Senior Security Engineer (remote)

Bellevue, WA /
Technology – Security /
Full-time
About Us:
Right now, even though STEM skills are increasingly important, over 60% of students in Kindergarten through 8th grade are not proficient in math at their own grade-level. The pandemic has increased the opportunity gap for our most vulnerable students. As a society, we need to bring together our best, most creative minds to tackle this critical problem and ensure all kids are successful in math and school and have the tools they need to reach their potential. This includes developing the most innovative learning technology using advanced data science in a way that inspires students and empowers teachers. Come help us make a difference at DreamBox Learning.
 
We’re passionate about our mission to radically transform the way the world learns. Today, our Intelligent Adaptive Learning platform – with its rigorous math curriculum and game-based environment – is helping 5 million kids and over 150,000 educators improve math achievement and build a love of math at the same time. In the wake of COVID-19, and the broad range of learning experiences: in-person, all virtual and hybrid models, we are uniquely positioned to bring our best-in-class adaptive learning platform to more students and provide Educators and Parents with insights into their student’s learning.

About the Role:
DreamBox is currently seeking a Senior Security Engineer to advance our security program within the Technology Group and across the entire company.  This role requires an individual who is comfortable being responsible for all elements within a successful security program: from overall security policy and longer-term strategy, to implementing tools and delivering training. DreamBox makes a promise our customers: we will protect your sensitive information. The ideal candidate for this position will be able to bring together people, policy and tools to help us continue to meet that promise with confidence.
 
As a Senior Security Engineer, you will continuously review our security posture, analyze our systems, and voraciously consume security guidance from experts, vendors, security tools and government regulators. You’ll bring together those sources and add your own insights to keep DreamBox several steps ahead of bad actors. You’ll add energy and range to our security awareness program, fighting those most feared opponents of the security team: apathy, ignorance, and inertia. Throughout all of this, you’ll ensure that we maintain the rigor and precision that turns good security planning into actual security.
 
We need you to provide the kind of mental agility that lets us see things from the other side, and occasionally to see around corners. How does our outward-facing security look to an attacker? How does our logging and monitoring look to an auditor? How can we keep security measures from irritating our customers? Is our authentication process too cumbersome for internal users? Do developers have the right training and documentation to follow the guidelines we’ve set? Is our privacy policy clear to everyone? Can you foresee implications from pending regulations? Are there new threats or patterns in the news that should be part of our planning? Does the odd traffic in the logs yesterday mean we’re under attack? Or did someone’s DNS server just have a glitch? If you have the background and brain power to field those kinds of questions, we’d like to talk to you.

NOTE: This position may require more detailed or frequent background checks than other positions.

What You’ll be Doing:

    • Identify and define requirements for security plans and policies, then create those policies and communicate them throughout the company.
    • Develop technical solutions to automate security testing and audit tasks.
    • Develop strategies to respond to and recover from a security breach. Run periodic tests to evaluate and improve those response strategies.
    • Lead incident response, including steps to minimize impact and then conducting technical and forensic investigations into how the breach happened and the extent of the damage.
    • Configure and troubleshoot security infrastructure devices.
    • Stay up to date with latest security technology and trends.
    • Perform regular audits and provide reports.

Performance Metrics:

    • Ensure that DreamBox completes all scheduled reviews and audits throughout the year.
    • Successfully prepare for and support periodic, scheduled 3rd-party testing, including penetration testing and ISO Audits.
    • Support and occasionally embed with IT and SRE teams to ensure security concerns, including testing and automation, are built into deployment pipelines and support patterns.
    • For all security issues or potential breaches, ensure DreamBox responds within expected response times, completes all response steps required by policy, law or contract, and effectively captures and executes items from Root Cause Analysis that would reduce likelihood, duration or impact of future issues.
    • Produce and maintain a security roadmap: projects and improvements that will have planning and budget impact. Communicate that roadmap to management and planners across the company.

About You:

    • 4 years or more of experience in an information security role.
    • 1 year or more in a development role, particularly java.
    • Experience designing secure networks, systems and application architectures.
    • Experience planning, researching and developing security policies, standards and procedures.
    • Broad and detailed experience with computer forensic tools, technologies and methods, including anti-virus software, intrusion detection, firewalls and content filtering.
    • Test Automation design, configuration and operation.
    • Configuration automation (particularly Terraform).
    • Preference to candidates with CISSP, ISSEP, Certified Ethical Hacker (CEH) or similar.
    • Outstanding interpersonal and communication skills.
    • Robust problem-solving skills.
    • Knowledge of potential attack vectors such as XSS, injection, hijacking, social engineering, etc
    • Direct experience preparing for and completing an ISO 27001 audit or similar.

Competencies:

    • Intermediate-level expertise with risk assessment methodology and risk analysis preparation.
    • Intermediate-level AWS Cloud configuration, particularly monitoring and security components.
    • Intermediate-level setup and configuration of vulnerability detection software, particularly Lacework.
    • Intermediate-level expertise with Git and hosted Git implementations, particularly BitBucket.
    • Fluency in US compliance issues, particularly FERPA and CCPA.
    • #LI-remote
At DreamBox, we are hooked on celebrating diversity & providing an inclusive workplace and it shows throughout our product, brand, and teams. We are proud to be an equal opportunity employer. Thanks for considering DreamBox Learning!