Data Ethics Specialist

Data Ethics Specialist

at acxiom

San Franciso, CA

Provide consistent and effective support of Acxiom’s Data Ethics Program for the corporation, focusing on LiveRamp’s Connectivity Division. Facilitate the application and integration of privacy policy, data protection and ethical data use requirements plus applicable law and regulation into data onboarding, enablement, distribution, connection, linking, positioning and messaging. Assist with privacy issue vetting and resolution with stakeholders across multiple functions. This also includes managing project schedules, understanding technical details, identifying risks and clearly communicating goals.

Detailed Position Description:

  • Build and grow strong partnerships with LiveRamp teams: Sales, Legal, Product, Marketing, and Technical teams

  • Serve as the Data Ethics representation in deal facilitation and client support inquires.

  • Work with the client service teams on compliance issues regarding privacy, data protection and the ethical use of data. Provide client support as needed.

  • Manage privacy issue vetting and resolution. Centralized in-take point for requests, complaints and comments from client stakeholders and other parts of the LiveRamp enterprise and external stakeholders specifically the consumer. 

  • Administer compliance systems including Privacy Impact Assessment (PIA) preparation, data sourcing due diligence reviews, analysis, and credentialing. 

  • Plan customer requirements with Sales, evaluate workflows from a technical and policy perspective for privacy implications, and usher projects through the entire project lifecycle.

  • Build and maintain our Data Ethics reference library that is our source of truth on the operation of our key data ethics program (e.g., PIAs, training material, client-facing documentation)

  • Administer periodic self-assessments and coordinate semi-annual assessment with external validation.

  • Convey knowledge and advocacy around privacy, data protection and ethical use of data considerations and obligations for each stakeholder group. 

  • Assist with related training and education development and delivery.  

  • As regulations evolve, assist with evaluation of impact to organization and facilitate product and solution changes in support of compliance obligation and consumer advocacy efforts

  • Assist various stakeholder groups in developing corresponding messaging and product positioning to support our privacy policies and obligations.

  • Consult on the onboarding of new products, custom workflows, and services into our Data Ethics framework

Qualifications

Minimum qualifications:

  • Bachelor's degree with 2+ years experience or equivalent practical experience
  • Experience with compliance programs including HIPAA
  • Experience with the interaction between sales, privacy, and legal
  • Project/program management experience
  • Technical writing and data flow mapping experience

 

Preferred Qualifications:

  • Experience with client facilitation and sales support
  • Ability to learn and effectively communication technical concepts
  • Experience with privacy reviews and managing cross-functional projects
  • Strong implementation experience in developing documentation across Microsoft Excel, PowerPoint, and Word, Google Drive, Salesforce

Application Security Engineer

Application Security Engineer

at facebook

New York, NY

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we're just getting started.

Facebook's Application Security team is seeking a passionate hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over a billion people. You will be relied upon to provide engineering and product teams with the security expertise necessary to make confident product decisions. Come help us make life hard for the bad guys.

Responsibilities

  • Provide security guidance on a constant stream of new products and technologies

  • Take a leadership role in driving internal security and privacy initiatives

  • Interact directly with the security community regarding vulnerabilities and threats

  • Analyze, assess, and respond to various internet threats

  • Conduct regular security assessments

Minimum Qualifications

  • B.S. or M.S. Computer Science or related field, or equivalent experience

  • Experience ensuring security and privacy on the internet

  • Experience with an interpreted programming language (PHP, Python, Perl, Ruby, etc.)

  • Knowledge of internet security issues

  • Communication abilities

Preferred Qualifications

  • Contributions to the security community (public research, blogging, presentations, etc.)

We're proud to be the #1 Best Place to Work on Glassdoor's Employees' Choice awards. Learn more: www.fb.careers/fb1

Senior Security Engineer

Senior Security Engineer, Application Security

AT NETFLIX

Los Gatos, California

Netflix has a unique and innovative culture that guides us to do things differently. This helps keep engineering velocity high, but also means that our security team needs to operate differently than a traditional security team. The two important aspects of the culture that affect how we operate are “Freedom and Responsibility” and “Context not Control”. Employees have tremendous freedom in their work, along with the corresponding responsibility to do the right thing for Netflix. Instead of controlling engineers with process and security gates, we enable them to create secure code and provide them with adequate security context to make the right decisions for Netflix.

We are responsible for improving the security of Netflix produced software, primarily for applications deployed within our AWS cloud environment. We aren’t your typical Application Security team. In addition to driving high impact security initiatives for high risk product areas, we also spend a lot of time automating the identification of vulnerabilities across our AWS ecosystem. We aim to scale application security via self-service and automed visibility. 

While your primary background is in application security, you are passionate about using automation to scale application security. You are able to partner with cross-functional teams to deliver widely impactful security initiatives. You are a strong communicator and have experience  with threat modeling, security design reviews and security architecture. In this role, you will leverage your experience and technical security expertise to deliver application security solutions at Netflix scale. You will also help triage issues reported through our bug bounty program and participate in our product security incident response efforts.

Finally, here’s a few more reasons why we love this work and think that you will too:

  • You would have the opportunity to facilitate big changes here at Netflix.

  • You would be working with an industry leading security team with many opportunities to improve existing projects and identify new ones.

  • You are a big fan of open source software and sharing information.  For example, this may include presenting at conferences or working collaboratively within Netflix.  We share when it makes sense and are always researching new ideas from across the community.

  • You enjoy learning and working closely with subject matter experts in diverse areas such as microservice architectures, big data, content delivery networks, and a production studio.

We are an equal opportunity employer and value diversity of thought, culture, background, and perspective at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

We understand that candidates may come from all different education levels and backgrounds. We encourage this!  If you enjoy working on the kinds of problems outlined above, then we should talk.

Senior Software Engineer

Senior Software Engineer, Security

at Uber

About us

We’re changing the way people think about transportation. Not that long ago we were just an app to request premium black cars in a few metropolitan areas. Now we’re a part of the logistical fabric of more than 600 cities around the world. Whether it’s a ride, a sandwich, or a package, we use technology to give people what they want, when they want it.

For the people who drive with Uber, our app represents a flexible new way to earn money. For cities, we help strengthen local economies, improve access to transportation, and make streets safer.

And that’s just what we’re doing today. We’re thinking about the future, too. With teams working on autonomous trucking and self-driving cars, we’re in for the long haul. We’re reimagining how people and things move from one place to the next. Uber's Security team works to ensure the security of all private, personal and payment information for our full set of users - riders, drivers and partners. Our ultimate goal is to ensure that every single experience with Uber is simple, secure, and safe. We are seeking experienced software engineers with a solid coding background. You will join either our Tools Access Platform or Privacy team.

Who you are

An ideal candidate shall own expertise and experience in software development and security engineering. You will build high quality software to potentially enhance internal tools, application protection or the user-facing features and internal services that give our users choice around their data, build trust, advance data privacy, and enable our business.

What you’ll do

● Develop high quality software to enhance application level security

● Drive the implementation and integration of tools and services for authentication, authorization, role based access controls, capability and policy management, auditing and compliance

● Your work will help Uber maintain and grow user trust as we deliver features that allow them to control their account, enable/disable features, and make informed choices about their data.

● Provide subject matter expertise on architecture and systems security

● Collaborate with other engineering & business teams to execute against the vision and roadmap

What you’ll need

● At least 5 years of hands-on coding experience in two of the following languages: Go, Java, C/C++, Python, Node.js.

● Ability to write high quality code: reliable, efficient, easy to debug and maintain

● A solid understanding of information security standards & methodologies

● Familiarity with security architecture, network protocols, cloud storage/computing, and software engineering practices

● Exceptional problem solving skills

● Architecture skills - You know how to build highly scalable, robust, and fault-tolerant services that support our unique rate-of-growth. You stay up-to-date with the latest architectural advancements. You understand how architecture impacts privacy and security.

● Passion - You feel ownership over everything you ship. You'd never call code "released" until you're satisfied it's well implemented and tested. You pride yourself on efficient monitoring, thorough documentation, and proper test coverage.

● Ability to distill complex security problems and drive toward creative solutions

● Strong organizational and relationship skills

● Familiarity with big data technologies: preferred

Note: By applying to this position you’re open to working in either San Francisco, CA or Seattle, WA

Uber is a proud supporter of WISP, OURSA, and the Diana Initiative

For more information email [email protected] 

Senior Engineer, Security

Senior Engineer, Security

At Cisco Meraki

San Francisco

Our mission at Cisco Meraki is to simplify technology so our customers can focus on what's most important to them: their students, patients, customers, and businesses. We’re making networking easier, faster, and smarter with technology that simply works. We have millions of devices deployed and because they are managed from the cloud, we are able to use real-time data to continuously improve the performance, stability and security of our products.

This job position is ideal for someone with embedded security experience and demonstrated leadership skills. The Product Security team plays a central role in protecting our customers’ networks and sensitive data. As leader of the team, you will help to drive the security vision for all of Meraki's products.

As a senior engineer on the Dashboard security team, you will have the opportunity to make substantial contributions in many different areas of security, all with the goal of securing Cisco Meraki’s Dashboard, the core web application and cloud infrastructure which power the millions of Meraki devices worldwide.

We are looking for people from all across the security spectrum to bolster our security posture. At Cisco Meraki, you can play a key role in securely designing key services running on Dashboard. You can deploy and implement new security tools, libraries, and frameworks as well as find, triage, and fix vulnerabilities. You can improve our monitoring and auditing and assist in responding to security incidents. You can be a strong advocate for security and push for process improvements, while balancing these changes with business needs.

As a part of a tight-knit engineering organization that prioritizes security, you have the ability to consult with other teams and affect change across the entire stack, from the UI and backend continuing to the device firmware. Finally, by acting as a guardian to our customers’ networks and deployments, you can have a direct, immediate, and significant impact on our customers and the hundreds of millions of users that use and rely on Meraki access points, switches, security appliances, phones, and cameras every single day.

At Meraki, we are passionate about building real products that our customers love. We believe in fostering a positive organizational culture through hiring awesome people; coaching and mentoring; looking within to continue finding ways to improve organizationally; and having supportive management. We get work done organically through small teams that self-organize both laterally and vertically through direct collaborations between engineers. Finally, we have a positive relationship with Cisco, which provides the stability and resources of a larger company while enabling us to maintain our startup vibe. This includes having an awesome office that overlooks the Bay Bridge and is stocked full of free food and drinks.

Example projects for a Senior Security Engineer:

  • Discover and triage vulnerabilities via code audits, fuzzing, and static analysis
  • Work with and support other engineering teams to fix vulnerabilities found internally and by researchers through our bug bounty program
  • Design and deploy secure systems to handle application secrets such as encryption keys
  • Research and deploy intrusion-detection systems
  • Identify critical services that require audit trails and logging and deploy systems that use logging data to detect anomalous behavior
  • Help architect our services to reduce the impact of a security incident
  • Perform auditing and forensics in response to security incidents

You are an ideal candidate if you:

  • Have 5+ years of experience in web, database, information and/or infrastructure security
  • Know and recognize common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
  • Have a passion for one or more of the following: architecting systems for security; deploying security-focused libraries and tools; finding and triaging security exploits in our code; monitoring and forensics; and participating in security incident response
  • Enjoy working across and being a resource for other teams
  • Are excited to champion security as a first-class concern

Bonus points for:

  • A BS/MS/Ph.D in Computer Science, Computer Engineering, Information Security, Security Engineering, or a STEM field
  • Fluency in Linux and at least one of the following programming languages: Ruby, Scala, C/C++, Java, Python
  • Deep knowledge in key security concepts such as authentication, authorization, public/private key encryption, role-based access control, and security by design
  • Demonstrated ability to ship production-quality software in a dynamic environment
  • Experience with IoT platforms, large-scale distributed systems, and/or client-server architectures

Software Engineering Lead

Software Engineering Lead, Product Security

At Cisco Meraki

San Francisco

Our mission at Cisco Meraki is to simplify technology so our customers can focus on what's most important to them: their students, patients, customers, and businesses. We’re making networking easier, faster, and smarter with technology that simply works. We have millions of devices deployed and because they are managed from the cloud, we are able to use real-time data to continuously improve the performance, stability and security of our products.

This job position is ideal for someone with embedded security experience and demonstrated leadership skills. The Product Security team plays a central role in protecting our customers’ networks and sensitive data. As leader of the team, you will help to drive the security vision for all of Meraki's products.

Responsibilities:

  • Managing and leading a team of best-in-class engineers to identify and develop security measures across all Meraki product lines.
  • Hiring and building out the team in support of Meraki's mission.
  • Mentoring and facilitating professional development of team members.
  • Designing, planning and executing on security features for Meraki devices.
  • Performing technical design and code reviews.
  • Collaborating closely with engineering peers and product managers.
  • Staying ahead of threats and assessing their impact on Meraki devices.
  • Investigating new security technologies, both hardware and software.
  • Driving and evangelizing a program to increase education on security procedures and best practices across the organization.
  • Establishing the necessary communication paths across internal and external teams to accomplish the mission of the product security team.

You are an ideal candidate if you have:

  • A BS/MS/Ph.D in Computer Science, Computer Engineering or a related field.
  • 5+ years of experience in system software development with an emphasis on security.
  • 1+ years in a leadership role.
  • A real passion for computer systems security.
  • Experience with C/C++.
  • Excellent communication and group presentation skills
  • The ability to influence, facilitate and work collaboratively across teams.
  • Familiarity with common software flaws that lead to exploits, and experience with techniques for securing embedded systems (e.g. ASLR).
  • Experience with tools for auditing or reverse engineering computer systems (static analysis tools, protocol fuzzers, etc.)
  • A strong background in fundamentals of cryptography.
  • Experience with penetration testing and other security exercises.
  • An understanding of the existing security support systems: CVE, Mitre, NVD.

Bonus points for:

  • Familiarity with FIPS and PCI standards for computer and data security.
  • Familiarity with ISO/IEC 27k standards, esp. ISO/IEC 27034-27040.

Security Engineer – Penetration Tester

Security Engineer – Penetration Tester

at Security Innovation

Seattle, WA

TL;DR?
Send your resume to [email protected] and then get started on https://canyouhack.us

What we’re looking for:
We’re looking for candidates that are knowledgeable in application security and vulnerabilities. We don’t expect our candidates to know everything, but we do expect them to take on new challenges and not be afraid to fail. Successful candidates are passionate about information security and willing to learn new things.
Our security team is located in downtown Seattle serving a global client base of technology vendors and enterprise IT organizations. We’re looking for a professional security engineer to join our office in Seattle.

Your Responsibilities:
Hack all the things. Okay, seriously, here are some HR Role and Responsibility content regarding what you will do on a daily basis:

  • Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile and more
  • Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
  • Create threat models that result in more secure application design
  • Design and develop security testing scenarios
  • Analyze and present results of testing to team members, managers and customers
  • Write detailed problem reports, test plan documents, and mitigation recommendations as needed
  • Develop tools to aid penetration test automation and effectiveness
  • Review code for common security vulnerabilities
  • Possible travel to client sites to conduct in-person security reviews and assessments

Your Resume: 
We’ll glance at it. Being professional with documentation is important when putting together reports for our clients. Constructing a formal resume can demonstrate that to us. What we’re really looking for, even if your resume doesn’t say it, is someone versed and capable in one or many of the following areas: 

  • Penetration Testing and Ethical Hacking
  • Dynamic and/or Static Code Analysis
  • Software Development
  • Interest in conducting security research

Must Haves: 
What we expect of our applicants:

  • Knowledge of common application security bugs and other attack types
  • Demonstrate an ability to code in one or more language
  • Above average knowledge Windows and/or Linux and Unix variants
  • Willingness to learn new technologies
  •  Strong written and verbal communication skills
  •  a jerk - We have a policy about it

 
Nice to Haves:

These skills are not required, but if you have any of them, you are likely a good candidate for the position:

  • B.S. in Computer Science or related degree
  • Completed OSCP, OSCE, or a similar security certification
  • Understanding of application design, development, and testing techniques
  • Involved in Bug Bounty program
  • Participated in a Capture the Flag event
  • Working knowledge of common security testing tools like Burp Suite, SQLMap, Metasploit,
  • IDAPro, etc.
  • Experience with embedded, firmware, and/or IoT technologies
  • Detail oriented and dependable
  • Good sense of humor

If you have an in-deep knowledge of a specific technology, teach us about it. Our engineers have a wide-breadth of security knowledge, but we love it when engineers have an extensive understanding in one technology.

Perks & Benefits:
There is a reason we have a 4.9/5 rating on Glassdoor. We take care of our clients, but also take care of our employees.

  • Comprehensive health, dental, and vision insurance coverage provided (HMO, PPO, and
  • HSA options available)
  • Generous 401k matching
  • Take what you need PTO
  • Work-life balance – we mean it
  • Financial assistance and scheduled time off for research
  • Professional Development budget for conferences, classes, certifications, or other
  • learning opportunities
  • Flexible work environment with telecommuting options available
  • Extensive technology budget, renewed every year
  • Free coffee, snacks, beverages, among other office treats

How to Apply:
Send your resume to [email protected] and beging completing the challenges at https://canyouhack.us. We look foward to meeting you. 
 
**You must be legally eligible to work in the USA. We are not accepting candidates that will
require Security Innovation to commence ("sponsor") an immigration case (for example, H-1B or other employment-based immigration case) at this time or in the future.

Software Engineer – CMD+CTRL Developer

Software Engineer – CMD+CTRL Developer

at Security Innovation

Seattle, WA

TL;DR?
Send your resume to [email protected]. If you’re a good fit, we will want to set up
an initial 30-minute phone interview.

What you'll do:
You will be one of the developers in Seattle on our CMD+CTRL security training range platform. Your responsibilities will include implementing new features, building out scalability, as well as maintaining and improving the existing application. Your day to day responsibilities will include writing code, performing code reviews of other workers on the project, and answering questions/helping other members of the team as needed.

What we’re looking for:
Our security team is located in downtown Seattle serving a global client base of technology
vendors and enterprise IT organizations. We’re looking for a professional software engineer to
join our office in Seattle.

  • Strong problem-solving skills
  • Strong written and verbal communication skills
  • Passion for writing quality code
  • Potential for some travel to administer CMD+CTRL event

Must Haves:
What we expect from our applicants:

  • Proficient with building Java applications
  • Proficient with HTML, CSS, and front-end frameworks such as Foundation or Bootstrap
  • Proficient with Databases such as MySQL
  • Proficient in the entire software and operating system stack
  • Familiar with MVC
  • Capable of writing clean and maintainable code
  • Willingness to learn new technologies
  • Not a jerk - We have a policy about it

Nice to Haves:
Not required, but great if you already have it:

  • Experience with AWS/Azure
  • Experience with Docker
  • Experience with Linux administration for webservers
  • Experience with deploying and supporting enterprise applications
  • Experience with multiple programming languages, frameworks, and technologies
  • Strong written and verbal communication skills
  • Good sense of humor

Perks & Benefits:
There is a reason we have a 4.9/5 rating on Glassdoor. We take care of our clients, but also take care of our employees.

  • Comprehensive health, dental, and vision insurance coverage provided (HMO, PPO, and
  • HSA options available)
  • Generous 401k matching
  • Take what you need PTO
  • Work-life balance – we mean it
  • Financial assistance and scheduled time off for research
  • Professional Development budget for conferences, classes, certifications, or other
  • learning opportunities
  • Flexible work environment with telecommuting options available
  • Extensive technology budget, renewed every year
  • Free coffee, snacks, beverages, among other office treats

About Security Innovation:
Security Innovation is a Software Security Company with offices in Seattle and Boston. We work with many different companies to help them build secure software through penetration testing, code review, training, and educational security products. We’re a team of passionate Security Engineers and Developers that love what they do. We perform security testing, code review, design review, are leaders in security research, go to security conferences and have lots of time for professional development. We develop an incredible open security training range called CMD+CTRL.

How to Apply:
Send your resume to [email protected]n.com. We look forward to meeting you.
 
**You must be legally eligible to work in the USA. We are not accepting candidates that will
require Security Innovation to commence ("sponsor") an immigration case (for example, H-1B or other employment-based immigration case) at this time or in the future.

Lead Software Engineer

Lead Software Engineer

At Rapid7

El Segundo, CA

Description

Join the security software revolution at Rapid7, building amazing user experiences with cutting edge technologies. As a member of the Threat Exposure Management team in Los Angeles, California you will work on security analytics and data visualizations. We seek self-organized, highly motivated team members passionate about solving difficult problems and making a difference.

You are a Senior Software Engineer that gets excited about making an impact and building the next big thing in security. You are excited to help customers identify key security insights that provide oh s**t moments while maintaining the confidence and reliability expected from an enterprise application. You are a problem solver, willing to learn new skills and stay on top of emerging technologies. This is an exciting opportunity to be part of the next generation of security solutions and is open to enthusiastic and talented developers.

Responsibilities

  • Write algorithms that connect pieces of data together
  • Build scalable services to ingest security and network data
  • Implement cutting edge user interfaces that simplify the user experience for complex problems
  • Work on a diverse, cross-functional team that is defining the future of security
  • Participate in a team environment that continually collaborates and swings for the fences

Requirements

  • BS/MS in Computer Science (or equivalent experience)
  • 5+ years of software development experience in large-scale distributed systems
  • Passionate about building software, ambitious and humble
  • Team-oriented, possess a positive attitude and works well with others
  • Expert experience in OO programming with Java, Python, Ruby or similar language
  • Familiarity with both NoSQL and traditional RDBMS systems
  • Proficient with unix / linux / osx command line and tools

Perks

  • Views of the ocean, City of LA and LAX from the office (we’re 2 miles from the beach and 4 miles from Silicon Beach)
  • Kegerator in the office (+ some beer snobs)
  • Ping pong, foosball, card games and people that will play and probably beat you
  • Book club, lunch and learns and a culture of continual learning
  • Lunch once a week, snacks and occasional happy hours
  • Lots of room to make an impact and grow with us
  • Work on something cool that makes a difference

Technical Program Manager, Security

Technical Program Manager, Security

At Dropbox

San Francisco, CA

Company Description

Dropbox is a leading global collaboration platform that's transforming the way people work together, from the smallest business to the largest enterprise. With more than 500 million registered users across more than 180 countries, our mission is to unleash the world’s creative energy by designing a more enlightened way of working. Headquartered in San Francisco, CA, Dropbox has more than 12 offices around the world.

Team Description

Our Engineering team is working to simplify the way people work together. They’re building a family of products that handle over a billion files a day for people around the world. With our broad mission and massive scale, there are countless opportunities to make an impact.

Role Description

The Dropbox Security Team is seeking a seasoned Technical Program Manager. As a TPM at Dropbox, you’ll have the opportunity to define and influence the strategy and technical direction of one of the most exciting technology companies in the world.

The most successful candidates for this role will have strong analytical and planning skills, broad technical understanding of security domains. Examples include web-scale infrastructure, product security, SDLC, and bug bounties.  You will have a deep passion for security-related issues, solid communication skills and a desire to solve complex problems at scale. You should be someone who’s capable of seeing the big picture, understand the interdependencies and constraints between systems and able to drive a project from start-to-end. We are particularly interested in TPMs familiar with networks, systems and internet security with prior experience driving complex projects to completion.

Responsibilities

  • You will create and manage project plans, monitor project progress and timelines, adjust schedules and plans as needed, and identify and resolve issues to ensure project success
  • You will be responsible for determining necessary staffing for projects and working with key partners to deliver successful outcomes
  • You will handle day-to-day execution of project implementations. Assist with the planning, tracking, documentation and status updates for the project
  • You will exercise solid project leadership skills combined with strong business acumen and in-depth analytical skills
  • You will participate in end to end implementation planning including project management, issue management, and change management

Requirements

  • B.S. in Business Administration and/or Information Technology or equivalent experience
  • 3 - 10 years of related work experience
  • Experience with project planning methods and tools
  • Demonstrated project management skills with cross-functional teams
  • Strong technical understanding and competency in at least one security domain
  • Ability to implement robust and practical security requirements
  • Passion for all things security
  • Outstanding and effective interpersonal skills; along with strong communication skills both verbal and written
  • PMP/PRINCE2 and CISSP certifications desirable, but not required

Benefits and Perks

  • 100% company paid individual medical, dental, & vision insurance coverage
  • 401k + company match
  • Market competitive total compensation package
  • Free Dropbox space for your friends and family
  • Wellness Reimbursement
  • Generous vacation policy
  • 10 company paid holidays
  • Volunteer time off 
  • Company sponsored tech talks (technology and other relevant professional topics)

Security Engineer

Security Engineer

At Dropbox

San Francisco, CA

Company Description

Dropbox is a leading global collaboration platform that's transforming the way people work together, from the smallest business to the largest enterprise. With more than 500 million registered users across more than 180 countries, our mission is to unleash the world’s creative energy by designing a more enlightened way of working. Headquartered in San Francisco, CA, Dropbox has more than 12 offices around the world.

Team Description

Our Engineering team is working to simplify the way people work together. They’re building a family of products that handle over a billion files a day for people around the world. With our broad mission and massive scale, there are countless opportunities to make an impact.

Role Description

The Dropbox security team is responsible for securing data at a massive scale. Over half a billion users and 200,000 companies trust us to keep their private data safe. To be worthy of this trust, we have a well staffed security team of talented individuals. If you are looking to join a strong and growing team with interesting, high-impact and varied work, this is a good choice.

We are a multi-disciplinary team with a wide variety of skills and responsibilities. We do have separate security sub-teams but please apply to this umbrella description in all cases. We are looking to grow all of our security capabilities including:

  • Security Engineering: user facing features, backend systems, secure-by-default libraries and security tooling.
  • Security Testing: pentesting, red teaming and software security assessments.
  • Security Programs: security architecture, security consultancy and remediation.
  • Security Monitoring: logging, detection, alerting, response and investigation.

Responsibilities 

Successful candidates will likely have a mix of engineering and security experience and be strong in one or more security disciplines:

  • Linux, OSX or Windows systems security.
  • Network security.
  • Application security (web, desktop, mobile).
  • Creating and operating security tooling and scripting.
  • Security architecture and practical risk analysis.
  • Locating weak points and breaking into systems.
  • Anti-abuse analytics, tactics and technologies.
  • Building monitoring, detection and alerting capabilities.

Requirements

  • You have a B.S. or M.S. in Computer Science or a related field, or equivalent experience.
  • We are hiring for all experience levels: junior, senior and expert.
  • You are a team player who is considerate of others.
  • You are independent and comfortable working in a fast-paced environment.
  • You use excellent communication skills, on both technical and non-technical issues.
  • You have a desire to take Dropbox even further. If our large-scale projects resonate, we'd love to learn more about you and find out if we can work together.

Benefits and Perks

  • Unlimited Dropbox space for life
  • Market competitive total compensation package
  • 100% company paid individual medical, dental, & vision insurance coverage
  • 401K + company match
  • Wellness Reimbursement
  • Generous vacation policy
  • 10 company paid holidays
  • Volunteer time off 
  • Company sponsored tech talks (technology and other relevant professional topics)

Technical Program Manager, Privacy

Technical Program Manager, Privacy

at Google

Sunnyvale, CA

Google's projects, like our users, span the globe and require managers to keep the big picture in focus. As a Program Manager at Google, you lead complex, multi-disciplinary projects. You plan requirements with internal customers and usher projects through the entire project lifecycle. This includes managing project schedules, identifying risks and clearly communicating goals to project stakeholders. Your projects often span offices, time zones and hemispheres, and it's your job to keep all the players coordinated on the project's progress and deadlines.

As a Technical Program Manager, you will partner with Engineering and Product teams across the globe, working closely with Legal, Privacy and Management teams to evaluate Google’s products, services and infrastructure for privacy. Your experience in privacy, audit and compliance processes will be integral as you review projects through design, development and launch phases. You'll develop deep insights into the mechanics of how Google runs, working with other members of the team on impactful initiatives.

You will plan and execute technical delivery programs with cross-functional teams in various product areas. You'll dive in and learn Google's storage infrastructure and data protection technologies, and be able to translate technical issues into topics that can be discussed with functional leaders.

Behind everything our users see online is the architecture built by the Technical Infrastructure team to keep it running. From developing and maintaining our data centers to building the next generation of Google platforms, we make Google's product portfolio possible. We're proud to be our engineers' engineers and love voiding warranties by taking things apart so we can rebuild them. We're always on call to keep our networks up and running, ensuring our users have the best and fastest experience possible.

Responsibilities

  • Partner with acquired personnel to build privacy engineering principles into organizations without disruption to innovation.
  • Conduct product privacy vulnerability assessments and provide concrete feedback to mitigate challenges.
  • Assist in responding to inquiries from product and business groups across the company regarding privacy and security requirements applicable to their activities.
  • Ensure compliance with Google policies, laws and regulations relating to privacy and international data transfers.
  • Partner with business stakeholders to drive privacy engineering considerations.

Qualifications

Minimum qualifications:

  • BA/BS degree or equivalent practical experience.
  • 3 years of experience in Program/Project Management.
  • Experience in privacy, security, or compliance, and with privacy principles and relevant technologies.
  • Experience collaborating with Attorneys, Software Developers, and Program Managers.

Preferred qualifications:

  • Master's degree or PhD in Computer Science or related technical field.
  • Ability to conceive of and accept responsibility for projects and complete full life cycle, and capability to work as an individual contributor as part of a larger team.
  • Ability to lead through influence.
  • Background dealing with privacy-related issues.
  • Excellent problem-solving, consultation, organizational and project management skills, with the ability to deliver software product features.

Note: By applying to this position your application is automatically submitted to the following locations: Mountain View, CA, USA; San Francisco, CA, USA

Technical Program Manager, Security

Technical Program Manager, Security

at Google

Sunnyvale, CA

Google's projects, like our users, span the globe and require managers to keep the big picture in focus while being able to dive into the unique engineering challenges we face daily. As a Technical Program Manager at Google, you lead complex, multi-disciplinary engineering projects using your engineering expertise. You plan requirements with internal customers and usher projects through the entire project lifecycle. This includes managing project schedules, identifying risks and clearly communicating them to project stakeholders. You're equally at home explaining your team's analyses and recommendations to executives as you are discussing the technical trade-offs in product development with engineers.

As a Technical Program Manager in Google’s Security Team, you will be central to managing projects within the Security engineering team. Working with some of the best security engineers in the world, you’ll have a direct positive impact on security of Google’s data and infrastructure.

Success in this role will require sound judgment under pressure, a strong technical background, meticulous attention to detail and outstanding communication skills. You will coordinate between many stakeholders, set expectations for deliverables from many different teams, keep track of success of parallel efforts, identify key roadblocks and work with the team members involved to keep things moving. You will be the owner of a large security program and ultimately responsible for its success.

Behind everything our users see online is the architecture built by the Technical Infrastructure team to keep it running. From developing and maintaining our data centers to building the next generation of Google platforms, we make Google's product portfolio possible. We're proud to be our engineers' engineers and love voiding warranties by taking things apart so we can rebuild them. We're always on call to keep our networks up and running, ensuring our users have the best and fastest experience possible.

Responsibilities

  • Work extensively in continuing to push fundamental shifts towards more robust security models for the organization
  • Understand the end-to-end solution and implementation path in order to execute large security projects
  • Coordinate between different security teams, set clear expectations about responsibilities, communicate with stakeholders and measure success.
  • Partner with cross-functional engineering teams to provide technical direction and influence technical design.

Qualifications

Minimum qualifications:

  • BA/BS degree or equivalent practical experience.
  • 3 years of experience in program/project management.
  • Experience working with teams and other cross-functional stakeholders.
  • Experience in an Engineering or Technical role, delivering privacy and/or security solutions.

Preferred qualifications:

  • Bachelor's or advanced degree in Computer Science or related technical field.
  • Security experience, particularly in either system management, OS hardening, or network security concepts (segmentation, protocols used for layering security capabilities).
  • Understanding of attacker trends/pen testing/breach investigation experience.
  • Experience with Data Loss Prevention, Data Protection, Threat Modeling and/or experience with incident or emergency response.
  • Experience leading security risk mitigation, technical risk assessment, and integration projects, building key privacy and security engineering principles into non-standard infrastructure.
  • Familiarity with cryptographic concepts, especially in applied usage.

Note: By applying to this position your application is automatically submitted to the following locations: Mountain View, CA, USA; Kirkland, WA, USA

Security Engineer, Infrastructure Protection

Security Engineer, Infrastructure Protection

at Google

Sunnyvale, CA

There's no such thing as a "safe system" - only safer systems. Our Security team works to create and maintain the safest operating environment for Google's users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information. Security Engineers work hands-on with network equipment and actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities.

You use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues.

The Infrastructure Protection Security team is a global engineering team which helps Googlers design, build, and use infrastructure securely at scale. Security Engineers work on a broad set of efforts focusing on scaling and automating security infrastructure and processes. We contribute to open source security software, conduct applied research, and implement novel technologies and architecture to deal with enterprise security across a diversity of computing platforms such as mobile and cloud.

Examples include establishing and enforcing perimeters to protect all of Google’s environments, defending a diverse set of clients and servers in hostile environments, from common operating systems to emerging software and hardware platforms, and evolving authentication, access infrastructure, and policy to simplify user experience and keep Google safe.

At Google, our users come first, and the Systems Infrastructure team is at the heart of that promise. We build the technologies that transform the way we think about doing business. Whether working on our cloud systems, researching the latest in computer technology or keeping Google's internal systems humming, Googlers and users alike rely on us to keep things running. We're back-end experts: protecting your privacy and ensuring your security.

Responsibilities

  • Design infrastructure and drive its implementation to protect Google networks and systems.
  • Provide security expertise and guidance to a diverse set of Google engineering and business teams.
  • Conduct security reviews of core corporate and production infrastructure.
  • Drive enterprise focused security improvements to Google products and services.
  • Build security tools and processes using Python or Go for critical infrastructure protection, monitoring and remediation.

Qualifications

Minimum qualifications:

  • Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience.
  • 3 years of relevant work experience in security.
  • Coding experience in one or more general purpose languages.
  • Experience with attacks and mitigation methods, with experience working in two or more of the following: Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks.

Preferred qualifications:

  • Master's degree in Computer Science or related field.

Note: By applying to this position your application is automatically submitted to the following locations: Sunnyvale, CA, USA; Kirkland, WA, USA

Software Engineer, Security

Software Engineer, Security

at Google

Sunnyvale, CA

Google's software engineers develop the next-generation technologies that change how billions of users connect, explore, and interact with information and one another. Our products need to handle information at massive scale, and extend well beyond web search. We're looking for engineers who bring fresh ideas from all areas, including information retrieval, distributed computing, large-scale system design, networking and data storage, security, artificial intelligence, natural language processing, UI design and mobile; the list goes on and is growing every day. As a software engineer, you will work on a specific project critical to Google’s needs with opportunities to switch teams and projects as you and our fast-paced business grow and evolve. We need our engineers to be versatile, display leadership qualities and be enthusiastic to take on new problems across the full-stack as we continue to push technology forward.

You are a skilled software engineer who enjoys security and/or privacy work and is an expert in systems security, applications security, network security, data protection and infrastructure privacy, cryptography or automated malware analysis. You are a security and/or privacy researcher who thrives on addressing real world problems and likes to code.

In this role, you will focus on security or privacy for components of our systems, such as client devices, networking equipment and server infrastructure, with an emphasis on threats from all sources. You will be building large-scale systems to protect Google's users including, for example, hardening our core infrastructure, detecting intrusion attempts, or preventing malware across various platforms.

At Google, our users come first, and the Systems Infrastructure team is at the heart of that promise. We build the technologies that transform the way we think about doing business. Whether working on our cloud systems, researching the latest in computer technology or keeping Google's internal systems humming, Googlers and users alike rely on us to keep things running. We're back-end experts: protecting your privacy and ensuring your security.

Responsibilities

  • Design and apply advanced security techniques.
  • Develop advanced security and cryptographic systems.
  • Build large-scale detection systems.

Qualifications

Minimum qualifications:

  • BS degree in computer science or equivalent practical experience.
  • Experience with one or more general purpose programming languages including but not limited to: Java, C/C++, C#, Objective C, Python, JavaScript, or Go.
  • Experience in applications security, cryptography, network security, systems security or malware analysis.

Preferred qualifications:

  • MS or PhD degree in computer science.
  • 4 years of experience designing and implementing software systems in Java, C, C++ and/or Python, including experience designing security solutions for operating systems and distributed systems.

Note: By applying to this position your application is automatically submitted to the following locations: San Francisco, CA, USA; Kirkland, WA, USA; New York, NY, USA; Seattle, WA, USA; Sunnyvale, CA, USA; Mountain View, CA, USA

Senior Software Engineer, IAM

Senior Software Engineer, Identity and Access Management (IAM)

at Square

San Francisco, CA

Company Description

We believe everyone should be able to participate and thrive in the economy. So we’re building tools that make commerce easier and more accessible to all. We started with a little white credit card reader but haven’t stopped there. Our new reader helps our sellers accept chip cards and NFC payments, and our Cash app lets people pay each other back instantly. We’re empowering the independent electrician to send invoices, setting up the favorite food truck with a delivery option, helping the ice cream shop pay its employees, and giving the burgeoning coffee chain capital for a second, third, and fourth location. Let’s shorten the distance between having an idea and making a living from it. We’re here to help sellers of all sizes start, run, and grow their business—and helping them grow their business is good business for everyone.

At Square, security is paramount. The Identity and Access Management (IAM) team is part of Information Security (InfoSec); we write software that mediates access to internal services. As a team, we value correctness, safety, and efficiency. We're looking for a Software Engineer who shares our values.

As a Software Engineer on IAM, you will be responsible for designing, building, and owning the services and infrastructure that control access to internal services at Square.

Our team engineers solutions that enable our business to scale. As such we are building our internal authentication and authorization systems based on a zero-trust network model (commonly referred to as BeyondCorp). This requires building systems that allow us to reliably authenticate users and devices around the world. The services you build will protect Square’s most valuable assets.

You will:

  • Develop and maintain authentication and authorization services for Square.
  • Build great user experiences for internal web applications.
  • Work cross-functionally with many teams in multiple locations to ensure a secure production environment.
  • Participate in an on-call rotation for IAM services.

Qualifications

You have:

  • Experience developing web services and REST APIs
  • Familiarity with secure coding practices, and knowledge of how to harden web services against common pitfalls.
  • Interest in Information Security. Prior security experience not required, but a desire to learn is.

Even better:

  • Full-stack experience, especially knowledge of Linux/Unix security.
  • Experience with Ruby on Rails.
  • Familiarity with Beyond Corp concepts and/or implementations.

Technologies we use and teach:

  • Linux
  • Ruby, Rails, RSpec
  • MySQL
  • Javascript, jQuery
  • Bootstrap

Privacy Analyst – Independent Contractor

Privacy Analyst – Independent Contractor

at Aleada Consulting

Are you:

  • An experienced (1-3 years) compliance, risk management, legal, technology practitioner or a recent graduate with an interest in privacy and data protection
  • An excellent writer and communicator
  • A driven individual who pride themselves on service excellence, resourcefulness, and great project management skills
  • Passionate about privacy and data protection and want to learn more
  • Looking for flexibility and a career boost in the privacy and data protection field

The Role:

We are looking for a Privacy Analyst to join our growing team. We prefer Bay Area-based candidates, but this is not a requirement. Our successful candidate will:

  • Research answers to various global privacy issues (primarily regarding the General Data Protection Regulation and APAC)
  •  Build regulatory frameworks
  • Conduct gap assessments, PIA/DPIAs, and develop data inventories
  • Assist with client project management

We are also looking for individuals who values people, relationships, and a cooperative work culture. This is a part-time position, with full-time potential. Work will be completed remotely, with occasional in-person team and client meetings.

About Aleada Consulting:

We are a female and minority owned, boutique, privacy and data protection consulting firm.  Located in the Bay Area, we serve clients (from start-ups to Fortune 5 companies) around the globe.

As a young start-up, we pride ourselves on doing things differently. We understand law and technology, breaking down complex concepts into actionable business terms. We are efficient, skilled, and fun. We have outstanding clients and fascinating projects. Our services are diverse and constantly evolving. Every day, we help our clients to simplify and operationalize privacy and data protection so they can focus on their business. Join our team!