Senior Security Engineer
The Security Ops & Engineering job family is responsible for the operation and engineering of technologies that deliver Security services. General areas of responsibility include enforcing authorized access to BillGO’s IT infrastructure, applications, and services, in addition to prevention, detection, and response to Security threats. Positions in Information Security are responsible for designing, operating, and monitoring systems which ensure the integrity and security of BillGO’s systems and data.
The Senior Security Engineer role is a member of the Security Operations & Engineering Team, whose mission it is to ensure that Security Services are always available and meeting the needs of the business. This includes stewardship of all technologies delivering Security Services, including monitoring, operating, restoring, integrating, and extending these technologies and Security Service Offerings, in a manner that achieves our business goals and meets compliance and regulatory objectives.
This position requires strong partnership with IT, Security, business, and third-party stakeholders, to ensure that BillGO can execute its business plans.
What’s in it for you? A competitive salary, ownership shares, fun, and a fix for your sweet tooth:
- Pay and Benefits: We offer competitive pay and benefits, including PTO, holiday pay and free parking
- Tools: We provide the tools you need to do your best work
- Owner’s Club: You’ll be granted ownership shares (stock options) so you have real skin in the game
- Snacks and Drinks: We have a diverse selection of goodies
- Work/Life: We work hard, but also know you need a life outside BillGO
The Senior Security Engineer is a unique position that requires a broad technical background. Key factors for this position are not only technical aptitude, but also being a problem solver, continuous learner, self-starter, and great collaborator. The ideal candidate will have experience working – and thriving! - in a fast-paced environment.
RESPONSIBILITIES
Security Engineering (80%)
- Provide subject matter expertise and technical stewardship across a broad range of technical platforms and service offerings
- Ensure that Security Services are always available
- Ensure that appropriate maintenance, monitoring, automation, and response procedures are in place, to meet Security and availability objectives
- Conduct operations in a quality manner, in accordance with our ITIL and other documented processes
- Gather, analyze, and report on Service consumption, availability, and value delivered to our customers
- Partner with IT stakeholders to engineer, implement, and enhance technical platforms and related Service Offerings on an ongoing basis
- Develop engineering patterns that facilitate the re-use of Services in a safe, efficient, and compliant manner
- Create/maintain diagrams of Security platforms and services
- Serve as a technical resource on various initiatives
- Advocate for new/enhanced Security Services on behalf of all stakeholders
- Hold technical debt to minimum possible
- Contribute requirements to technology selection process
- Develop/maintain Security-related governance (standards and procedures) in alignment with overall Security objectives, governance, risk, and compliance/GRC
- Participate in testing and QA processes as required, to ensure that Service Offerings perform as expected
- Partner with business and technical consumers of Security Service Offerings, to ensure that requirements are being met, future needs understood, and supporting roadmaps are developed to anticipate those needs.
- Partner closely with stakeholders that maintain data or systems that are integrated with our Security platforms (eg. ADP/People Ops, Cloud Engineering, Application Development teams, and others)
- Learn and attend training related to monitoring, ongoing support, routine engineering, and operation of new and existing Security platforms and services
Leadership (20%)
- Maintain awareness and commitment to company goals/targets and ensure that deliverables are aligned accordingly
- Serve as situational team lead, for any return-to-service or other troubleshooting events, to drive issues to resolution and communicate status and outcomes to Security Leadership Team/SecLT
- Establish and maintain good working relationships with all Security Ops & Engineering customers and other Security, IT, 3rd-party, and business stakeholders
- Understand customer and overall company objectives, to develop support strategies that map to Security Service Offerings
- Drive enterprise adoption and re-use of Security Services and related engineering patterns
- Mentor Security peers and others, including training on new administrative functions, sharing best practices, and cultivating ideas and subsequent business cases
Prior Experience
- Minimum of Six (6) years of experience operating and integrating a wide variety of Security systems/platforms/solutions is preferred to perform at expectation. Applies in-depth advanced knowledge and skills with an understanding of external environment factors that may affect own specialist area. Provides expert advice, coaching, and counseling within discipline/functional area.
Technical and Professional Skills
- Ability to collaborate with, lead, and motivate individuals within and across teams, as situations require
- Must be able to organize and prioritize work and manage to deadlines
- Excellent written, oral, instructional, presentation, and interpersonal skills
- Must be self-motivated, proactive, creative, and efficient at identifying, understanding, and proposing solutions to environmental issues/challenges
- Identifies solutions to problems through application of analytical skills to data
- Ability to work with all levels of the organization, from front-line developers to senior leadership
- Demonstrates strong leadership qualities that can be used to guide a project
- Must have direct operational ownership and experience managing multiple Security systems/platforms/solutions, including aspects of monitoring, configuring, integrating, troubleshooting, and returning to service
- Experience with one or more Cloud Service Providers (Amazon AWS, Microsoft Azure, Google Cloud Platform/GCP, Oracle Cloud Infrastructure/OCI) required, AWS preferred
- Experience with a Cloud Access Security Broker/CASB preferred
- Experience with a cloud and endpoint-based Data Loss Prevention/DLP solution preferred
- Experience with modern Endpoint Security and Endpoint Detection and Response/EDR solutions preferred
- Experience with Vulnerability Scanning/Mgmt platforms a plus (eg. QualysGuard, Tenable, Rapid 7, etc.) preferred
- Experience with Identity and Access Mgmt/IAM, Identity and Access Governance/IAG, and Privileged Access Mgmt/PAM platforms preferred (eg. Okta, SailPoint, Oracle OIM, etc.) a plus
- Demonstrated understanding of Security Controls and their tie to Governance, Risk, and Compliance
- Experience with Security tooling/processes that touch the CI/CD pipeline a plus
- Experience with Windows and Linux operating systems
- Ability to efficiently operate computers, tablets, and mobile devices
- Certifications not required, but SSCP (Systems Security Certified Practitioner) or CISSP (Certified Information Systems Security Professional) desirable
- Experience creating diagrams using LucidChart and/or Visio preferred
- Working experience with Microsoft Office software, primarily Outlook, Word, Excel, and PowerPoint
- Working understanding of the SDLC and QA lifecycle and methodology preferred
BillGO is re-inventing BillPay, and we need your help. The Senior Software Developer is a unique position that would have a broad technical background. Key factors for this position are not only technical aptitude, but also being a problem solver, a continuous learner, and a great collaborator. The ideal candidate will have experience working with a team to solve big problems in a fast-paced environment.
Responsibilities & Goals:
- Own features of our internal systems, which manage bill payment processing for a client financial institutions.
- Have a deep understanding of the systems: Know the end-to-end processing of a payment presented to the system (component flow), the data model, the API and the details of the components they deliver. Recognize knowledge gaps and proactively seek to fill in those gaps.
- Deliver on-quality, on-time features and tasks assigned with minimal oversight.
- Provide mentorship to key team members and lead by example
Requirements:
- 8+ years of software development experience
- Experience with large database environment
- Experience with high volume message processing
- Experience with Java tech stack
- Experience with cloud environment (preferably AWS, but any experience is valued)
- High tolerance for ambiguity
- Thrives in a fast-paced work environment
- Seeks to understand the whole of how things work beyond their functional area
- Stoked by solving customer issues
- Strong written and verbal communication skills
- Self-starter with the ability to own broad feature areas independently
- BA/BS degree in Computer Science or related major with strong academic record
- Willingness to work in a highly collaborative environment where the belief is that great ideas can come from anywhere
Recommended but not required:
- Experience in payments industry
- Experience in small company environment
The compensation for this role ranges from 130-160k. This range is based on market assessments, and may vary depending on experience and qualifications.