start-up in San Francisco Bay Area with a steady and growing revenue stream helping banks automate loan funding and account opening by turning documents into decisions. Our customers include most of the top 5 banks and lenders in the automotive industry. Informed’s SOC2 Compliant Software-as-a-Service leverages state of the art machine learning and AI technologies to instantly verify income, assets, residence, insurance and other consumer data points, enabling real-time and more reliable credit decisions that better comply with Fair Lending laws.

Informed, Inc. is an EEO employer that actively pursues and hires a diverse workforce. We do not make hiring or employment decisions on the basis of race, color, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender-identity, sexual orientation, disability, age, military or veteran status, or any other basis protected by applicable local, state, or federal laws. We strive to create a healthy and safe workplace where harassment of any kind is strictly prohibited. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

To apply, send your resume to jobs@informediq.com. We’d love to hear from you!