Join our gene pool.
Senior Security Engineer - SIEM
Sunnyvale, California, United States
Do you like to identify security gaps and implement the missing security controls? Have you worked on security event management, correlating different signals, mitigating potential incidents? Do you like to run vulnerability/penetration tests/gap assessments, and review and audit application/firewall/IDS logs? If so, join our team!
Who we are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.
What you'll do
- Integrate, configure and maintain SIEM tools;
- Manage and improve our incident response workflow, implement mitigation plans in cooperation with Engineering, DevSecOps, and IT teams;
- Improve our vulnerability management program: setup and integrate security scans, triage and mitigate vulnerabilities, communicate required actions to relevant teams;
- Help teams to leverage the existing and emerging logging and monitoring solutions, extract security events from the logs with filter/correlation tools, evaluate misconfiguration and intrusion detection signals, automate as much as possible, present relevant visual summaries on live dashboard;
- Escalate the critical findings, and mitigate the security threats;
- Run penetration tests and gap assessments;
- Research technical requirements and evaluate vendors’ security products and services;
- Assist with internal and external security audits to ensure compliance with SOC1/2, ISO27001, PCI-DSS, HITRUST, and other frameworks;
- Train and mentor security engineers and analysts to utilize SIEM technology.
What you bring
- Bachelors or Masters degree in computer science, network engineering and/or security engineering;
- 5 years of experience in Security Engineering, DevOps or IT Operations roles;
- Experience working in DevSecOps environment, familiarity with Agile development;
- In-depth understanding of Security Event Management both from a technology/tool as well as process perspective;
- Hands-on experience managing, configuring and utilizing log analysis tools like SumoLogic and Splunk;
- Expert level knowledge of network security technologies such as: firewalls, proxy servers, IDS/IPS;
- Expertise in a number of the following areas: encryption, two-factor authentication, integrity monitoring, log management and intelligence, computer forensics, penetration/vulnerability testing and other common security technologies;
- Experience with operational aspects of securing AWS infrastructure (VPC, IAM, KMS, CloudWatch, CloudTrail, AWS Config and others) and understanding of the AWS shared responsibility model are a plus;
- Linux/Unix, OS X, and Windows security knowledge and experience;
- Experience implementing and managing incident response workflows and processes;
- Understanding of and preferably experience with compliance frameworks, like HIPAA, HITECH Act, Sarbanes-Oxley, GDPR, PCI, ISO 27001 and HITRUST;
- Relevant security and AWS certifications are a plus but not required.
23andMe, Inc. is the leading consumer genetics and research company. Our mission is to help people access, understand and benefit from the human genome. The company was named by MIT Technology Review to its “50 Smartest Companies, 2017” list, and named one of Fast Company’s “25 Brands That Matter Now, 2017”. 23andMe has over 5 million customers worldwide, with ~85 percent of customers consented to participate in research. 23andMe is located in Sunnyvale, CA. More information is available at www.23andMe.com.
At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at firstname.lastname@example.org. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.
Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.Back