Security Engineer Architect

In this role, you can expect to:

• Ensure that stakeholder security requirements necessary to protect the organization's mission and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes.
• Be technical. You will dive into the details of issues, identify gaps in solutions, debate technical approaches, weigh technology tradeoffs, perform analysis, and build software. You will be expected to gain a technical understanding of the Fetch Rewards app, our internal systems, and our software development lifecycle.
• Execute initiatives. You will lead and drive elements of the company’s security strategy, including the development or revision and execution of applicable policies, procedures, and employee training programs to support that strategy according to industry best practices.
• Take responsibility. You will be responsible for coordinating incident response and managing post-incident actions for information security events.
• Effectively communicate with external and internal stakeholders on information security topics ranging from audit results, responding to information security questionnaires, information security policies and procedures, and adherence to industry best practices and recommendations as a result of risk analysis. You will clearly articulate risks, business impacts, and technical constraints tailored to the audience (i.e., from engineers to executives).
• Collaborate. You will partner across multiple internal teams help stakeholders meet their goals in a secure way and help identify mitigating controls.
• Balance priorities. You will triage multiple initiatives, make judgment calls, and tackle the right problems at the right time.
• Get your hands on problems and learn.

You are a good fit if you:

• 7+ years experience in system engineering, network engineering, cybersecurity, information security, or Unix/Linux administration
• 3+ years experience with Cloud infrastructure and tooling (preference for AWS experience)
• Bachelors in Computer Science or equivalent experience
• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple data classification levels
• Document and address the organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle
• Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization's cybersecurity architecture guidelines
• Perform security reviews, identify gaps in security architecture, and develop security risk management/mitigation plans
• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment (T0268)
• Evaluate security architectures and designs to determine the adequacy of security design and architecture. Collaborate with DevOps teams and developers to develop or implement solutions
• Experience in DevSecOps and working with developers to advance the goals of an information security program
• Experience in obtaining PCI DSS and SOC 2 certifications
• Have a risk-driven mindset that can balance the needs for speed, creativity, and safety
• Effectively identify needs, design solutions, establish plans, and execute them
• Possess technical foundations in identity and access management, cloud infrastructure security, and security in general
• Exceptional understanding of computer networking, network security, internet protocols, TLS/SSL, encryption standards, firewalls, monitoring, distributed applications, and data processing systems

You have an edge if you:

• Developed and delivered security initiatives, such as building authentication/authorization systems, implementing vulnerability management solutions, obtaining PCI DSS or SOC 2 certification, etc. This includes defining scope, driving consensus on the technical design, building project plans, proactively identifying and managing risks, and getting the job done.
• Have expertise in data privacy, security compliance, and distributed systems security.
• Possesses experience in the operations of highly available and scalable internet systems with large customer bases.
• Demonstrate the ability to deliver on initiatives in a matrix-style, geographically distributed, and fast-paced startup environment.
• CISSP, CISM or CCSP certifications.
• Masters in Computer Science or equivalent experience.

At Fetch, we'll give you the tools to feel healthy, happy, and secure through:

• Stock Options for everyone
• 401k Match: Dollar-for-dollar match up to 4%.
• Benefits for humans and pets: We offer comprehensive medical, dental, and vision plans for everyone including your pets.
• Continuing Education: Fetch provides ten thousand per year in education reimbursement.
• Employee Resource Groups: Take part in employee-led groups that are centered around fostering a diverse and inclusive workplace through events, dialogue, and advocacy. The ERGs participate in our Inclusion Council with members of executive leadership.
• Paid Time Off: On top of our flexible PTO, Fetch observes 9 paid holidays, including Juneteenth and Indigenous People’s Day, as well as our year-end week-long break. 
• Robust Leave Policies: 18 weeks of paid parental leave for primary caregivers, 12 weeks for secondary caregivers, and a flexible return to work schedule. 
• Hybrid Work Environment: Collaborate with your team in one of our stunning offices in Madison, Birmingham, or Chicago. We’ll ensure you are equally equipped with the hardware and software you need to get your job done in the comfort of your home.