Director, Security Engineering

San Francisco /
Engineering – SF Engineering /
Oxygen is looking for a hands-on Security Engineering leader to establish and develop our security engineering function. You will be responsible for all aspects of security to keep our employees and infrastructure protected against threats. Ideal candidates have led security efforts in early-stage companies in the past. You will have a broad mandate and will be expected to drive change and be an evangelist of security throughout the company. This means working at all levels of system building: network, infrastructure, application, phishing, compliance, and everything in between.

Who you are:

    • 8+ years of experience in a similar role.
    • Solid understanding of threat modeling, web security vulnerabilities, as well as their mitigation.
    • Strong track record of launching and delivering projects of significant complexity and high level of ambiguity.
    • Experience designing and building highly available, large-scale distributed systems.
    • Strong understanding of core internet technologies (e.g. TCP/IP, UDP, Load Balancing, Auto Scaling etc).
    • Expert understanding of system, network, infrastructure and security concepts.
    • Experience securing SaaS, PaaS, and IaaS cloud environments.
    • Familiar with Javascript, Node, Python, Linux, and AWS — or comparable technologies — and are able to think through the security implications of systems built using them.
    • Expert level of knowledge of network security monitoring (NSM) techniques.
    • Prior Fintech experience preferred.

What you will do:

    • Own and drive Oxygen’s security roadmap. Propose, design, build, and deploy security improvements across all aspects of Oxygen’s infrastructure and product surface.
    • Partner with other teams at Oxygen to constantly improve our defensive model.
    • Manage our bug bounty program.
    • Perform security assessments on web applications, mobile clients, and architectural designs.
    • Implement and maintain intrusion detection, continuous security monitoring and risk assessment for our cloud infrastructure.
    • Create and maintain secure development practices.
    • Communicate security risks to stakeholders and engineers.
    • Identify opportunities for implementing additional technology controls to build more visibility or defend key points of attack.
    • Develop and maintain our security compliance and certification programs. 
    • Work with our third party vendors and auditors on pen test, security report and compliance projects. 

What we offer:

    • Competitive salary based on experience.
    • Equity from an early stage startup.
    • Medical, Dental, Vision benefits.
    • Free snacks, Lunch stipend (unfortunately not now during COVID SIP).
    • PTOs and sick days.
    • Awesome opportunities to grow yourself in different ways.