Join our gene pool.
Senior Security Engineer - Vulnerability and Intrusion Detection Management
Mountain View, CA, United States
Who we are
Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.
What you'll do
- Leading our Vulnerability Management program: setup and integrate scanning, triage and mitigate vulnerabilities, communicate required patches to relevant teams, report continuous improvement progress to management
- Help teams to produce useful logs, consolidate logs in S3, extract security signals from logs with filter/correlation tools, escalate misconfiguration and intrusion detection signals, automate as much as possible, present relevant visual summaries on live dashboard
- Improve incident response and craft mitigation plans in cooperation with Engineering, DevOps, and IT teams
- Run vulnerability/penetration tests/gap assessments
- Research technical requirements and evaluate vendor products and services
- Participate in security oriented code reviews
- Assist with internal security audits and work with external audit entities to ensure compliance
- Bachelors or Masters degree in computer science, network engineering and/or security engineering
- A minimum of 4 years experience in an operational, cloud-deployment security role
- Demonstrated success working independently in a fast paced environment against changing priorities
- Experience with Encryption, Two-Factor Authentication, Integrity Monitoring, Log Management and intelligence, Computer Forensics, Penetration/Vulnerability testing and other common security technologies
- Experience with operational aspects of secure cloud computing (AWS, VPC, S3, CloudFormation, Inspector, etc.)
- Linux/Unix, OSX, and Windows security knowledge and experience.
- Knowledge of and demonstrated experience with variety of network, host, and other monitoring security tools, like AWS-Inspector, Nessus, Metasploit, Kali, SCAP, Wireshark, SumoLogic, Splunk, etc
- Strong understanding of the core principles of confidentiality, integrity and availability
- Understanding of and preferably experience with HIPAA, HITECH Act, Sarbanes-Oxley, PCI, and HITRUST requirements
- Experience developing corporate policies, crisis management, performing technical and documentation audits
- Ability to successfully plan, organize and prioritize projects, work on multiple tasks simultaneously
23andMe, Inc. is the leading personal genetics company. Our mission is to help people access, understand and benefit from the human genome. 23andMe has over 2 million customers worldwide with ~85 percent consented to participate in research. 23andMe is located in Mountain View, CA. More information is available at www.23andMe.com.
At 23andMe we value a diverse, inclusive work force and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.