Senior Security Risk Engineer

We’re seeking a highly collaborative Senior Security Risk Engineer who will help us continue to evolve our Risk function by using engineering principles and data-driven strategies to precisely identify, understand, communicate, and prioritize mitigation of risk.

This role will start out primarily focused on supporting our security metrics program, with a big focus on data engineering and making security metrics easily accessible and highly impactful for stakeholders.

Apply fast, check the full description by scrolling below to find out the full requirements for this role.

What you’ll be doing

• Build and curate security metrics (KPIs, KRIs, KCIs) that provide actionable, real-time risk insights that answer meaningful business questions
• Automate and streamline third-party and internal security risk management processes
• Assist with risk management operations, including risk assessments and risk reviews
• Identify and assess risks using qualitative and quantitative methods, such as FAIR
• Co-create security standards and risk plans with InfoSec and partner team subject matter experts

We’d love to hear from you if you have :

• Experience building security data products at scale, ideally using SQL, dbt, Airflow, Airbyte, Snowflake
• Experience building metrics using data visualization tools, ideally using Apache Superset
• Experience writing code to build on and integrate with web application APIs, ideally using Python and REST APIs

Everyone on our team must have :

• A strong bias toward evidence, logic, math, and reason when communicating risk (instead of fear, uncertainty, and doubt)
• A strong bias toward guardrails, not gates and paved security roads philosophies (instead of rigid centralized command-and-control processes and operating styles)
• Excellent ability to plan, prioritize, and deliver results cross-functionally and in a timely fashion
• Proficiency discussing complex, nuanced topics with technical & non-technical audiences alike, especially software engineers

Bonus points if you have any of the following :

• Experience designing, building, or implementing technical security controls in AWS
• Experience with cyber risk quantification (CRQ) tools and frameworks, such as riskquant and FAIR
• Experience with threat modeling or secure design reviews
• Experience in security operations, security engineering, and / or security architecture
• Experience or knowledge of securing web applications, Kubernetes clusters, and / or containers

The pay range for this role is listed below. Sales roles are also eligible for variable compensation and hourly non-exempt roles are eligible for overtime in accordance with applicable law.

This role is eligible for benefits, including : medical, dental and vision coverage, health savings accounts, flexible spending accounts, 401(k), flexible paid time off and company-paid holidays and a culture of learning that includes a learning allowance and access to a professional coaching service for all employees.

Base Pay Range For US Locations :

$116,000 $174,000 USD

J-18808-Ljbffr