Staff Security Engineer
This job is being posted to the TAO job board because it is potentially open to remote candidates. Feel free to contact me if you’d like to learn about Optimizely before applying. I am a PDX-based remote Optimizely employee. Josh.Schoonmaker@Optimizely.com
Optimizely is focused on unlocking digital potential and we are the recognized category leader in Digital Experience Platform (DXP) and created the category for A/B Testing and experimentation software. We have incredible customers – isn’t that one of the most important aspects of looking for your next job? Optimizely has over 9,000 brands from global organizations such as Visa, Sky, Yamaha, Wall Street Journal to tech innovators like Atlassian, DocuSign, FitBit and Zillow.
Not only are we financially sound and growing but we have unicorn status: Exceeded $300M in revenue in 2020, is profitable already, and has all strategic options ahead of itself. Optimizely continues to invest and addresses a market opportunity north of $30 billion, providing significant personal career growth opportunities.
We are an inclusive culture with a global team of 1200+ people across the US, Europe, Australia, and Vietnam. We blend European and American business culture with emphasis on teamwork, inclusion, and moving fast. People make the difference!
If you are looking to work on the next generation of digital technologies in a fast-paced, hyper-growth environment, apply! We’re just getting started...
Security is in the foundation of over 9,000 customers’ trust in Optimizely. In this role, you will help lead our security program that enables security being baked into all of the products and infrastructure built at Optimizely. The responsibilities of this role are a blend of security engineering, software engineering and project management. If you’re a senior level security engineer looking to get into a leadership position, this is a great opportunity for you to have impact across a global engineering organization and build a world-class security program.
- Help lead the software security program at Optimizely- ensure that security is baked in to everything we build at every step of the software development lifecycle
- Maintain our software security awareness program and ensure 100% of engineers stay informed annually of top security risks and best practices
- Create security policy, standards, procedures and guidelines for engineering
- Perform security reviews of Product Designs, and Technical designs
- Measure and grow security maturity across the business
- Assist in the triage of security issues and provide recommended fixes
- Work across teams to facilitate independent security assessments and penetration tests
- Evaluate new tools, processes, and frameworks; Drive adoption of the best ones
- Maintain a high level view of security posture, and gaps with a focus on driving down risk in critical areas.
- Software engineering, or cloud engineering background at a SaaS company. You may not be coding often, but you will need to be comfortable reviewing and discussing code with a diverse set of engineers
- Familiarity with cloud security, particularly AWS and Azure Security concepts. You will be collaborating with the Reliability Engineering organization to bake AWS, Azure and GCP security best practices into our infrastructure.
- Experience with security activities throughout the software development lifecycle- design reviews, threat modeling, code reviews, tooling, penetration testing, incident response. You will act as the Security Partner for one or more Engineering teams to facilitate these practices.
- Able to influence without authority and have excellent teamwork skills
- Exceptionally clear communication skills- you'll need to communicate effectively and build relationships with all levels and roles at Optimizely
- Worked in a fast growth startup environment
- Implementing software security programs like the Security Development Lifecycle at a SaaS company
- Must be proficient in at least one language such as Python, Java, or Golang
- An understanding of common application security problem spaces, and frameworks to mitigate or remediate
- Thorough knowledge of OWASP Top 10
- Deep knowledge of cloud security concepts and applications
- Bachelor’s Degree in Computer Science or equivalent experience