Staff Security Engineer
Located in London (Hybrid) / UK (Remote)
#LI-Remote
About Snowplow
As the leader in Data Creation, Snowplow empowers more than 10,000 organisations, including Strava, Burberry, Condé Nast and Flickr to create first-party customer behavioual data to unlock transformative AI and advanced analytics directly from their warehouse, lakehouse or in a real-time stream.
Snowplow was founded with the belief that data teams should spend their time innovating and driving competitive advantage, not extracting and wrangling behavioral data from CDP’s or digital analytics platforms.
Following our $40 million in Series B funding led by global venture capital firm, NEA, whose prior investments include Databricks, MongoDB, and Elastic, we are on the lookout for more creative and innovative individuals to help us shape our next chapter.
The Opportunity
Security is an essential part of Snowplow’s culture and our products. Our use of a private SaaS deployment model, and the fact that much of our software is open-sourced, means our customers and wider community are able to audit our security and hold us to account. It is therefore necessary for us to maintain a top security posture. We are currently ISO 27001-certified and on a journey to SOC 2 Type II attestation.
We are looking for an experienced Security Engineer to support on all aspects of product security within Snowplow. You will be a key member of Snowplow’s IT Services team, which runs the company’s technology and compliance platform encompassing Employee IT, Developer IT, Information Security, and Data Protection, and have a significant voice on the technical direction of the team. The role will initially be one of an individual contributor, but with the potential to build out a team as the company grows.
What you’ll be doing
● Championing security: Educate and train people at all levels of the business to advocate for a security-conscious culture
● Growing our security tech stack: Maintain our existing tooling (e.g. Snyk, Amazon Inspector, Intruder, Microsoft Defender), and stay on top of emerging technologies that could improve our security posture and drive their evaluation, rollout and adoption
● Promoting security by design: Work closely with the engineering teams to embed security considerations, including vulnerability management, in the design, development, and maintenance of products and features
● Monitoring alerts: Review and act upon security alerts, including those generated by our Microsoft Sentinel-based SIEM and submitted through our HackerOne-hosted Vulnerability Disclosure Program (VDP)
● Supporting on security incidents: Manage internal efforts to successfully end security incidents
● Listening to customers: Understand the security concerns of our customers, and collaborate with the relevant teams across the business to address these concerns
What we’re looking for
● Proven experience in cyber security, ideally having worked directly with engineering teams and with exposure to running a SOC
● Extensive knowledge of security risks and mitigations through process and technology, especially for cloud-based applications and infrastructure
● Experienced with securing AWS infrastructure managed and provisioned using IaC
Additional experience with Azure and GCP would additionally be a plus
● Strong communication skills to translate security requirements into business objectives and to effectively convey security considerations to both technical and non-technical audiences
● Confidence to engage with peers, both internally and at prospects/customers, to understand their information security concerns
What you get in return for being awesome
💰 A competitive package, including share options
🧘 Flexible working
🏖️ A generous holiday allowance no matter where you are in the world
🫂 Mental health support including therapy sessions
💻 MacBook and home office equipment allowance
🚲 Cycle to work scheme
🎉 Fun office with regular socials and all the snacks and drinks you can manage
🫶 1 week of volunteering a year for a cause you feel passionate about
👪 Enhanced maternity, paternity, shared parental and adoption leave
