Bitly
Security Engineer - DevSecOps
Bitly, New York, New York, us, 10261
The Role
We are seeking a talented and proactive Security Engineer to join our team. The ideal candidate will be passionate about cybersecurity and possess a strong technical background in application and cloud network technologies. In this role, you will collaborate closely with our application production engineering teams and the Infosec team to integrate security best practices into all aspects of our software development lifecycle.What You'll Do
Partner with rest of the InfoSec Team, IT and the Product-Engineering teams to implement the strategic security vision into our productsDesign, implement, and maintain robust security architectures for our applications and cloud infrastructure to ensure our systems' confidentiality, integrity, and availabilityHelp implement Cloud Security Best Practices by configuring and managing security controls for cloud environments, including identity and access management (IAM), network security groups (NSGs), and encryption mechanismsKeep detailed documentation of security configurations, policies, procedures, and incidents to help keep track of the status of security initiatives and compliance effortsImplement security automation and orchestration workflows to streamline security operations and improve incident response timesPerform security-focused code reviewsAssist the InfoSec team in supporting the development and implementation of controls to achieve and maintain compliance with SOC 2 and other relevant industry standardsSupport and consult with product engineering teams in the area of application security, including threat modeling and appsec reviewsWork closely with product engineering teams to embed security frameworks and security best practices throughout the software development lifecycle, including secure coding guidelines, static and dynamic code analysis, and dependency scanningParticipate in the entire software development lifecycle (SDLC), including threat modeling, secure code reviews, and security testingAssist teams in reproducing, triaging, and addressing application security vulnerabilitiesTake the lead in incident response efforts during security breaches or incidents, managing investigation, containment, eradication, and recovery activities while implementing preventative measures for the futureWho You AreAn expert in application and cloud security with a deep understanding of the latest threats, vulnerabilities, and best practicesA cybersecurity enthusiast with a substantial technical foundation and a drive to stay ahead of emerging threatsProficiency in programming and automation using Go, JavaScript, Bash, and TerraformA collaborative team player who can effectively communicate and work with cross-functional teams to integrate security into every phase of the software development lifecycle and convey technical concepts to non-technical stakeholdersA problem-solver with a keen eye for detail and a proactive approach to identifying and addressing security vulnerabilitiesA continuous learner who thrives in a fast-paced environment and is eager to stay updated on emerging technologies and trends in cybersecurityStrong understanding of web application security principles, including OWASP Top 10 vulnerabilities and secure coding practicesFamiliarity with both AWS and GCP production environmentsExperienced in applying security best practices to meet industry compliance standards (e.g., SOC 2, PCI-DSS, HIPAA)(Bonus) Security certifications such as CISSP, CSSLP, CEH, or GCP Professional Cloud Security Engineer / AWS Certified Security EngineerUS Employee BenefitsYour benefits start on Day 1!Health:Inclusive health, dental, vision built to support diverse lifestyles through Aetna & KaiserOne Medical membership: Doctors you can text, call or email 24/7 and receive access to expert insurance guidanceWellbeing:Wellness reimbursement programEnhanced care for reproductive health, family planning, pediatrics with MavenRobust mental health support and Employee Assistance Program (EAP) with confidential counseling services through Lyra.Impactful community building through our Employee Resource GroupsGlobal DEI training programs and guest speakers throughout the yearFinancial:Generous HSA Contribution from Bitly401k with up to 4% employer match through Betterment, access to a financial professional to offer our employees the opportunity to plan-ahead for a strong financial future well beyond their working yearsCompany Stock OptionsLife Insurance - Company provided and supplementalShort-term and Long-term DisabilityUnlimited PTO Policy (vacation, sick, & personal), including Mental Health days and 2 annual “Recharge” weeksPartial cell phone and WiFi service reimbursementFull support for remote work, including a $500 home office stipendVoluntary Benefits: Pet Insurance, LegalShield, IDShield, Hospitalization, and Accident coveragesGenerous parental leave policies; maternity and parental leave for growing familiesBudget for professional development opportunities, including courses and conference attendanceCoworking reimbursement - $350 on a quarterly basisEligibility & ClosingUS applicants must be currently authorized to work in the United States on a full-time basis.
*** Must live in or be willing to relocate to one of the following states to be eligible for hire: Arizona, California, Colorado, Connecticut, Florida, Georgia, Illinois, Louisiana, Massachusetts, Michigan, Minnesota, New York, New Jersey, North Carolina, Pennsylvania, Texas, Vermont, Virginia, Washington ***
If you are based in California, we encourage you to read this important information for California residents linked here. ( https://bitly.is/CPRACandidates )
#LI-AH1 #LI-Remote#J-18808-Ljbffr
We are seeking a talented and proactive Security Engineer to join our team. The ideal candidate will be passionate about cybersecurity and possess a strong technical background in application and cloud network technologies. In this role, you will collaborate closely with our application production engineering teams and the Infosec team to integrate security best practices into all aspects of our software development lifecycle.What You'll Do
Partner with rest of the InfoSec Team, IT and the Product-Engineering teams to implement the strategic security vision into our productsDesign, implement, and maintain robust security architectures for our applications and cloud infrastructure to ensure our systems' confidentiality, integrity, and availabilityHelp implement Cloud Security Best Practices by configuring and managing security controls for cloud environments, including identity and access management (IAM), network security groups (NSGs), and encryption mechanismsKeep detailed documentation of security configurations, policies, procedures, and incidents to help keep track of the status of security initiatives and compliance effortsImplement security automation and orchestration workflows to streamline security operations and improve incident response timesPerform security-focused code reviewsAssist the InfoSec team in supporting the development and implementation of controls to achieve and maintain compliance with SOC 2 and other relevant industry standardsSupport and consult with product engineering teams in the area of application security, including threat modeling and appsec reviewsWork closely with product engineering teams to embed security frameworks and security best practices throughout the software development lifecycle, including secure coding guidelines, static and dynamic code analysis, and dependency scanningParticipate in the entire software development lifecycle (SDLC), including threat modeling, secure code reviews, and security testingAssist teams in reproducing, triaging, and addressing application security vulnerabilitiesTake the lead in incident response efforts during security breaches or incidents, managing investigation, containment, eradication, and recovery activities while implementing preventative measures for the futureWho You AreAn expert in application and cloud security with a deep understanding of the latest threats, vulnerabilities, and best practicesA cybersecurity enthusiast with a substantial technical foundation and a drive to stay ahead of emerging threatsProficiency in programming and automation using Go, JavaScript, Bash, and TerraformA collaborative team player who can effectively communicate and work with cross-functional teams to integrate security into every phase of the software development lifecycle and convey technical concepts to non-technical stakeholdersA problem-solver with a keen eye for detail and a proactive approach to identifying and addressing security vulnerabilitiesA continuous learner who thrives in a fast-paced environment and is eager to stay updated on emerging technologies and trends in cybersecurityStrong understanding of web application security principles, including OWASP Top 10 vulnerabilities and secure coding practicesFamiliarity with both AWS and GCP production environmentsExperienced in applying security best practices to meet industry compliance standards (e.g., SOC 2, PCI-DSS, HIPAA)(Bonus) Security certifications such as CISSP, CSSLP, CEH, or GCP Professional Cloud Security Engineer / AWS Certified Security EngineerUS Employee BenefitsYour benefits start on Day 1!Health:Inclusive health, dental, vision built to support diverse lifestyles through Aetna & KaiserOne Medical membership: Doctors you can text, call or email 24/7 and receive access to expert insurance guidanceWellbeing:Wellness reimbursement programEnhanced care for reproductive health, family planning, pediatrics with MavenRobust mental health support and Employee Assistance Program (EAP) with confidential counseling services through Lyra.Impactful community building through our Employee Resource GroupsGlobal DEI training programs and guest speakers throughout the yearFinancial:Generous HSA Contribution from Bitly401k with up to 4% employer match through Betterment, access to a financial professional to offer our employees the opportunity to plan-ahead for a strong financial future well beyond their working yearsCompany Stock OptionsLife Insurance - Company provided and supplementalShort-term and Long-term DisabilityUnlimited PTO Policy (vacation, sick, & personal), including Mental Health days and 2 annual “Recharge” weeksPartial cell phone and WiFi service reimbursementFull support for remote work, including a $500 home office stipendVoluntary Benefits: Pet Insurance, LegalShield, IDShield, Hospitalization, and Accident coveragesGenerous parental leave policies; maternity and parental leave for growing familiesBudget for professional development opportunities, including courses and conference attendanceCoworking reimbursement - $350 on a quarterly basisEligibility & ClosingUS applicants must be currently authorized to work in the United States on a full-time basis.
*** Must live in or be willing to relocate to one of the following states to be eligible for hire: Arizona, California, Colorado, Connecticut, Florida, Georgia, Illinois, Louisiana, Massachusetts, Michigan, Minnesota, New York, New Jersey, North Carolina, Pennsylvania, Texas, Vermont, Virginia, Washington ***
If you are based in California, we encourage you to read this important information for California residents linked here. ( https://bitly.is/CPRACandidates )
#LI-AH1 #LI-Remote#J-18808-Ljbffr