Lovevery is a fast-growing brand co-founded by successful entrepreneurs and based in Boise, Idaho. Our customers are parents, and our mission is to help them feel confident they are giving their children meaningful development experiences in the critical early years of life. Taking a science-based approach, Lovevery products have won awards from Red Dot, Parents’ Choice, and NAPPA. TIME Magazine named The Play Kits as one of the Best Inventions of 2018.
Description:
As a member of the Lovevery’s Technology Solutions Group, the Lead Security Engineer will be accountable for providing best-in-class security solutions for our digital products and internal business systems. Responsibilities include defining and improving the security posture across various custom-built and third-party systems. This lead role will partner closely with our internal engineering teams, contractors and vendors in implementing and managing solutions necessary to prevent intrusion and exfiltration of company and customer information.This includes ensuring compliance with relevant security standards.
Responsibilities:
- Design, deploy, administer, and improve security infrastructure services and tools for authentication, authorization, vulnerability management, and application security
- Develop security policies for employee business systems and software engineering environments
- Ensure technology implementation and product development lifecycle methodology follows our security policies and improves security posture
- Own operational improvements based on the NIST Cybersecurity Framework
- Create monitoring mechanisms using appropriate tools to facilitate an effective incident response process
- Develop and maintain blue and red team assessments and exercises to identify infrastructure and application vulnerabilities and remediation plans
- Review existing cloud security architecture design/configuration and recommend changes
- Develop security requirements for product design and CI/CD pipeline, and assist in product security testing
- Participate in the strategic decisions and security reviews related to technology, vendors, and implementation of business processes and systems
- Own and improve process and procedural security documentation
- Champion security programs and training across the company
Qualifications:
- Bachelor's degree in a relevant technical field
- Seven or more years in security engineering and operations in an e-commerce environment
- Five or more years of experience building and operating a security program for a public company
- Five or more years of hands-on expertise operating in public cloud environments with proficiency in architecture and security capabilities
- Extensive experience in penetration testing of web and mobile applications
- Proven experience in multiple security domains such as intrusion detection, intrusion prevention, bot detection, and incident response, along with associated tools
- Familiarity with Cybersecurity Frameworks like NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
- Hands on experience with virtual and physical networking systems, and secure web access tools
- Experience assessing and implementing technical security controls related to PCI DSS
- Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience
Preferred Qualifications:
- Relevant industry certifications like AWS, CISSP or SSCP
- Deep understanding of Linux operating systems
- Practical scripting skills using Python or similar
- Meraki network hardware experience
- International experience
Our Benefits Include:
- Competitive salary, benefits, and stock options package
- The usual paid holidays and a few extras (ex. Election Day)
- Paid maternity or paternity leave
- MacBooks are our standard, but we’re happy to get you whatever equipment helps you get your job done
- Free/discounted Lovevery products
- Innovative, fast-paced and team-based culture
Lovevery is proud to be an equal opportunity employer that values diversity in all forms. All employment decisions at Lovevery are based on business needs, job requirements, and individual qualifications, without regard to race, religion, national origin, sexual orientation, gender identity, HIV status, marital status, or any other status protected by the laws or regulations in the locations where we operate.
