Flexcar · 2 weeks ago
Senior Security Engineer
Boston, MA
Full-time
Onsite
Mid, Senior Level
$112K/yr - $155K/yrFlexcar is on a mission to replace car ownership with flexible alternatives and is currently expanding its operations. They are seeking a Senior Security Engineer to safeguard their web and mobile applications, physical locations, and remote team members, while championing the development of proactive defense measures across the organization.
AutomotiveCustomer ServiceRetail
Responsibilities
Hands-on experience with managing a Web Application Firewall, including the creation of custom rules, rate limiting, and managing vendor rulesets
Must understand the current OWASP Top 10 and demonstrate the ability to educate others on how to identify and mitigate associated risks
Must have experience with deploying and managing defensive measures, aka “Blue Teaming”
Must have experience organizing and managing third-party penetration tests and ensuring that all findings are addressed in a timely manner
Hands-on experience with threat modeling
Experience leading tabletop sessions with members of the engineering team as well as non-technical members of the organization
Demonstrated ability to conduct Open-Source Intelligence (OSINT) against the organization and its resources
Demonstrated ability to conduct internal offensive security campaigns against Flexcar’s web application and the organization itself
Experience creating CI/CD workflows and utilizing open-source security tools
Experience with static analysis tools for code, dependencies, and container images
Familiarity with AWS security tools and resources
Familiarity with Terraform
Experience with hardening Microsoft Entra (Azure AD) and O365
Proven experience with Identity and Access Management
Experience with administration of common Managed Detection and Response (MDR) solutions
Hands-on experience with scripting languages like Python
Proven ability to serve as a Security Incident Commander
Ability to use the tools available for leading forensic analyses and guiding investigative efforts
Demonstrated ability to conduct threat hunting based on new threats as they are discovered or disclosed by the larger security community
Familiarity with maintaining compliance with frameworks such as PCI, CCPA, and US Data Privacy
Familiarity with compliance automation platforms
Experience creating and maintaining foundational security policies
Ability to manage Flexcar’s third-party vendor assessment process
Ability to create both general security awareness content for the organization as well as targeted training for a variety of individual teams
Qualification
Required
Web Application Security Hands-on experience with managing a Web Application Firewall, including the creation of custom rules, rate limiting, and managing vendor rulesets
Must understand the current OWASP Top 10 and demonstrate the ability to educate others on how to identify and mitigate associated risks
Must have experience with deploying and managing defensive measures, aka 'Blue Teaming'
Must have experience organizing and managing third-party penetration tests and ensuring that all findings are addressed in a timely manner
Hands-on experience with threat modeling
Experience leading tabletop sessions with members of the engineering team as well as non-technical members of the organization
Demonstrated ability to conduct Open-Source Intelligence (OSINT) against the organization and its resources
Demonstrated ability to conduct internal offensive security campaigns against Flexcar's web application and the organization itself
Secure Infrastructure & Tooling Experience creating CI/CD workflows and utilizing open-source security tools
Experience with static analysis tools for code, dependencies, and container images
Familiarity with AWS security tools and resources
Familiarity with Terraform
Experience with hardening Microsoft Entra (Azure AD) and O365
Proven experience with Identity and Access Management
Experience with administration of common Managed Detection and Response (MDR) solutions
Hands-on experience with scripting languages like Python
Incident Management Proven ability to serve as a Security Incident Commander
Ability to use the tools available for leading forensic analyses and guiding investigative efforts
Demonstrated ability to conduct threat hunting based on new threats as they are discovered or disclosed by the larger security community
Governance, Risk, and Compliance Familiarity with maintaining compliance with frameworks such as PCI, CCPA, and US Data Privacy
Familiarity with compliance automation platforms
Experience creating and maintaining foundational security policies
Ability to manage Flexcar's third-party vendor assessment process
Ability to create both general security awareness content for the organization as well as targeted training for a variety of individual teams
Benefits
Flexible Paid Time Off and Sick Time
401(k) with company match from day one of hire
Excellent, low-cost healthcare coverage including: medical, dental, vision, eligibility day one
Discounted employee rate on Flexcar products and no annual membership fee
Weekly Pay
And other amazing perks!
Company
Flexcar
Flexcar is a vehicle subscription company that offers insurance and maintenance services.
Founded in 2021
201-500 employees
H1B Sponsorship
Flexcar has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (5)
Funding
Current Stage
Growth StageLeadership Team
Ryan Quinlan
Chief Operating Officer
Alisha Gandhi, MLER
Talent Acquisition Partner
Recent News
2025-01-29
GlobeNewswire News Room
2023-10-11
Company data provided by crunchbase