GRIN TECHNOLOGIES INC
THIS JOB IS BASED OUT OF REMOTE (US)
GRIN is the pioneer behind the world’s first Creator Management platform, designed for the next generation of brands who recognize that, in the creator economy, authenticity is everything. Our platform supports every brand’s journey to connecting with consumers through authentic creator relationships and is listed #1 across all top review sites including Capterra, G2 Crowd and Influencer Marketing Hub. Thousands of the world’s fastest-growing brands – including SKIMS, Warby Parker, Allbirds, Mejuri, and MVMT – use GRIN to make creators feel like trusted, empowered partners and work with them to build their brands into household names. Together, we are revolutionizing the Creator Economy. GRIN is headquartered in Sacramento, CA, yet has a “Remote First” work policy and culture, meaning remote work is the default. Our Core Business Hours are 9am-3pm PST, so we expect all of our employees to work at least during those hours and are flexible on the rest of your hours.
Our culture is a team-first mentality built on the Core Values of Integrity, Humility, Take Action, Think Big, and Ownership and shared by every single employee. At GRIN, we expect everyone to do the right thing, which instills trust and allows us to tackle the big issues and make things happen. We move fast, because in our industry, time is our biggest opponent. We aren’t afraid to ship quickly and make changes down the road. We empower our employees to make decisions with no red tape and no fear of reprisal, as long as they take ownership and adapt along the way.
GRIN is seeking a Senior Cloud Security Engineer to cultivate a security first mindset within our organization. As a Cloud Security Engineer at GRIN, you’ll partner with our DevOps, Engineering, and Development teams to engineer, develop, build, manage, maintain and implement secure solutions from the ground up. You will drive the development and adoption of cloud security standards, best practices and technologies within GRIN’s products and cloud infrastructure to ensure that the GRIN solution is highly secure and complies with industry standards and regulations.
To be successful in this role, you should have experiential knowledge gained from securing a SaaS on AWS that includes a breadth and depth in the latest cybersecurity solutions, cloud security best practices & DevSecOps.
We are a fast-paced, fun organization going through rapid growth and solving technical challenges at an exponential scale. This is a rare opportunity to join a high growth startup and have a career changing impact on an ambitious tech startup.
What You’ll Do:
- Provide technical security expertise to ensure the Confidentiality, Integrity, and Availability of GRIN technologies platform, solutions, company & customer data.
- Drive the development and adoption of cloud security standards, best practices and technologies within GRIN’s products and cloud infrastructure to enable security and privacy by design and ultimately a highly secure and compliant SaaS
- Perform architecture and design reviews, cloud security assessments, and application threat modeling throughout the GRIN organization and software development lifecycle
- Work in conjunction with Product Engineering & IT to enable secure & compliant cloud deployments through automation, system hardening, application security capabilities, threat prevention, intrusion detection, vulnerability management, container security, identity and access management, incident response controls, etc..
- Act as a ‘security consultant’ & ‘trusted advisor’ throughout the organization, but especially to software architects and engineers, proactively making recommendations around secure software development and secure coding practices to integrate secure by design principles.
- Automate security, compliance, auditing and monitoring of controls
- Perform security monitoring, security and data/logs analysis to detect and remediate security incidents.
- Enable the GRIN solution and overall business, as a remote-first organization, with Cybersecurity, Privacy, Compliance, and Governance
What You’ll Bring:
- 5+ years of experience as a security engineer working with high growth organizations, large scale distributed systems & teams; preferably in eCommerce, FinTech, &/or a SaaS environment.
- 2+ years Cloud Security engineering experience leading the development of security solutions at cloud scale in AWS
- Experience with Amazon Web Services (AWS) and knowledge in EC2, Cloud Trail, Security Group configuration, AWS WAF, Guard Duty, and other security related services
- Experience working with engineering teams using a dev-first approach, Continuous Integration/Continuous Delivery, Cloud automation, DevOps, DevSecops, Agile development methodologies
- Experience with automating compliance, security & governance including cloud configuration compliance monitoring and management
- Excellent communication skills, both verbal and written; ability to condense complicated scenarios into simple, risk-based assessments, appropriately targeted for colleagues and upper management
- Passion for Cybersecurity, inherent curiosity and the eagerness to learn
- Versatility with day-to-day activities operating strategically and tactically as needed
- Experience in high growth, fast-moving SaaS environments
- Experience with developing cloud native application security solutions, API security, SaaS vulnerability research, and penetration testing cloud architectures/applications.
- Formal degree, certifications &/or training in some engineering or InfoSec field.
- AWS Security certified
- Certificate of Cloud Security Knowledge (CCSK)
- ISC2 Certifications: CCSP, CISSP, CSSLP
- Certified Information Privacy Professional (CIPP/E/US/CA)
- DevSecOps Training &/or Certification
- SANS Certifications: GSEC, GPEN, GWAPT
- Programming or scripting experience with PHP, Python, Go, Node.JS, Angular
- OWASP top 10 Expertise, teaching and facilitating remediation
- Deep, technical understanding of methods used to attack or exploit flaws in cloud native applications
- 2+ years working in risk and controls, audit, or information security compliance
- Experience in regulatory and compliance standards such as SOC 2, PCI, CSF, HIPAA, ISO27001, ISO27018, CCPA, GDPR, etc.
We recognize the imposter syndrome might show its head as you read through this job description and although you might not check every box, we don’t want to miss out on the possibility of speaking with a perfectly imperfect candidate. So if you think you have what it takes – apply today and let’s discuss!
- Competitive salary
- 16 days of PTO + 10 Sick Days + 14 paid holidays
- Medical, Dental and Vision insurance
- 401(k) program plus match
- Paid Child Bonding Leave
- Home Office set up
- Career Development Reimbursement
- Employee Stock Option Program
- Career path opportunities in a great startup environment
- Tons of growth opportunity
To apply for this job please visit grin.co.