Ethos
Senior Security Engineer
Ethos, San Francisco, California, United States, 94199
About EthosEthos was built to make it faster and easier to get life insurance for the next million families. Our approach blends industry expertise, technology, and the human touch to find you the right policy to protect your loved ones.We leverage deep technology and data science to streamline the life insurance process, making it more accessible and convenient. Using predictive analytics, we are able to transform a traditionally multi-week process into a modern digital experience for our users that can take just minutes! We’ve issued billions in coverage each month and eliminated the traditional barriers, ushering the industry into the modern age. Our full-stack technology platform is the backbone of family financial health.We make getting life insurance easier, faster and better for everyone.Our investors include General Catalyst, Sequoia Capital, Accel Partners, Google Ventures, SoftBank, and the investment vehicles of Jay-Z, Kevin Durant, Robert Downey Jr and others. This year, we were named on CB Insights' Global Insurtech 50 list and BuiltIn's Top 100 Midsize Companies in San Francisco. We are scaling quickly and looking for passionate people to protect the next million families!About the roleAs a member of Ethos Trust and Safety team, you'll
be responsible for building various security services and performing technical security risk assessments to support the Ethos main product.
You'll help architect and build our internal security standards and frameworks. This role will help build and deploy various security controls in line with foundational security principles like least privilege, defense in depth, segregation of duties and zero-trust architecture.Duties and Responsibilities:Design, develop, and deploy security mechanisms to protect against adversarial attacks, data breaches, and other security vulnerabilitiesDesign and build robust threat detection, monitoring, investigation workflows response architectures and the components of the security analytics platformMonitor and evaluate operational/security alertsConduct Threat Modeling, Design Reviews and Security TestingCommunicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patternsPartner with the DevOps team to orchestrate/automate security controls in the Ethos infrastructure/platformLead the vulnerability management lifecycle at the infrastructure, platform, and application levelsParticipate in investigations, threat hunting, and incident response activities; build playbooks for specific incident response scenariosAssist with compliance activities, such as SOC2 control implementation and testing, vendor risk assessments, etc.Qualifications and Skills:5+ years of full time core, relevant InfoSec experienceIntimate familiarity with AWS cloud security, experience automating security processes in cloud environmentsProficiency in threat modeling, design reviews and security testing of various types of applications, technologies and platformsHands-on experience with CI/CD and DevOps toolsAbility to write automation scripts, ideally in more than one languageExperience in vulnerability/threat management activities at the infrastructure, platform, and application levelExperience with penetration tests/red team exercises, ideally the type that involve manual verification, exploitation, lateral movement, etc.Expertise with event management/SIEM solutions, data modeling associated with
building event detection and alerting capabilitiesMust be able to come into our San Francisco, CA office once a week#LI-Hybrid #LI-JA1The US national base salary range for this full-time position is $165,000 - $221,000. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.Please note that the compensation details listed in US role postings reflect the base salary only, and do not include applicable bonus, equity, or benefits.You can find further details of our US benefits at https://www.ethoslife.com/careers/Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace.We are an equal opportunity employer who values diversity and inclusion and look for applicants who understand, embrace and thrive in a multicultural world. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records.To learn more about what information we collect and how it may be used, please refer to ourCalifornia CandidatePrivacy Notice.
be responsible for building various security services and performing technical security risk assessments to support the Ethos main product.
You'll help architect and build our internal security standards and frameworks. This role will help build and deploy various security controls in line with foundational security principles like least privilege, defense in depth, segregation of duties and zero-trust architecture.Duties and Responsibilities:Design, develop, and deploy security mechanisms to protect against adversarial attacks, data breaches, and other security vulnerabilitiesDesign and build robust threat detection, monitoring, investigation workflows response architectures and the components of the security analytics platformMonitor and evaluate operational/security alertsConduct Threat Modeling, Design Reviews and Security TestingCommunicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patternsPartner with the DevOps team to orchestrate/automate security controls in the Ethos infrastructure/platformLead the vulnerability management lifecycle at the infrastructure, platform, and application levelsParticipate in investigations, threat hunting, and incident response activities; build playbooks for specific incident response scenariosAssist with compliance activities, such as SOC2 control implementation and testing, vendor risk assessments, etc.Qualifications and Skills:5+ years of full time core, relevant InfoSec experienceIntimate familiarity with AWS cloud security, experience automating security processes in cloud environmentsProficiency in threat modeling, design reviews and security testing of various types of applications, technologies and platformsHands-on experience with CI/CD and DevOps toolsAbility to write automation scripts, ideally in more than one languageExperience in vulnerability/threat management activities at the infrastructure, platform, and application levelExperience with penetration tests/red team exercises, ideally the type that involve manual verification, exploitation, lateral movement, etc.Expertise with event management/SIEM solutions, data modeling associated with
building event detection and alerting capabilitiesMust be able to come into our San Francisco, CA office once a week#LI-Hybrid #LI-JA1The US national base salary range for this full-time position is $165,000 - $221,000. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.Please note that the compensation details listed in US role postings reflect the base salary only, and do not include applicable bonus, equity, or benefits.You can find further details of our US benefits at https://www.ethoslife.com/careers/Don’t meet every single requirement? If you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace.We are an equal opportunity employer who values diversity and inclusion and look for applicants who understand, embrace and thrive in a multicultural world. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records.To learn more about what information we collect and how it may be used, please refer to ourCalifornia CandidatePrivacy Notice.