About the team:
Sift is a highly collaborative environment committed to driving Digital Trust & Safety solutions that protect customers from fraudulent abuse, costing them time, money, and risk to brand reputation. That same drive is applied to securing our own platform; our customers trust with their data and we strive to continuously evolve and adapt our platform by constantly learning, applying the latest technologies, and most importantly, carefully listening to feedback.
What we're looking for:
As a Security Engineer at Sift, you will work across the enterprise to design and develop complex security solutions to protect against today's threats. This high impact role will be part of the Security organization and will be accountable for delivering the security foundation that allows Sift to aggressively move forward, applying the highest standards to protect our customers.
You will have the opportunity to actively monitor for security threats through detection creation and investigations, help secure our network boundaries from attacks and breaches, harden our security applications and infrastructure to protect our customers data and maintain customer confidence that they are secure when accessing the console.
What you'll do:
Directly contribute to Sift's growth by designing and developing security solutions
Leverage your defensive security skills to continuously evolve and mature Sift's security monitoring capabilities to detect active threats, including: detection creation, investigation and response, and threat hunting
Work across the organization to mitigate security events or incidents, establishing scope and impact, performing forensic activities, contributing to internal/external communications, and providing technical guidance to both mitigate the event in a timely manner, but also secure against future attacks
Contribute to post-mortem incident reviews for management and leadership, including root cause, remediation steps, and future improvements to protect a recurrence.
Work cross-functionally to identify exposed vulnerabilities across Sift applications and infrastructure through automated scanning and actionable reporting
Drive security best practices at the ground floor by participating in security reviews, threat modeling, and engineering reviews across the org to help identify potential risks before it reaches the customer
Participate in both technical and non-technical discussions as Security SME, building confidence by effectively communication how our solutions defend against active threats
Provide input on security initiatives to automate and scale security processes across engineering
What we're looking for:
3+ years of hands-on experience developing and implementing enterprise wide security controls
Strong technical understanding of software and application security: (e.g. OWASP Top 10) in a continuous development environment
Experience managing SIEM infrastructure, log ingestion, detection creation, investigations and threat hunts
Clear understanding of Incident Response process with proven examples of contribution: discovery assessment, response, mitigation, root cause analysis, communication, and failure mitigation
Vulnerability scanning experience including scan automation, vulnerability assessments, current attack/defense methodologies, and remediation
Experience with various application security solutions/tools such as code analysis (static & dynamic), vulnerability scanning, pen testing
Strong communication skills
Experience driving threat modeling exercises across big data platforms responsible for managing sensitive data
Good understanding of Linux systems
Strong scripting skills for process automation
Google Cloud Platform (GCP) experience, specifically around adopting and adapting out of box security controls
Bug bounty program development or participation
Experience in helping drive compliance programs (SOC2, PCI, etc), risk assessments and developing privacy & security engineering principles and best practices
BS in Computer Science or related field
A little about us:
Sift is the leading innovator in Digital Trust & Safety. Hundreds of disruptive, forward-thinking companies like Airbnb, Zillow, and Twitter trust Sift to deliver outstanding customer experience while preventing fraud and abuse.
The Sift engine powers Digital Trust & Safety by helping companies stop fraud before it happens. But it's not just another anti-fraud platform: Sift enables businesses to tailor experiences to each customer according to the risk they pose. That means fraudsters experience friction, but honest users do not. By drawing on insights from our global network of customers, Sift allows businesses to scale, win, and thrive in the digital era.
Benefits and Perks:
Competitive total compensation package
Medical, dental and vision coverage
Flexible time off
Sift is an equal opportunity employer. We make better decisions as a business when we can harness diversity in thought, experience, data, and background. Sift is working toward building a team that represents the worldwide customers that we serve, inclusive of people from all walks of life who can bring their full selves to work every day, so we can Win as One Team.