ABOUT YOU 🦄
- You have experience building a security program at a tech company between 50 and 200 employees.
- You are hands-on and can work independently. You do not rely on a large security or IT team to execute on the security program.
- You are familiar with security best practices in AWS, and understand how to secure and monitor the necessary infrastructure to prevent and detect security issues.
- You understand that most standard pen testing doesn't actually guarantee much security. Similarly, you understand that certifications, such as SOC 2, do not guarantee security.
- You are able to prioritize the security roadmap by impact of a potential attack as well as likelihood of the attack.
- You have experience rolling out an SSO solution such as Okta or Rippling.
- Bonus: You have experience dealing with the security implications of storing sensitive financial information and money movement.
IN THIS ROLE, YOU WILL 🤹
- Be the primary security specialist at the company, charged with securing our cloud infrastructure as well as our endpoint devices and SaaS services.
- Make and own security policy to balance employee productivity and desired tooling, project feasibility, risk, cost, and other tradeoffs as appropriate.
- Direct a small IT team (likely 1 person to start) to ensure employee requests are dealt with in a timely manner without compromising on security. (Most IT requests revolve around SaaS provisioning and RBAC)
- Create and run programs that ensure “table stakes” security such as patching, authentication, and proper tool selection are done correctly with a high degree of reliability, clear metrics, and are robust to failure.
- Create threat models for all systems across the company, and use them to prioritize time based on risk impact.
- Obtain and maintain any compliance-related certifications such as SOC 2 Type II, PCI, ISO 27001/27002, etc.
- Maintain a clear mapping of where PII is stored, and monitor/restrict access to it as much as possible.
- Triage and investigate all security reports. Execute the Incident Response Plan if/when an incident occurs.
- Educate and train teams on security topics and skills.
WE OFFER 💫
- Health, Dental & Vision Plans
- Competitive Pay
- Matching 401k
- Unlimited PTO
Truebill, Inc. is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Please let Truebill know you found this job on Himalayas. This will help us grow!
About this role
August 20th, 2021
Job posted on
January 24th, 2021
About the companyTake control of your money Truebill develops a mobile app that helps consumers take control of their financial lives. Truebill leverages AI to analyze users’ spending habits, identify inefficiencies...
We'll keep you updated when the best new remote jobs pop up.