Staff Security Engineer

About the Role

At OpenPhone, we're seeking a seasoned Staff Security Engineer to spearhead our efforts in safeguarding our SaaS platform against evolving cybersecurity threats. In this pivotal role, you will be the frontline defender of our infrastructure, ensuring the integrity, confidentiality, and availability of our services. As a senior member of our engineering team, you will lead by example, devising robust security strategies, implementing best-in-class security practices, and fostering a culture of security awareness throughout the organization. You'll work closely with cross-functional teams to architect, design, and enforce security measures that not only protect our platform but also instill trust in our users.

Some of the things you’ll do:

• Lead the design and implementation of our comprehensive security architecture
• Manage external security vendors to conduct comprehensive security assessments and penetration testing, ensuring vulnerabilities are identified and remediation strategies are developed.
• Act as a bridge between vendors and internal teams to accurately communicate findings and oversee the effective implementation of recommended security measures.
• Conduct thorough security assessments and penetration testing to identify vulnerabilities and propose remediation strategies.
• Develop and maintain our incident response and disaster recovery plans, ensuring rapid recovery and continuity of operations in the event of a security breach.
• Work closely with the development teams to integrate security practices into the SDLC, including code review, threat modeling, and secure coding practices.
• Stay abreast of the latest security trends, threats, and technologies to continuously improve our security posture.
• Foster a culture of security awareness across the company through regular training sessions and communication.
• Manage security projects from conception to execution, including vendor assessments and the integration of third-party security tools and services.
• Collaborate with the IT department to establish and maintain a comprehensive security posture that spans across all technological domains of our organization.
• Collaborate with legal and compliance teams to ensure adherence to industry standards and regulations, such as HIPAA, ISO27001, GDPR, CCPA, and SOC 2.

About you:

• You have a strong background in cybersecurity, with 7+ years of experience in security engineering, preferably in a SaaS environment.
• You hold relevant certifications such as CISSP, CISM, CEH, or similar.
• You possess a deep understanding of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Experience with cloud security architectures and services, especially within AWS, Azure, or Google Cloud Platform.
• Proficient in scripting or programming languages (e.g., Python, Ruby, Java) and automation of security tasks.
• You are an excellent problem-solver with the ability to think strategically and execute tactically.
• Strong communication skills, with the ability to articulate complex security concepts to non-technical team members.
• A proactive, self-driven individual with a passion for learning and staying updated with the latest in cybersecurity.
• Experience with incident response management and a solid understanding of the legal and regulatory landscape affecting security.