Engineering – Infrastructure
We’re looking for an eager, thoughtful Security Analyst to join our Engineering team. You will manage and conduct operational tasks within Information Security, working closely with Engineering, Product, and Legal teams. You will be responsible for Button’s vendor security management process, responding to external vendor assessments, and managing our external bug bounty program.
AS A SECURITY ANALYST YOU WLL:
- Manage all of Button’s partner-requested security reviews. We are privileged to work with a lot of large, exciting, and innovative companies — you’ll be a major part of unlocking our next big opportunities.
- Launch and Manage Button’s external bug bounty program. You will triage the work of external researchers, and work with internal product teams to resolve issues according to your assessment of severities.
- Work with IT to manage Button’s external vendor assessment process. You’ll help keep the simple requests simple, and ensure the proper safeguards are in place when we add new tools to our toolbelt.
- Review and recommend investment in internal controls, tools, and risk-management systems. You’ll take ownership and evolve Button’s internal risk assessment systems, leveraging your perspective from your other responsibilities.
- Work closely with Engineering, Legal, and IT on special projects related to security and compliance. You should be excited to take on“generalist” responsibilities where it’s up to you to create some structure.
- Contribute to internal education on security, risk, and compliance. While not required by the role, it’s a plus if you’re excited to do more internal speaking and writing.
AS A SECURITY ANALYST YOU HAVE:
- At least 1 year professional experience as an analyst in Information Security, Risk, Fraud Prevention or equivalent training.
- Excellent written and verbal communication skills. You will need to work equally well with highly technical partners, as well as folks less familiar with security and risk.
- Familiarity and experience with ticketing systems and queues. You’ll be responsible for triaging and routing incoming reports of varying quality and severity.
- Broad technical and information security understanding. You’re able to understand and talk about a wide variety of potential subjects within information security, and apply them to Button. You can effectively triage the severity of incoming reports across frontend, backend, and mobile products.
- Familiarity and experience with IDS and vulnerability scanning tools.
- Automation/scripting experience, or an interest growing more into that space.
WHO YOU WILL WORK WITH:
- Daniel McGrath, Director of Application Engineering: With a background in full-stack engineering, Daniel has spent over a decade building startups in NYC. He enjoys long bike rides, burritos, and going to concerts.
- Rich Kohlbrecher, IT Manager: Is keeping all the lights blinking and arming everyone with the tools they need to do their best work. Outside the office he can be found traveling up and down the North East, picking locks, or keeping a stool warm at Shopsin's.
- Mike Wakerly, CTO: Mikey is Button’s Hawaiian shirt enthusiast and Chief Technology Officer. A former Googler and a San Francisco transplant, he loves mountain biking, tinkering on electronics, and any excuse to take a road trip.
- Jonathan Kraft, Associate Counsel: Jonathan oversees Button’s legal affairs. Previously, Jonathan built out and managed the legal functions of the portfolio companies of a publicly-traded corporation as well as overseeing the parent’s corporate and public company reporting functions. Jonathan is most often found either running around New York City or running to lunch.
Button is committed to being a welcoming and inclusive workplace for everyone, and we are intentional about making sure people feel respected, supported and connected at work—regardless of who you are or where you come from. We value and celebrate our differences and we believe being open about who we are allows us to do the best work of our lives.
Button is an Equal Opportunity Employer. We do not discriminate against qualified applicants or employees on the basis of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by federal, state, or local law, rule, or regulation.