Senior Security Engineer

Position Overview:

We seek a highly skilled and experienced Senior Security Engineer to join our team. The ideal candidate will have a strong cybersecurity background with practical experience designing and implementing security solutions to protect an organization's systems and data. The Senior Security Engineer will be critical in maturing and maintaining our cybersecurity program, ensuring our systems are secure against potential threats.

In this role, you can expect to:

• Design, implement, and maintain security solutions to protect the organization's systems and data.
• Conduct and participate in regular security assessments and audits to identify vulnerabilities and recommend solutions.
• Collaborate with cross-functional teams to integrate security best practices into the organization's infrastructure and applications.
• Develop and maintain security policies, procedures, and guidelines
• Provide technical guidance and support to engineers and other team members
• Stay up-to-date on the latest cybersecurity trends and technologies
• Be technical. You will dive into the details of issues, identify gaps in solutions, debate technical approaches, weigh technology tradeoffs, perform analysis, and build software. You will be expected to gain a technical understanding of the Fetch Rewards app, our internal systems, and our software development lifecycle.
• Execute initiatives. You will lead and drive elements of the company’s security strategy, including developing or revising and executing applicable policies, procedures, and employee training programs to support that strategy according to industry best practices.
• Take responsibility. You will help coordinate incident response and manage post-incident actions for information security events.
• Collaborate. You will partner across multiple internal teams to help stakeholders meet their goals securely and/or identify mitigating controls.
• Balance priorities. You will triage multiple initiatives and make judgment calls.

You are a good fit if you:

• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple data classification levels.
• Document and address the organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.
• Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization's cybersecurity architecture guidelines.
• Perform security reviews, identify security gaps, and develop security risk management/mitigation plans.
• Define the implementation of new systems or new interfaces between systems impacting the security posture of the current environment.
• Evaluate security designs to determine the adequacy of security design and architecture. Collaborate with DevOps teams and developers to develop or implement solutions.
• Experience in DevSecOps and working with developers to advance the goals of an information security program.
• Have a risk-driven mindset that can balance the needs for speed, creativity, and safety.
• Effectively identify needs, design solutions, establish plans, and execute them.
• Possess technical foundations in identity and access management, cloud infrastructure security, and security in general.
• Exceptional understanding of computer networking, network security, internet protocols, TLS/SSL, encryption standards, firewalls, monitoring, distributed applications, and data processing systems.
• 3+ years experience in cybersecurity or information security
• 2+ years experience with Cloud infrastructure and tooling (preference for AWS experience)
• Bachelor in Computer Science or equivalent experience.

You have an edge if you:

• Developed and delivered security initiatives, such as building authentication and authorization systems, implementing vulnerability management solutions, obtaining PCI DSS or SOC 2 certification, etc. This includes defining scope, driving consensus on the technical design, building project plans, proactively identifying and managing risks, and getting the job done.
• Have expertise in data privacy, security compliance, and distributed systems security.
• Possesses experience in highly available and scalable internet systems with large customer bases.
• Demonstrate the ability to deliver on initiatives in a matrix-style, geographically distributed, fast-paced startup environment.
• CISSP, CISM, or CCSP certifications.
• Masters in Computer Science or equivalent experience.

At Fetch, we'll give you the tools to feel healthy, happy and secure through:

• Equity for everyone
• 401k Match: Dollar-for-dollar match up to 4%.
• Benefits for humans and pets: We offer comprehensive medical, dental and vision plans for everyone including your pets.
• Continuing Education: Fetch provides ten Thousand per year in education reimbursement.
• Employee Resource Groups: Take part in employee-led groups that are centered around fostering a diverse and inclusive workplace through events, dialogue and advocacy. The ERGs participate in our Inclusion Council with members of executive leadership.
• Paid Time Off: On top of our flexible PTO, Fetch observes 9 paid holidays, including Juneteenth and Indigenous People’s Day, as well as our year-end week-long break. 
• Robust Leave Policies: 20 weeks of paid parental leave for primary caregivers, 14 weeks for secondary caregivers, and a flexible return to work schedule. $2000 baby bonus. 
• Hybrid Work Environment: Collaborate with your team in one of our stunning offices in Madison, Birmingham, or Chicago. We’ll ensure you are equally equipped with the hardware and software you need to get your job done in the comfort of your home.