Senior Security Engineer, Blue Team

Remote or NYC /
Engineering – Security /
Full-Time
We are looking for a talented security engineer with experience in a Blue Team role to help us fortify our defenses and protect the systems that enable hungry people to order their food quickly and securely.

We want people who are passionate about finding risks, analyzing the related data and collaborating on the right strategic risk mitigation measures. Reducing risk while enabling and supporting innovation.  

Reporting to the Chief Information Security Officer, the Senior Security Engineer will design and implement the security defenses that enable our systems to keep running while protecting the data of our clients and their customers.

What You'll Be Doing

    • Detect and defend against attacks by analysing security-related events and alerts, and leading incident response, remediation and mitigation activities
    • Provide stakeholders with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations.
    • Use experience and data gained during incident investigations to improve security posture
    • Provide management oversight for the identification, triage and response of events or incidents
    • Coordinate and track incident response activities with other teams and third parties. This includes remediations arising from Red Team tests and external penetration tests.
    • Perform non-event driven security reviews, including but not limited to patching, firewall rules, system configuration checks and vulnerability reports
    • Conduct Blue Team exercises and drills to evaluate and improve processes and technologies related to various controls including but not limited to threat detection, incident response, patching, remediation and user training.
    • Mature Blue Team exercises by leveraging recent breach reports, evolving threats and vulnerabilities
    • Execute Threat Hunts to proactively detect and mitigate advanced threats
    • Mature threat hunting through improved data analysis, additional data augmentation, creating custom toolsets and improving automation 
    • Maintain and optimize various security technologies. This includes ongoing optimizations and implementing new or replacement security technologies as needed and automating security activities where feasible.
    • Deep collaboration with IT, Infrastructure and Development teams where security ownership and responsibilities are shared.
    • Ensure security policies and standards are understood and complied with
    • Educate and influence employees on security and coach junior team members
    • Work with PCI and SOC auditors to provide evidence of compliance
    • Assist with third party software and provider due diligence
    • Contribute to security strategy, policies and standards
    • Proactively identify and implement improvements to our tools and processes
    • Participate in a 24/7 on call rotation as needed

What We'll Expect From You

    • Previous Blue Team, Security Operations or Security Engineering experience
    • Deep knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards
    • Proven experience developing and leading incident response, remediation and mitigation activities, and providing status updates and reports.
    • Adept at analyzing security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
    • Deep understanding of operating system, networking and application concepts 
    • Ability to harden Windows, MacOS and Linux and any underlying virtualization
    • Familiarity with AWS security best practices and Infrastructure-as-Code
    • Experience deploying, maintaining and administering security technologies including. (e.g. Anti-Malware, Intrusion Detection System (IDS), Data Leak Prevention (DLP), File Integrity Monitoring (FIM), Firewalls, Security Information and Event Monitoring (SIEM), Static Inspection, Multi Factor Authentication (MFA), Vulnerability Assessment, Web Proxies and Web Application Firewalls (WAF)
    • 5+ years of Information Technology experience with a focus on Security
    • Ability to work on-call, during critical incidents or to support coverage requirements
    • Strong English writing and verbal communication skills
    • Legal right to work in the U.S.

Nice to Have

    • PCI and/or SOC compliance experience 
    • CISSP, GCIH, CEH, OSCP, or similar certification
    • Scripting and/or development familiarity

What's Important to Olo

    • Our families come first. We know they make us who we are and they are who we live and work for every day. 
    • Olo is our extended family. We’re in this together, fighting for one another. We’re happy to be here. We will not let one another down. 
    • We learn from and fight through setbacks. We recognize and help one another with direct feedback. 
    • We care about you. We offer 20 days of paid time off, fully paid health, dental and vision care premiums, stock options, a generous parental leave plan.
    • We value diversity. At Olo, we know a diverse and inclusive team not only makes our products better, but our workplace better. Many groups are consistently underrepresented across the tech sector and we are fully committed to doing our part to move the needle. 
    • Learn more about our culture, values, and mission.  https://www.olo.com/images/culture.jpg.
COVID-19 Impact

Olo is committed to the well-being of candidates, employees and our community. The  Olo NYC Headquarters will be closed for the foreseeable future because of the global outbreak of COVID-19. While an in-person interview is typical for many roles at Olo, we will conduct interviews via video conferencing while our HQ is closed. Olo benefits from the fact that over half of our workforce is remote, therefore we are accustomed to conducting interviews via video conferencing and we anticipate no impact on our recruiting timelines. We encourage candidates to share any concerns or questions with Olo’s recruiting team.

About Olo

Olo powers digital ordering and delivery programs that connect restaurant brands to the on-demand world, placing orders directly into the restaurant through all order origination points – from a brand’s own website or app, third party marketplaces, social media platforms, smart speakers, and home assistants. Olo serves as the on-demand ordering and delivery platform for over 300 brands, such as Applebee’s, Checkers & Rally’s, Cheesecake Factory, Chili’s, Dairy Queen, Denny’s, Five Guys Burgers & Fries, Jamba Juice, Noodles & Company, Portillo’s Hot Dogs, Shake Shack, sweetgreen, Wingstop, and more. Learn more at www.olo.com.

Olo's headquarters is located on the 82nd floor of One World Trade Center.  We offer great benefits, such as 20 days of Paid Time Off, fully paid health, dental and vision care premiums, stock options, a generous parental leave plan, and perks like FitBits, rotating craft beers on tap in our kitchen, and food events featuring our clients' menu items (now you know why we give out FitBits!). Check out our culture map:https://www.olo.com/images/culture.jpg.

We encourage you to apply! 

Olo is an equal opportunity employer and diversity is highly valued at our company. All applicants receive consideration for employment. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, pregnancy, age, marital status, veteran status, or disability status.

If you like what you read, hear, and/or know about Olo, and want to be a part of our team, please do not hesitate to apply! We are excited to hear from you!