Senior Security Engineer - Striveworks

The Role

As a Senior Security Engineer at Striveworks you’ll be challenged—and trusted—on day one to be a core contributor to the direction of the company.

Striveworks is a cutting-edge software startup that provides companies with tools to build and support machine learning models at scale. Our team is composed of experts in machine learning, software development, and cloud as well as on-prem infrastructure. We are committed to helping both government and commercial organizations harness the power of AI.

We are seeking an experienced Senior Security Engineer to ensure we provide customers with best-in-class security protection. As a Security Engineer, you will be responsible for identifying and mitigating security risks, as well as implementing and maintaining security tools and processes.

What you’ll own and do:

• Identify vulnerabilities in our software product(s) using the following methods (not an exhaustive list):
• Black/Grey/White box penetration testing
• Vulnerability scanning
• Static/Dynamic Code Analysis
• Review pull-requests/merge-requests (as requested and/or time permitting)
• Submit tickets and automate tests for individual issues, and assist in prioritization
• Mitigate security risks in a variety of ways, including:
• Security evangelization, based on known threat profiles, industry best-practices, etc.
• Assisting developers with, for example, static code analysis hits by elaborating on the reason the code failed the test, along with suggestions on how to accomplish functionality goals without failing that test.  (PR/MR reviews and/or Pair programming)
• Targeted training
• Automated tests in the DevSecOps pipeline
• Automate the deployment, configuration, and maintenance of security tools, such as log aggregators, firewalls, intrusion detection systems, and security information and event management (SIEM) systems
• Develop and maintain security policies, procedures, and standards to ensure compliance with industry best practices and regulatory requirements
• Conduct Information Security training for employees and provide guidance on security best practices
• Configure and respond to security alerts and incidents.

The anticipated base pay range for this position is $140,000–$180,000/year. Striveworks’ total compensation package includes a competitive base salary, annual performance-based equity grants, and a lucrative yearly cash bonus.

This position offers a fully remote work environment, or you can work hybrid/onsite at our office in northwest Austin, TX.

The Right Fit

We spend a lot of time during our hiring process talking about shared values. 

Why? We passionately believe that fostering an environment where people can self-actualize and pursue greatness is the best way to achieve our individual and collective goals. 

What does this mean for you? We want to provide you with the conditions to thrive in an environment where you can achieve your goals, where you know the team shares your goals, and where you make and accept decisions for the team with humility. At Striveworks, we want your say/do ratio to be 1 and to know that being part of a top-tier team means that there is no smartest person in the room. If that makes sense, we’re already on the same page.

What we’re looking for:

• 6+ years relevant experience
• Extensive knowledge of software security tools and practices, such as vulnerability scanners, penetration testing, secure coding practices, encryption, and access control
• Strong understanding of web application security and cloud security
• Familiarity with industry standards and regulatory requirements, such as NIST SP 800-171, NIST SP 800-53, NIST RMF, ISO 27001, SOC 2, and GDPR
• Comfortable writing scripts and/or simple CLI applications in a scripting or programming language (Python, Go, JavaScript, Bash, etc.)
• Comfortable working  with Git on the command-line
• Familiarity with AWS technologies
• Relevant examples of tools and practices:
• Vulnerability scanners, such as Nessus or Qualys
• Penetration testing tools, such as Metasploit or Burp Suite
• Secure coding practices, such as OWASP Top 10 and SANS Top 25
• Encryption standards, such as AES or RSA, and their vulnerabilities
• Access control methodologies, such as role-based access control (RBAC) and attribute-based access control (ABAC)
• Web application security practices, such as input validation, output encoding, and session management
• Excellent communication and collaboration skills
• Driven, self-directed personality
• Strong sense of mission and commitment to making a difference
• Bachelor's or Master's degree in computer science, software engineering, or a related field

The Benefits

• Top-of-market salary and total compensation
• Generous equity plan
• Health/vision/dental insurance
• Flexible PTO
• Parental leave

Striveworks: Better Models, Faster

The world has looked to data analytics to bridge the gap between floods of data and the struggle to use that data effectively to make timely, impactful decisions. Today, most organizations are awash in analytics that “aren’t quite right”—models that were developed too generally or too slowly to be effective in dynamic, fast-paced environments. Striveworks is simplifying ModelOps with a powerful and extensible platform that instantiates the data analytic process as code. 

Striveworks is trusted by leading Fortune 500 firms as well as leaders in the public sector as a primary solution for managing model development, monitoring, and governance—and for ensuring those models solve the real challenges their organizations face.

Striveworks’ Chariot platform enables users to turn their own production data into models and turn models into production systems. Uniquely, as you train, test, deploy, and use models, our lineage system enables you to track not only the “upstream” provenance of model and data sources but also the “downstream” usage of the resultant model inferences. Combining this with a principled experience for data and model development, Chariot gives our customers in highly regulated industries an unmatched governance solution over the top of a performant ModelOps platform. 

Striveworks is an Equal Opportunity Employer and does not discriminate in employment on the basis of race, color, religion, belief, sex (including pregnancy and gender identity or expression), national origin, social or ethnic origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factors. Striveworks will not tolerate discrimination or harassment of any kind.

If you require assistance or a reasonable accommodation in the application process, please contact Operations at hr@striveworks.us

Striveworks is a participating employer in the E-Verify program.