101 applicants

Company

Original Job Post

ButterflyMX® · 2 days ago

Product Security Engineer

United States

Full-time

Remote

Senior Level

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Real EstateSecurity

Growth Opportunities

Insider Connection @ButterflyMX®

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Design, implement, mature & maintain robust security controls & processes across the technology stack to protect sensitive data & systems

Lead vulnerability management & remediation efforts to improve security posture & resiliency

Extend detection & response capabilities, drive security incident response efforts

Ensure security controls for compliance with industry standards, regulations, frameworks

Evaluate, analyze & implement new security technologies & solutions

Collaborate with cross-functional teams to integrate security into product development lifecycle

Stay up-to-date with the latest security threats, technologies, & trends

Develop & conduct regular security awareness training & education programs

Serve as a point of contact for customers & partners regarding security inquiries

Foster a culture of security awareness & accountability throughout the organization

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security EngineeringCloud OperationsTech Stack SecurityCross-Functional CollaborationCompliance ManagementData PrivacySecurity Solutions DeploymentCloud TechnologyIncident ManagementThreat ManagementVulnerability ManagementIdentity Access ManagementSecurity Best PracticesCompliance RequirementsDevSecOpsSecurity Testing AutomationCode AnalysisTerraformInfrastructure as CodeIncident ResponseOWASP Top TenData-Driven Decision MakingRisk ManagementSecurity & Privacy by DesignThreat ModelingEmerging Threats AwarenessAWS SecurityCISSPCCSPCSSLP

Required

5+ years of security engineering experience building, managing & scaling security operations at a fast-paced, agile/dynamic, cloud native, technology-driven startup

Experience securing a tech stack/solution that includes SaaS, Mobile, & IoT

Experience working with cross-functional teams to identify & mitigate security, compliance & data privacy risks

Proficiency with deploying, operationalizing & managing security solutions in a remote first organization, with a cloud tech stack built for providing SaaS

Extensive experience & expertise across multiple security domains including cloud security, data security, network security, application security, incident management, threat/vulnerability/patch/configuration management, identity & access management

Strong understanding of security best practices, frameworks, standards, & compliance requirements, & particularly how these apply to a startup environment through enterprise environments. Experience maturing security controls as an organization matures

Expertise in DevSecOps practices, such as automating security testing within CI/CD pipelines & conducting static & dynamic code analyses, through remediation of findings

Experience automating security controls. Proven technical proficiency using Terraform & other infrastructure as code tools, with a strong track record of managing vulnerabilities in ephemeral cloud infrastructure environments

Incident response management: Experience in developing & implementing incident response plans, conducting investigations, & managing security incidents effectively

Demonstrated ability to educate an engineering audience about technical application security vulnerabilities, i.e., OWASP Top Ten, OWASP API Security Top 10

Adept in a data-driven approach for decision-making & a risk-based mindset to prioritize & address security concerns effectively

Experience with implementing Security & Privacy by design principles into a development lifecycle involving incorporating threat modeling to identify potential risks & ultimately design appropriate security controls

Customer focused & Solution oriented, Enthusiastic, Empathetic, Adaptable/Flexible, Bias for Action, Forward thinking, Optimistic, Trusted Advisor. Everyone is a customer & everyone is on the security team!

A strong inclination to dive into the details, actively engaging in hands-on work

Continuous improvement mindset. Pursues ongoing professional development, stays updated with emerging threats & technologies

Industry certifications such as AWS Security Certified, CISSP, CCSP, CSSLP, GXPEN, OSCP, SANS Certifications, Burp Suite Certified, Security+, CEH, CIPP, CIPT

Benefits

Comprehensive Medical (ButterflyMX covers 90% of the cost) starting day 1

Dental and Vision plans (ButterflyMX covers 100% of the cost) starting day 1

401(k) plan with a match

13 paid holidays and 25 days of PTO

Paid Family Leave

Employee Assistance Program

Quarterly self-care stipends

HealthAdvocacy Program

Access to optional benefits, including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Disability, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance

Collaborative, dynamic work environment filled with kind, intelligent people who are working hard on an industry-defining product