Security Engineer

About the Role

We are looking for a qualified and high-energy Security Engineer to design, implement, and maintain security measures to protect our organization's data and systems. You’ll partner with engineering teams to identify vulnerabilities, respond to security threats, monitor systems/networks for suspicious activity, and help with the development of security policies and procedures to mitigate cyber risks; joining a cross-functional team that acts as the primary defenders against cyberattacks by ensuring the confidentiality, integrity, and availability of Houzz’s information systems.

What You’ll Do

• Design, implement, and maintain automation for security controls on cloud IaaS
• Perform Security risk assessments for software vendors and applications, including cloud and virtual environments
• Penetration testing & vulnerability research
• Manage SIEM tuning and dashboards to effectively identify potential security events, minimize noise, and facilitate investigations
• Threat modeling
• Security training and outreach to internal development teams
• Security guidance documentation
• Participate in security incident response and on-call, including some forensics activities as needed.

At a Minimum, We'd Like You to Have

• BA/BS in Computer Science  or IT/Cybersecurity related speciality
• Keen problem solving skills
• 3+ years of experience in infrastructure and/or application security with any combination of the following: threat modeling experience, pen testing, red team/blue team, secure design reviews, code reviews, DevSecOps, automation / scripting.
• Expertise in multiple security domains such as identity management and authentication, SIEM/SOAR,  CSPM, cryptography, networking, VPN/Zero trust, web protocols

Ideally, You'll Also Have

• Knowledge of one or more mainstream programming languages (Python, PHP,  Java, Nodejs, Shell)
• Experience with AWS products and services
• Security certifications (SSCP, CISSP, PenTest+, Security+)
• AWS Security certification