Senior Security Program Engineer

Who You Are

We are looking for a Senior Security Program Engineer to be the cornerstone of our product security efforts, embedding security into the DNA of our groundbreaking technology from the ground up. Security is not an afterthought; it is the bedrock of trust for our customers.

We are seeking a team member located within one of the following areas: USA or Canada.

• In the United States, we accept applicants located in the following states: California, Colorado, Connecticut, Georgia, Florida, Indiana, Maryland, Minnesota, Missouri, Nebraska, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Washington. 

• In Canada, we accept applicants located in the following provinces: Ontario, British Columbia, and Alberta.

Responsibilities

• You will own Phaidra’s Product Security Program, developing and integrating cloud & application security into our Security Development Lifecycle practices.

• You will engage our Engineering, Research, and our Developer Corps, facilitating threat modeling and other threat informed practices driving greater security and resiliency across our service set.

• You will design secure infrastructure and reference architectures  and drive their implementation to secure Phaidra and its customer facing networks and systems.

• You will build security tools and processes to protect, monitor and remediate critical infrastructure using DevSecOps and SRE methodologies.

• You will help secure our CI/CD pipeline.

• You will conduct security reviews of core IT and production infrastructure.

• You will work with GCP and on-premise hosting platforms using Cloud Native technologies like Kubernetes.

• You will build and maintain cross-functional relationships with internal teams to drive initiatives.

Key Qualifications

• 5+ years of work experience.

• Bachelors or Masters in Computer Science, cybersecurity, or equivalent experience.

• Proven experience with Cloud and Networking infrastructure on AWS, GCP or Azure.

• Good understanding of the Linux Operating System, Networking, Security Monitoring, Intrusion Detection & Response, Authentication & Access Control and Security Protocols.

• Proven experience with Web Application security assessments and penetration testing.

• Programming experience, ideally with Python, Go or Bash scripting.

• Experience with Terraform or other configuration management tools like Jsonnet, Kapitan, Helm or Kustomize.

• Familiarity with DevOps and SRE principles.

• Share our company values: curiosity, ownership, transparency & directness, outcome-based performance, and customer empathy.

Our Stack

• Languages - (Backend) Python, Go; (Customer SDK & Clients) C# .NET

• Docker, Kubernetes, Terraform & Kapitan

• Gitlab CI, ArgoCD, Atlantis

• GCP - GKE, PubSub, CloudSQL, BigTable, Postgres, etc.

• REST & gRPC micro-services

• Pantsbuild

Onboarding Plan

30-Day Plan: Foundation and Familiarization

The first month should focus on learning the company culture, technology stack, and current security posture.

Understand the Landscape

• Build relationships with engineers, researchers, and developers to understand the current workflow and security challenges.

• Gain a comprehensive understanding of Phaidra’s existing Product Security Program and Security Development Lifecycle practices.

• Familiarize yourself with the current cloud infrastructure on GCP, on-premise platforms, and the use of Kubernetes.

• Review the CI/CD pipeline and existing security measures within it.

• Become proficient with the company's tech stack, including Python, Go, C# .NET, Terraform, and Kubernetes.

Initial Assessments

• Conduct initial security reviews of core IT and production infrastructure to identify immediate risks.

• Begin participating in threat modeling exercises with the engineering teams.

• Review existing security tools, processes, and monitoring capabilities.

60-Day Plan: Taking Ownership and Initiating Projects

The second month should shift towards taking ownership of key responsibilities and starting to implement improvements.

Program Ownership:

• Take full ownership of the Product Security Program, beginning to develop and integrate cloud and application security enhancements.

• Start designing secure infrastructure and reference architectures based on initial assessments.

• Identify gaps in the existing CI/CD pipeline security and begin proposing solutions.

Hands-On Implementation:

• Begin building or enhancing security tools and processes for monitoring and remediation, utilizing DevSecOps methodologies.

• Engage in web application security assessments and penetration testing to identify vulnerabilities. 

• Start applying knowledge of Linux, networking, and security protocols to harden systems.

90-Day Plan: Driving Impact and Future Strategy

By the end of the first three months, the focus should be on demonstrating tangible results and planning for the future.

Driving Initiatives

• Drive the implementation of the secure infrastructure and reference architectures you designed.

• Have new security tools or processes in place to protect critical infrastructure.

• Demonstrate measurable improvements in the security and resiliency of Phaidra's services.

Strategic Contributions

• Establish yourself as a key security partner for the Engineering, Research, and Developer Corps. 

• Present a strategic roadmap for the future of the Product Security Program, outlining key initiatives for the next 6-12 months.

• Showcase how your work aligns with and upholds company values such as ownership, transparency, and customer empathy. 

General Interview Process

All of our interviews are held via Google Meet, and an active camera connection is required.

• Meeting with People Operations team member (30 minutes): The purpose of this interview is to meet the candidate, learn more about their background, discuss what they are looking for in a new position, and cover formalities around their application.

• Meeting with Hiring Manager (30 minutes): This is an introductory call with the hiring manager so that the candidate and the hiring manager can get to know each other better. It will mainly focus on the candidate’s previous experience and technical background. This meeting is also meant to enable candidates to ask any questions about the team and role. 

• Meeting with Infrastructure & Connectivity (45 minutes): The purpose of this meeting is to gauge the candidate's technical understanding and their ability to contribute in areas such as software engineering, infrastructure, and SecOps.

• Meeting with Product Development (30 minutes): The purpose of this meeting is to evaluate the candidate’s ability to integrate with product development, understand their challenges, and collaboratively work to integrate the Product Security program into Product Development’s standard work processes.

• Culture fit interview with Phaidra’s co-founders (30 minutes): This meeting is meant to provide the co-founders insight into how the candidate thinks, how they approach working with others, and how they operate on a daily basis. 

Base Salary

• United States Residents: 113,000 USD - 185,000 USD

• Canada Residents: 103,000 CAD - 139,000 CAD

This position will also include equity.

These are best faith estimates of the base salary range for this position. Multiple factors such as experience, education, level, and location are taken into account when determining compensation.