Senior Security Engineer (Enterprise)

Justworks is looking for an experienced, hands-on Senior Security Engineer who can help drive the company’s Security Architecture & Engineering function. We are looking for a versatile candidate who can lean into multiple security domains including, but not limited to network, infrastructure, application security, IAM and data protection. This person will also collaborate across the Security department by working closely and supporting our Security Operation and GRC functions. 

An ideal candidate has a proven track record of building security solutions to enhance security, and managing company security postures. . Given this hands-on technical role, you should be comfortable coding in  Ruby on Rails, JavaScript or other similar languages. We would also prefer that you have experience in Linux environment and proficiency using common cybersecurity tools. 

Your Success Profile

• Evaluate existing security controls and identify opportunities to enhance the security posture of Justworks
• Responsible for Exposure Management which includes, but is not limited to vulnerability management, misconfiguration management, end-of-life management and bug bounty program. 
• Improve our security posture through strengthening vulnerability scanning, penetration testing and exposure remediation. Be the SME for all scanning tools and exposure management platforms.
• Implement security capabilities in SaaS and IAAS (i.e.AWS, GCP, Azure etc) and enterprise environments while executing and delivering the security roadmap. 
• Support the overall Justworks Security organization across multiples domains such as network and infrastructure, application security, identity and access management, data protection, Security Operations and GRC (Governance, Risks and Compliance)
• Work crossfunctionally with technology teams to  implement enterprise security capabilities into solution architecture.
• Support major new product development projects to ensure that appropriate security controls are built into systems prior to production cutover.
• Drive process improvement and control implementation projects in coordination with the larger Digital Technology team at Justworks.
• Act as a cross-functional tools and services expert, working with engineering,risk and security operations teams to build security control requirements

As a Senior Security Engineer, how results are achieved is paramount for your success and ultimately result in our success as an organization. In this role, your foundational knowledge, skills, abilities and personal attributes are anchored in the following:

• Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks and developing mitigation strategies, and taking ownership of the outcome.
• Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
• Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
• Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
• Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.

In addition, all Justworkers focus on aligning their behaviors to our core values known as COGIS. It stands for:

• Camaraderie - Day to day you can be seen working together toward a higher purpose. You like to have fun. You’re an active listener, treat people respectfully, and have a strong desire to know and help others.
• Openness - Your default is to be open. You're willing to share information, understand other perspectives, and consider new possibilities. You’re curious, ask open questions, and are receptive to thoughts and feedback from others.
• Grit - You demonstrate grit by having the courage to commit and persevere. You’re committed, earnest, and dive in to get the job done well with a positive attitude.
• Integrity - Simply put, do what you say and say what you'll do. You’re honest and forthright, have a strong moral compass, and strive to match your words with your actions while leading by example. 
• Simplicity - Be like Einstein: “Everything should be made as simple as possible, but no simpler.”

• 5+ years experience in information security concepts, common technical security controls, and security architecture design principles, ideally in a SaaS environment
• Demonstrated technical expertise in SAST, DAST and penetration testing of cloud products and deployments.
• Demonstrated technical expertise with endpoint security such as laptops security, mobile device security, browser management, email security and network security.
• Hands-on experience with Secure-SDLC processes and DevSecOps, including secure design, threat modeling, vulnerability management, etc.
• Familiar with secure coding practices and security scanning technologies
• Solid experiences in threat management, and exposure management
• Extensive experience in security architecture, system design, and engineering scalable security solutions in a cloud-native (AWS) environment
• Deep knowledge and experience in identity and access management.
• Technical experience with DevOps, Jira, and other agile automation tools
• Proven track record as a strong communicator
• Strong analytical skills
• Exceptional organizational skills
• (Preferred) Security Certifications: CISSP, CRISC, GIAC, CCSP or CEH

The base wage range for this position based in our New York City Office is targeted at $167,500.00 to $205,000.00 per year.

#LI-Hybrid #LI-CE1