Senior Security Engineer

Anaplan San Francisco , CA 94118

Posted 2 months ago

Anaplan is looking for a self-motivated SENIOR SECURITY ENGINEER to join our growing global Engineering team, based in our San Francisco office.

As a Senior Security Engineer, you will help drive the Product Security Architecture; Research function(s) for Anaplan development services. You will also be responsible for working with the other Engineers, Architects and Security teams across Anaplan, collectively providing guidance and strategies that improve the security posture for our employees and data. You will be working with business customers, Engineering management, infrastructure, development, project managers and other security teams to shape the vision, structure, standards and plan for solutions that support Anaplan's strategic business direction.

You'll join a team of individuals who embrace and respect diverse perspectives, aren't afraid to push boundaries and try new ideas and are passionate about helping our customers and each other succeed. We work hard, but we also don't wait for an excuse to have fun. In fact, we're so serious about it that it's one of our core values!

Located in the heart of the SOMA district, you can feel the excitement and energy of what we do at Anaplan when you step into our San Francisco office. We're a high-growth company developing best-in-class solutions to planning at an enterprise scale. Our customers rely on Anaplan as an always-on shared source of truth as they navigate the constant change and planning required to stay on top in the marketplacewe're pioneering the Connected Planning discipline to help business make decisions more quickly and decisively than ever before.

More about the role:

  • Conceive of and collaborate on novel ideas to identify risks at scale.

  • Rapidly prototype to assess effectiveness of project ideas.

  • Create tools/scripts to find AppSec risks at scale.

  • Stay on top of cutting-edge AppSec best practices, tools, etc., and assess their utility at Anaplan.

  • Understand new technologies and their strengths/weaknesses in the context of AppSec tooling.

  • Perform operational security reviews of feature implementations

  • Perform regular secure coding & secure design workshops for developers

  • Perform risk assessments of new and emerging threat types

  • Interface with QA teams by implementing automated security unit and functional tests

More about you:

  • Bachelor's degree in Computer Science, Engineering or a related discipline preferred, and substantial commercial experience in a similar role.

  • Prior experience in building pragmatic and effective security testing techniques/tools is a big plus.

  • Experience in threat modelling web applications and microservices.

  • Strong understanding of Modern Auth (SAML 2.0, OAuth)

  • Strong understanding of SSL certificate management, PKI, CA and their use.

  • Deep knowledge of web protocols and standards.

  • Experience in containers and their hardening/security

  • Clear understanding of security concepts e.g., Authentication, Authorisation.

  • Deep knowledge of application security vulnerabilities (OWASP Top 10) and mitigation techniques.

  • Knowledge of emerging threats, mitigations and industry trends.

  • Experience with SAST, DAST tools

  • Prior experience of AWS, GCP services and architectures

  • Experience with GCP is a Huge plus

You have a genuine passion for security, a respect for the development process and a firm desire to help improve our products. You thrive in an environment that deeply values collaboration, feedback and learning.

You believe that quality is something we all take ownership of, and write high-quality, testable code. You have experience using Test Driven Development and more importantly, you want to make use of that experience. You can apply Agile development principals and push for modern best practices in software development and deployment.

What We Offer:

  • A rewarding, progressive career with a company that values diversity and understands the need for a good work/life balance.

  • Market-leading salaries combined with bonuses, and a comprehensive range of benefits.

  • Regular Agile meet-ups, events and hackathons.

  • Flexible working, a well stocked kitchen, and plenty of parties & events.

  • 3 days of paid leave every year to help support the charity or cause of your choice.

  • Huge problems to solve you will constantly be learning and pushing boundaries, working with some of the smartest people around!

About Anaplan

Anaplan (NYSE: PLAN) is pioneering the category of Connected Planning. Our platform, powered by our proprietary Hyperblock technology, enables dynamic, collaborative, and intelligent planning. Large and fast-growing global enterprises use our solution to connect people, data, and plans across the business, enabling real-time planning and decision-making in rapidly changing business environments. Based in San Francisco, we have over 20 offices globally, 250 partners, and over 1,200 customers worldwide.

Learn about our history, see our recognitions and achievements, and take a look at what it's like to work at Anaplan.

Get to know more about working at Anaplan by checking out our social channels. #AnaplanLOVE

Facebook

Twitter

Instagram

YouTube

CAN'T FIND THE PERFECT ROLE FOR YOU? NEW OPPORTUNITIES ARE OPENING UP DAILY: ANAPLAN.COM/CAREERS

Anaplan is committed to equality and diversity in the workplace and all aspects of employment, including the decision to hire, promote, discipline, or discharge, is based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, national origin, religion, marital status, physical or mental disability, medical condition, gender, sexual orientation, or any other status protected under applicable law.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Security Engineer

Reddit

Posted 5 days ago

VIEW JOBS 10/17/2019 12:00:00 AM 2020-01-15T00:00 "The front page of the internet," Reddit brings over 330 million people together each month through their common interests, inviting them to share, vote, comment, and create across thousands of communities. Come for the cats, stay for the empathy. The Reddit Security team is rapidly developing and this is an opportunity to get in and have an outsized impact on a highly skilled and motivated team. We look for humble experts with a relentlessly resourceful and entrepreneurial, "can do" view of security. We want to deliver facts and not FUD to the business to enable Reddit to manage risk more effectively. Culture is important to us and a learning and developing mentality is vital regardless of the work assigned. If you like creating data security and privacy protection solutions while increasing the speed of the business, we need you at Reddit. We hold the privacy of our users as core to our mission at Reddit and that means ensuring that any access to user data is detected, governed, auditable and appropriately scoped for a business purpose. Evolving our information security detection, internal authorization and anti-abuse measures is vital to our success. This role will be responsible for the large scale design and implementation of data governance, privacy protection solutions and working with application and shared service teams to continuously design and deploy robust identity and access controls to protect critical assets and data. Primary Job Responsibilities: * Write proof of concept implementations for difficult security challenges in identity, authorization, cloud control planes, tokenization and encryption. * Triage large scale security, performance, resilience or scalability challenges at Reddit as it grows. * Ensure that internal and external identity technology and privacy controls provide direct support for Reddit Privacy Principles, Security policies and other regulatory requirements. * Proactively identify potential sources of security risk, prioritizing them based on various factors (level of effort, budget, timing, operational requirements and business priorities), and provide recommendations on paths forward. * Provide information security technical leadership and guidance for operational teams, leading to an atmosphere of continuous improvement and innovation. Qualifications: * Degree in Information Systems, Information Security, Engineering, or equivalent work experience. * Ten (10) or more years of related experience in Information Security or Security Engineering roles. * Experience with modern DevSecOps practices, static/dynamic analysis, security orchestration, vulnerability management. * Experience with cloud security auditing and monitoring. AWS and GCP. * Auditing and security design experience for infrastructure orchestration tools and service mesh: Consul, Envoy, Spinnaker, Kubernetes. * Familiarity with and understanding of security best practices for application security for frameworks using Python, GoLang, NodeJS. * Ability to work on and continuously deliver on numerous competing priorities simultaneously. * Excellent analytical, problem solving, technical writing, verbal communication, and interpersonal skills. * Excellent communication skills with the ability to interact with teams, be a thought leader, and drive innovation. * Excellent communication skills with the ability to interact with global teams, develop staff, be a thought leader, and drive innovation. Extensive understanding of IT risk and information security compensating controls Qualities: * Humble expert with a sense of urgency * Skilled at taking complex topics and making them simple * Transparent judgment and stands behind their decisions, right or wrong * Team focus with an ability to work in a matrixed organization Reddit San Francisco CA

Senior Security Engineer

Anaplan