Staff Security Engineer

For millions of teams working in dozens of industries, day-to-day business gets done on the phone. So why — despite the huge leaps we've taken in design and usability — does most business phone software still look, feel, and act like it was born in the 90s? OpenPhone is changing that.

We’re a new type of business phone with a mission to help people communicate better and be more productive.

We’re backed by Y Combinator and some of the best venture firms around including Tiger Global, Craft Ventures, Slow Ventures, and others. We take pride in providing an exceptional customer experience and a product people love, which is why we’re excited that our customers have rated us the #1 VoIP Provider on G2.

OpenPhone is the modern, sophisticated answer to the clunky, outdated phone systems that have been slowing down businesses for years. With thousands happy customers and several rounds of funding in just five years, it's safe to say we're onto something big.

About the Role

At OpenPhone, we're seeking a seasoned Staff Security Engineer to spearhead our efforts in safeguarding our SaaS platform against evolving cybersecurity threats. In this pivotal role, you will be the frontline defender of our infrastructure, ensuring the integrity, confidentiality, and availability of our services. As a senior member of our engineering team, you will lead by example, devising robust security strategies, implementing best-in-class security practices, and fostering a culture of security awareness throughout the organization. You'll work closely with cross-functional teams to architect, design, and enforce security measures that not only protect our platform but also instill trust in our users.

Some of the things you’ll do:

• Lead the design and implementation of our comprehensive security architecture
• Manage external security vendors to conduct comprehensive security assessments and penetration testing, ensuring vulnerabilities are identified and remediation strategies are developed.
• Act as a bridge between vendors and internal teams to accurately communicate findings and oversee the effective implementation of recommended security measures.
• Conduct thorough security assessments and penetration testing to identify vulnerabilities and propose remediation strategies.
• Develop and maintain our incident response and disaster recovery plans, ensuring rapid recovery and continuity of operations in the event of a security breach.
• Work closely with the development teams to integrate security practices into the SDLC, including code review, threat modeling, and secure coding practices.
• Stay abreast of the latest security trends, threats, and technologies to continuously improve our security posture.
• Foster a culture of security awareness across the company through regular training sessions and communication.
• Manage security projects from conception to execution, including vendor assessments and the integration of third-party security tools and services.
• Collaborate with the IT department to establish and maintain a comprehensive security posture that spans across all technological domains of our organization.
• Collaborate with legal and compliance teams to ensure adherence to industry standards and regulations, such as HIPAA, ISO27001, GDPR, CCPA, and SOC 2.

About you:

• You have a strong background in cybersecurity, with 7+ years of experience in security engineering, preferably in a SaaS environment.
• You hold relevant certifications such as CISSP, CISM, CEH, or similar.
• You possess a deep understanding of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Experience with cloud security architectures and services, especially within AWS, Azure, or Google Cloud Platform.
• Proficient in scripting or programming languages (e.g., Python, Ruby, Java) and automation of security tasks.
• You are an excellent problem-solver with the ability to think strategically and execute tactically.
• Strong communication skills, with the ability to articulate complex security concepts to non-technical team members.
• A proactive, self-driven individual with a passion for learning and staying updated with the latest in cybersecurity.
• Experience with incident response management and a solid understanding of the legal and regulatory landscape affecting security.

As a fully remote company, we thrive asynchronously as a team. We are curious, ambitious, and dedicated to our work. We value trust above all else, and have a strong bias for action. If you're looking for a place to do your life's work, please get in touch. We'd love to hear from you.

And remember, there's no such thing as a 'perfect' candidate. We're looking for optimists with grit and determination, who are excited to face the challenges of a growing startup. OpenPhone is the type of company where you can grow, and we encourage you to apply for this role even if you don't think you meet all the requirements.

We are committed to creating an inclusive and diverse work environment. It is important that you are able to bring your authentic self to work every day. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.