Lead Security Engineer
San Francisco, CA
PlanGrid is used on thousands of projects (including hospitals, government buildings, utility plants etc), and we must do everything in our power to keep our 40M+ blueprints secure for our customers. As a Lead Security Engineer, you will be responsible for providing thought leadership with respect to all aspects of security architecture and security engineering, including security operations and monitoring, network security, identity & access management, system hardening, and vulnerability management of cloud services and underlying infrastructure. You will work with development teams to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges. The Security Engineer will lead security reviews of all projects while setting standards and defining best practices for the R&D organization.
What You'll Do
- Manage our regular penetration tests and present critical security issues and paths to resolution to the executive team
- Work with the engineering managers and product owners to drive remediations
- Develop and influence the adoption of a cloud infrastructure security strategy through effective technical & thought leadership
- Secure the PlanGrid application, infrastructure and data by understanding threat technologies and tools to protect against known, emerging and zero-day threats
- Play a lead role in developing and designing application-level security controls and standards for our SaaS rollouts
- Provide solution architectures, engineering standards, and implementation guidance to internal cloud architecture & engineering teams in the design and implementation of cloud services
- Perform code review and drive remediation of discovered issues
- Participation in security compliance efforts (e.g., ISO 2700X, PCI)
- Enable automated security testing at scale to measure vulnerability and report on risk across all the web and mobile platforms
- Lead and manage our bug bounty program
- Manage effectively at all levels of the R&D organization and with business partners, where needed, to ensure that new or existing cyber security controls are implemented in a way that enables the business while providing adequate protections
- Maintain knowledge of security and privacy laws, industry best practices, changes in technology, and advise on the impact for PlanGrid.
What You've Done
- Extensive hands-on experience with AWS and other public cloud infrastructure
- Expertise in cloud security concepts, legal and compliance concerns around data storage locations, detection, prevention, and monitoring tactics, threat intelligence, data protection, encryption, and other security domainsExperience with highly distributed applications, including global load balancing and caching techniques
- Experience or working knowledge of modern development, test and deployment models
- Demonstrated expertise in a broad array of systems and network security technical controls and processes (e.g., identity & access management, system hardening, network segmentation, data loss prevention, federated identity management, incident response, intrusion prevention, DDOS mitigation, threat intelligence, etc.).
- Highly effective communication skills, in both verbal and written form, to effectively convey technical and non-technical concepts to a wide variety of audiences.
- 6-8 years of experience in infrastructure management with a focus on architecture or an equivalent combination of education and work experience
- Sound understanding of business and organizational strategies and processes
- Ability to interpret internal and external business challenges and recommend best practices
- Ability to lead complex projects
- Sophisticated analytical skills and the ability to solve complex technical and business problems
- Ability to influence others at senior levels and across the organization to adopt a new perspective.
PlanGrid solves a major problem for a 7,000 year old industry. Construction data is shackled in legacy, paper blueprints that are clunky, heavy to carry, and result in enormous rework costs totaling $9 billion per year for the industry due to working from outdated plans.
PlanGrid was built by builders, for builders. We’re spearheading the industry’s transformation to the cloud and digitization by arming construction workers with the best productivity tools. Contractors, owners, designers, and architects worldwide maximize PlanGrid to finish their projects on time and under budget. PlanGrid currently stores over 50 million blueprints, making us the largest digital blueprint repository in the world. We emerged from Y Combinator in 2012, and have secured over $62 million in funding from world-renowned organizations and individuals including Sequoia, Founders Fund, GV, 500 Startups, Box, Northgate, Spectrum 28, and Tenaya Capital.
- Located in San Francisco’s Mission District just one block from BART, among local shops, bars, and restaurants
- Flexible vacation
- Dog-friendly office
- Clipper Cards (for public transportation) funded by PlanGrid
- Construction site tours of the biggest projects in San Francisco using PlanGrid
- Volunteer time off: We encourage employees to give back to our local communities. We organize volunteer days and have worked with organizations such as Glide, SF/Marin Food Bank, Muttville, Family Dog Rescue, and Bryant Elementary School (as part of PlanGrid’s commitment with Circle the Schools).
- Catered lunches
- Premium medical, dental, and vision coverage for full-time employees and their dependents
- Office is wheelchair accessible