San Francisco, CA
IT & Security
Sequoia’s Information Technology (IT) department is seeking an experienced Security Specialist with deep technical expertise to strengthen the company’s security posture and develop cutting edge processes and technology for protecting Sequoia’s information assets. The successful candidate will be based out of the San Francisco office and will be responsible for conceptualizing, planning, implementing and operationalizing IT Security services and technologies for Sequoia globally.
What You Get To Do
- Use your deep technical expertise to test and probe all company networks, applications, systems and technologies and prioritize and fix vulnerabilities.
- Support security events analysis, correlation and response.
- Support the Threat and Vulnerability Management (TVM) program and the remediation of vulnerabilities for web, mobile applications and infrastructure.
- Stay updated on security trends and understand emerging threats and their impact to Sequoia.
- Stay abreast of AWS services and security solutions and with other technologies and security tools
- Bachelor’s degree with at least 5 years of relevant technical experience and at least one relevant certification (e.g., CISSP, CISA, CISM, CEH, GPEN, GXPN, GWAPT, GMOB, GCIH, OSCP, CEPT).
- Knowledge of security principles and standards (ISO 27001/2, NIST 800-53), regulatory compliance (SSAE 16 SOC 2, HIPAA, HITRUST), technical architectures, control processes and assurance practices for security.
- Strong structural (standards, processes, procedures) and organizational skills and the ability to develop and manage project plans.
- Comfortable with systems operations and maintenance in an MS Windows environment (Active Directory, Office365), Unix/Linux/Ubuntu and with AWS AMIs.
- Strong AWS security suite expertise including DevOps experience in AWS (system hardening, automation, orchestration).
- Deep expertise with Kali Linux, Metasploit Framework, Burp Suite, AppScan, WebInspect, static code scanners (Veracode, Fortify, SonarQube), Android Studio, qark, MobSF, Frida, Objection, ios-deploy, applesign, Charles Proxy, Pip3line, SublimeText.
- Strong familiarity and experience with OWASP Top 10 and CWE/SANS Top 25.
- Good to have Red-Blue team testing experience and experience implementing bug bounty programs.
- Pen testing methodology, reverse engineering, vulnerability research and exploit development.
- Digital forensics tools knowledge, debuggers, web proxies, web app scanners, network scanners and tools such as Nessus and nmap.
- Experience with security incident response and technical forensic investigations, assessing security for cloud-based (SaaS) solutions/vendors and with authentication (SAML, SSO, Okta) and access control operations.
- Working knowledge of Internet firewalls, WAF, LAN, WAN, TCP/IP and VPN environments.
- Ability to clearly write reports and explain findings and remediation.
- Demonstrate interest and ability to learn and grow.
- Must possess excellent interpersonal skills and the ability to build productive relationships to deliver results through influence and collaboration.
- Must be comfortable in a fast-paced, demanding and dynamic work environment.
Sequoia’s Culture – Our most important asset:
• Passion for service
• Growth oriented
• Caring for others
• Focused on relationship building
Compensation & Benefits
Sequoia provides competitive compensation including base salary, performance based bonus programs, and comprehensive benefits package including 401(k) matching.