Security Engineer

Hims & Hers San Francisco , CA 94118

Posted 2 months ago

Hims and hers offers a modern approach to health and wellness. Our mission is to eliminate stigmas and make it easier for people to access care and treatment for the conditions that impact their daily lives. That starts with creating an open and honest culture of care that is accessible for everyone, no matter who you are or where you live. Since launching in November2017, we've raised over $200MM in funding and are one of the fastest growing direct-to-consumer brands in history.

The security team designs and builds security architecture, consult with other teams as they build and launch new products and features, proactively plans for the unexpected, and responds to incidents that occur. Our work affects the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps, IT, and Telemedicine. We try to approach security from a software engineering standpoint. We believe in scaling security through automation and tooling and we ship frequently.

About the role:

The mission: Empower the company to ship secure products. Provide clear guidance on how to design, implement, ship and run secure products and implement quality gates across our software delivery pipeline.

We're looking for the right person to join our team to perform service and application security review, and move us along our maturity journey. In order to be scalable, each secure product quality gate must be automated and integrated into our software release pipeline. Our grand vision is a fully automated series of quality controls that constantly validate that our code is secure. In short, we're building a robot army that constantly validates our current security status. Don't you want to live in this beautiful world?

Responsibilities:

  • Collaborate with teams to ensure security best practices are leveraged as we roll out new features and expand our service offerings.

  • Conduct penetration testing, code review and breach readiness across our online and mobile infrastructure

  • Proactively research new attack vectors that may affect Hims & Hers

  • Research and implement automated code security quality gates

  • Build and maintain relationships with key partners both internally and externally

Experience & Skills:

  • Threat modeling, code review, penetration testing against cloud environments and/or mobile (IOS/Android)

  • Conduct code review against one or many of the following languages

  • Python

  • Go

  • Java

  • Swift / Objective C

  • Development skills to automate code security assessments

  • Computer networking concepts and protocols, application and network security methodologies

  • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

  • Present findings, recommendations and results to leadership

  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means

  • Ability to manage multiple tasks and priorities

We are focused on building a diverse and inclusive workforce. If you're excited about this role, but do not meet 100% of the qualifications listed above, we encourage you to apply.

Hims is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Hims considers all qualified applicants in accordance with the San Francisco Fair Chance Ordinance


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Engineer

Esurance

Posted 6 days ago

VIEW JOBS 2/14/2020 12:00:00 AM 2020-05-14T00:00 Summary Esurance is looking for a Security Engineer to join a dynamic and award-winning team of individuals who are committed to making insurance smarter, easier, and dare we say- cooler. As part of a growing company that is focused on providing an outstanding customer experience, you'll have the opportunity to expand your skills and discover your potential. If you're looking for a career at a socially conscious company that offers great benefits — including matching 401k and tuition reimbursement — then you may have just found your new home. Esurance combines the spunk of a startup company with the backing of Allstate (the largest publicly held personal lines insurer in the U.S.) to create a unique, energized, and exciting place to work. Responsibilities The Security Engineer coordinates security responses with and trains engineers from other groups within the IT Function such as the MIS team, the NOCC, Network Engineering and the Production Support organization. This role requires availability for off-hour support and travel within the continental Unites States as needed.Job Responsibilities: * The primary responsibility of the Security Engineer is information security incident management. This includes: * Responds to information security incidents in a quick, effective and orderly manner * Monitors systems, alerts and vulnerabilities * Collects evidence for administrative follow-up or legal action * Conducts postmortems, enhancing controls and training others * Analyzes security incidents and reports finding to management * Documents and maintains the following types of procedures: * Recovery procedures that address specific classes of security incidents such as malicious code, denial of service attacks, breaches of confidentiality and internal misuse of information systems * Contingency plans for system recovery that identify the cause of an incident, detail how to contain the threat and identify corrective action for preserving live systems data * Guidance on how to collect forensic evidence for civil or criminal proceedings * Emergency actions and control procedures that will reduce the likelihood of recurrence Qualifications: * Familiarity with Unix/Linux, Windows Active Directory, OWASP, Network protocols and how to secure them. * Familiarity with with Netscreen, , Palo Alto, Checkpoint or other Firewall tecnologies, various IDS/IPS and SEIM systems. Experience implementing information security controls * Knowledge of other Security systems such as DLP, Application scanning, or Vulnerability assessment. * Demonstrated flexibility in approach and in developing solutions * Demonstrated ability to work independently as well as a member of a team * Demonstrated analytical skill, technical knowledge and practical application of information security at a business aware and technical level * Ability to explain complex IT concepts in non-technical terms * Demonstrated flexibility in approach and in developing solutions * Experience in the Financial Services industry and solid understating of SOX, PCI and SDP compliance requirement * Take charge personality, and the ability to drive a plan to completion * CISSP certification is highly desirable. Other industry standard certifications such as MCSE, CCSE, CCNA, CEH, Security+ or SANS also desirable. Experience / Education: * Bachelor's degree (B.S.) in Computer Science or equivalent job experience * Minimum 3 years security experience in implementing security solutions and processes * Minimum 5 years experience of implementation and maintenance some of the following IT systems, with a security focus; Windows 2008, 2012 server, Remote Access solutions, SSL/IPSEC VPN services, border routers security, firewalls, IP/VoIP network, DNS, WINS, IP network, TCP/IP, SSL certificates and Intrusion Detection System (IDS), IDS Alerts, and IDS signature upgrades, local and wide area networksPhysical Demands and Work Environment: Representative of those that must be met by an employee to successfully perform the essential functions of this job. Must be able to operate a PC and sit for extended periods of time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Why you'll love working for us Esurance offers an exciting total rewards package to include: * Benefits eligibility on day 1 * 401k + company matching * 3 weeks paid parental leave following the birth, adoption or foster placement of a child * Tuition reimbursement & student loan repayment program * Pet insurance discount * Give Time, Get Time volunteer program * And much more! To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions. The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen. Applicants must be currently authorized to work in the United States on a full-time basis Esurance San Francisco CA

Security Engineer

Hims & Hers