Senior Security Engineer
San Francisco, CA /
We’re here to create a safer, happier and more mindful future for all with the help of data science, engineering, design, and mobile technology. We're starting by reinventing insurance, by rethinking the technologies that enable it to build a platform that rewards people for driving well — creating safer roads with fewer accidents in the process.
Backed by impressive funding, we're poised to re-engineer a trillion-dollar category, and that’s just the beginning. We’re using rich customer insights, advanced technology and data science to build our cloud-native InsurTech solution, and other things we haven’t even dreamt up yet. We're out to change behavior and promote mindful living at a societal level. But the key to us being successful in our mission isn’t just about nailing the technology—it’s about hiring the talented people who can help us make a quantifiable impact in the world. We’re growing our world-class team.
And that’s where you come in.
We’re looking for an accomplished and well-rounded security engineer with an impressive security background and a resume to back it all up. As a senior security engineer at BlueOwl, you will help us achieve a world-class engineering posture to protect critical assets for the company and its customers.
You are relied on by your teammates and coworkers as a technical contributor with a focus on achieving security by design throughout all stages of product development. Your primary goal is to protect BlueOwl’s customers, systems, and data from internal and external threats. You work collaboratively with other teams to identify and address security issues throughout our infrastructure and services. You help build efficient, scalable solutions for security tooling and services. You work to prevent potential security incidents, and respond quickly and thoroughly in the event an incident occurs. You act as an advocate for the Security team, evangelizing best practices around the company.
- You have a broad understanding of the modern cybersecurity landscape, with experience in multiple disciplines such as secure software development, network security, cloud security, and secure development frameworks.
- You have a passion for building secure, scalable, business-oriented solutions
- You have excellent customer service and communication skills, and are able to help product teams achieve security goals without compromising business needs
- You love to automate away manual interactions, and have a passion for helping enable developers to write secure code that works
- You take security and customer privacy seriously, and actively design and build for them from the earliest stages of a project. We love being a nimble startup, but we are in regulated industry and do not cut corners when it comes to data protection.
- Partner with product and feature teams to help them incorporate security by design
- Perform security code reviews and assist with incorporating security features into products and platforms
- Develop and deploy security tooling, policies, automations, and processes
- Help maintain and scale intrusion detection and incident response pipelines and tools
- Participate in incident response activities as an incident responder, a subject matter expert, and/or a liaison to product teams
- Evangelize security at all levels of the organization
Requirements & Qualifications:
- 5+ years of experience as a security engineer or similar role
- Familiar with the insurance industry or a similar highly-regulated industry
- Able to participate in a 24/7/365 on-call rotation
- Fluent in Python and/or Golang. Bonus points for familiarity with Kotlin, Swift, and other domain-specific languages
- Extensive understanding of modern security engineering concepts and security-by-design principles
- Deep understanding of one or more security frameworks (NIST, MITRE, etc) and how to incorporate them
- Experience automating interactions with third-party cloud services such as GSuite
- Familiar with risk assessment models, especially vendor and/or data-centric risk
- Able to produce high-quality operations documentation (runbooks, wiki pages, etc)
- Excellent customer service and communication skills
- Familiarity with common SIEM and logging platforms (e.g., Splunk, ELK, FireEye)
- Experience building zero-trust infrastructure
- Experience with network security, especially using technologies such as Cisco & Palo Alto Networks
- Experience with red team / penetration test processes & tools (incl. social engineering)
- Experience with vulnerability management processes & tools
- Experience with data loss/leakage prevention processes & tools
- Salary: We pay top-of-market salaries for most positions, factoring in experience, talent and location. We do not offer equity.
- Benefits: Medical, dental, vision, 401(k), wellness reimbursement, four weeks of PTO, six weeks of parental leave (12 weeks for parents who give birth), and great work-life balance.
- Location: May work from anywhere in the US, but will need to be actively available during the core business hours of 10:00am to 2:00pm PST, in addition to timezone appropriate 8 hour workdays.
- Post-COVID: For fully remote employees, travel to the employee’s home office (San Francisco or Providence) is required at least 2 weeks per quarter (8 weeks/year), or more if needed for an incident. Travel to other offices is expected roughly 2x yearly, and may, in extremely rare situations, be required for an incident.
BlueOwl, LLC is an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
If you are a San Francisco resident, please read the City and County of San Francisco's Fair Chance Ordinance notice. https://sfgov.org/olse/sites/default/files/FCO%20poster2020.pdf