Listing Description
About the Role:
StarTree is seeking a Staff Security Engineer to strengthen our security posture, ensure regulatory compliance, and establish common security controls and practices across the engineering and product organization. As a Staff Security Engineer, you will be responsible for developing and executing a comprehensive security strategy, conducting assessments and testing, managing security content, collaborating with cross-functional teams, and staying updated on emerging threats and technologies.
Responsibilities
- Develop and execute a comprehensive security strategy to protect data assets, systems, and networks.
- Conduct security assessments, vulnerability scans, and penetration testing to identify weaknesses and recommend remediation measures.
- Manage a repository of security content to support client inquiries and ensure successful business operations.
- Evaluate vendor and security provider compliance against standards such as SOC2 and lead preparation for ISO certification.
- Collaborate with engineering and DevOps teams to design and implement secure architectures.
- Monitor and respond to security events and incidents, mitigating potential threats or breaches.
- Conduct security awareness training and promote a culture of security awareness.
- Propose security controls to address identified gaps and facilitate smooth operations.
- Maintain effective relationships with internal stakeholders and senior management.
- Stay updated on emerging security threats, trends, and technologies, making recommendations for continuous improvement.
What we’re looking for:
- Bachelor's degree in Computer Science, Information Security, or related field. Relevant professional certifications (e.g., CISSP, CISM) are a plus.
- 7+ years of experience as a Security Engineer, focusing on securing data and systems in a cloud-based environment.
- Strong knowledge of network protocols, operating systems, and cloud platforms (e.g., AWS, Azure, GCP).
- Experience with security tools and technologies (e.g., SIEM, IDS/IPS, DLP, WAF, vulnerability scanning).
- Familiarity with security standards and government regulations (ISO, SOC2, NIST, GDPR, HIPAA, etc.).
- Proficiency in scripting and automation languages (e.g., Python, Bash) for security solution development.
- Experience with REST API attack detection and prevention, static code analysis, application security testing, and vulnerability scanning.
- Knowledge of cryptography principles and practical application for data and communication protection.
- Excellent problem-solving and analytical skills with the ability to provide practical recommendations.
- Strong communication and interpersonal skills for effective collaboration and stakeholder engagement.
If you are passionate about addressing the security and compliance challenges of a fast growing multi-cloud infrastructure startup and possess the technical expertise and leadership skills to succeed, we encourage you to apply for this exciting opportunity.
The base salary range for this US full-time position is $150,000 - $220,000, subject to standard withholding and applicable taxes. Additionally, new hires receive competitive and compelling equity grants, and access to a comprehensive benefits offering. The base salary range reflects the minimum and maximum target for candidates. The Salary and Equity compensation offered may vary depending on factors including: location, skills, experience, and the assessment process.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided