Join our gene pool.
Senior Security Engineer
Mountain View, California, United States
Do you like to identify and implement missing key security program elements? Have you worked on security policies, procedures, guidelines, procedures, controls, trainings, metrics and technologies? Do you like to run vulnerability/penetration tests/gap assessments, and review and audit application/database logs? If so, join our team!
Who we are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.
What you'll do
- Improve, implement, and manage our incident response workflow, and craft mitigation plans in cooperation with Engineering, DevOps, and IT teams
- Improve our Vulnerability Management program: setup and integrate scanning, triage and mitigate vulnerabilities, communicate required patches to relevant teams, report continuous improvement progress to management
- Help teams to produce useful logs, consolidate logs in S3, extract security signals from logs with filter/correlation tools, escalate misconfiguration and intrusion detection signals, automate as much as possible, present relevant visual summaries on live dashboard
- Run vulnerability/penetration tests/gap assessments
- Research technical requirements and evaluate vendor products and services
- Assist with internal security audits and work with external audit entities to ensure compliance
What you'll bring
- Bachelors or Masters degree in computer science, network engineering and/or security engineering
- A minimum of 4 years experience in an operational, cloud-deployment security role
- Demonstrated success working independently in a fast paced environment against changing priorities
- Experience with implementing and managing incident response workflows and processes
- Experience with Encryption, Two-Factor Authentication, Integrity Monitoring, Log
- Management and intelligence, Computer Forensics, Penetration/Vulnerability testing and other common security technologies
- Experience with operational aspects of secure cloud computing (AWS, VPC, S3, CloudFormation, Inspector, etc.)
- Linux/Unix, OSX, and Windows security knowledge and experience.
- Knowledge of and demonstrated experience with variety of network, host, and other monitoring security tools, like AWS-Inspector, Nessus, Metasploit, Kali, SCAP, Wireshark, SumoLogic, Splunk, etc
- Strong understanding of the core principles of confidentiality, integrity and availability
- Understanding of and preferably experience with HIPAA, HITECH Act, Sarbanes-Oxley, PCI, and HITRUST requirements
- Experience developing corporate policies, crisis management, performing technical and documentation audits
- Ability to successfully plan, organize and prioritize projects, work on multiple tasks simultaneously
23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Mountain View, CA. More information is available at www.23andMe.com.
At 23andMe we value a diverse, inclusive work force and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.
Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.