Seesaw Learning
Senior Security Engineer
Seesaw Learning, San Francisco, California, United States, 94199
About Us:Trusted and loved by 25 million educators, students, and families worldwide, Seesaw is the only elementary learning experience platform, offering a suite of award–winning tools, resources, and curriculum for teachers to deliver joyful, inclusive instruction. Through interactive lessons, digital portfolios, and two–way communication features, Seesaw keeps everyone in the learning loop by providing continuous visibility into the student's learning experience to support and celebrate their learning.Our Mission:Seesaw's mission is to provide every elementary student with joyful and connected learning experiences that lay the foundation for success in life.Your Team:This Senior Security Engineer will join our Core Platform team, a back–end team functioning as the backbone of our organization, dedicated to crafting and maintaining the fundamental infrastructure and service libraries that drive Seesaw's success. By constructing the foundational layers and systems, they empower rapid and scalable development of exceptional user experiences from our product engineering teams. Additionally, the Core Platform team assumes ownership of critical operational aspects, including security, reliability, compliance, and cost–effectiveness to ensure the seamless operation of Seesaw's platform and cloud infrastructure.Your Role:Seesaw is seeking an experienced Senior Security Engineer to join our Core Platform team. As we continue to grow our international footprint here at Seesaw, you will help lead the charge in achieving and maintaining international compliance certifications, like SOC 2 and ISO 27001, ensuring our security practices align with industry standards. You will collaborate closely with engineering and product teams to conduct threat modeling, code reviews, and vulnerability assessments, fostering a culture of security awareness throughout the organization. Your expertise in automating security processes and improving existing frameworks will be instrumental in enhancing our application and infrastructure security.Your Responsibilities:Lead efforts to achieve and maintain internationally recognized compliance certifications such as SOC2 and ISO27001, including developing and implementing policies, procedures, and training programs to ensure organizational alignment with compliance requirements.Partner with engineering and product teams to perform threat modeling, design, and code reviews to assess security implications and requirements for the secure development of new systems and technologies and remediate vulnerabilities in existing ones.Design, build and deploy automation to scale application and infrastructure vulnerability discovery efforts across repositories, systems, and microservices.Develop automated security testing to validate secure coding best practices.Support our external researchers through our bug bounty program, and coordinate our annual security exercises.Proactively improve our security frameworks, documentation, tools, processes, and methodologies.Your Requirements:Bachelor's or Master's degree in Computer Science, Information Systems/Technology, Cybersecurity, or a related field, or equivalent practical experience.5+ years of experience specifically in security engineering/application security, and 8+ years of total professional experience in a technical role.Proven experience in leading and managing the achievement of international compliance certifications, like SOC2 and ISO27001, with a strong understanding of the associated frameworks and requirements.Experience identifying security issues in applications through code review, threat modeling, penetration testing, manually and with tools.Experience improving platform security practices within an AWS infrastructure stack and containerized environments.Experience partnering with cross–functional product/engineering teams, and advising these teams on how to address a broad set of security and privacy challenges.Strong knowledge and experience in at least one of the following: Python, JavaScript/TypeScript or other similar languages.Nice to Have:Experience designing, implementing, and deploying production–quality systems.Strong understanding and experience with security controls, and common security libraries in languages like Python and Javascript.Experience with CI/CD pipelines, and other general SRE skills.Experience with secure code review, penetration testing, and common security tools.Compensation & Benefits:The annual base salary range for this position is: $165,000 – $195,000 + RSUs.Benefits include: Medical/Dental + Orthodontics/Vision Coverage, 401k Match, Flexible Paid Time Off, Mindfulness First Fridays, Monthly Technology Stipend, Home Office Setup Stipend, Professional Development Stipend, Paid Parental Leave, Charitable Donation Matching, Volunteer Days.Seesaw cares about building a diverse and inclusive team to better advocate for the needs of our incredibly diverse K–12 users.We prioritize work–life balance and actually walk the walk – we care a lot about our work, but care more about our employee's well–being.Seesaw provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, religious creed, color, sex, sex stereotype, gender, gender identity/gender expression/transgender, national origin, ancestry, physical or mental disability, medical condition, genetic information/characteristics, marital status/registered domestic partner status, age, sexual orientation, or military or veteran status.
#J-18808-Ljbffr
#J-18808-Ljbffr