Senior Information Security Engineer

Job Description Every developer has a tab open on Stack Overflow. We are one of the most popular websites in the world - a community-based space focused on increasing productivity, decreasing cycle times, accelerating time to market, and protecting institutional knowledge. Innovation is at the heart of everything we do. We embrace collaboration, transparency, and believe in leading with empathy; creating an environment where every Stacker knows they belong. We embrace that the unique contributions and points of view of all Stackers contribute to our success.We are a Best Company to Work For, in addition to being recognized for Best Company Leadership, Best Company Happiness, Best Company Perks and Benefits, Best Company Work-Life Balance, Best Company Compensation, and Best Company Outlook.We are a remote-first company with Hiring HUBs based in the US, Canada, UK, and Germany.Stack Overflow is growing fast, and our technology needs just keep getting bigger. We're looking for an Information Security Engineer to join our existing team and help us support engineering, lines of business, and our customers. As a Senior Information Security Engineer, you'll bring your expertise to reduce risk, mentor Security Analysts, and represent our team in cross functional projects. You'll also be helping us build an SecOps program and create an infosec ecosystem We're looking for someone with experience in best practices and secure builds for Windows, Linux, MacOS, Azure Cloud, Networking, and software development, but we don't expect you to know every part of our stack coming in, so we'll pair you with other members of the team to learn and develop your skills across our entire environment.What you'll work on:Lead Contribute to security requirements in designing, developing, and deploying large-scale services and platformsConducting security architecture reviews of the application stack, including applications built on cloud and emerging technologies Design and develop platform-level solutions to promote security-related initiatives and improvements. - Review source code for potential security issues, recommend and implement fixesProviding specific risk assessment and remediation guidelines for developers and business owners - Belief in automation and tooling as a critical part of the software lifecycleDocument and disseminate security guidelines for common security issues, remediation guidance, and security baselinesContribute to SOC2 and ISO 27001/27701 audits as neededWork with developers to provide security guidanceActively promote improving the security culture and education within the organization Eager to learn new technologies and solutionsBe curious about how systems work and how they fail, design them to be sustainable in the face of failuresOur ecosystem includes:ISMS program built on ISO 27001/27701Cloud - Azure and Google Cloud PlatformSSO - OktaServers - Windows and Linux, VMware Virtual Machines and CloudDevice Management - AzureAD, Carbon Black, and WorkspaceOneNetwork - Cisco, Fortinet, and OpenVPNWAF, SASE, Zero Trust VPNDevelopment and Tools - Python, Terraform, Puppet, C#, ASP.NETClient Systems - MacOS and WindowsSkills & RequirementsWe're looking for:Strong verbal and written communication and documentation skills. "Document as you go"Strong desire to secure systems, define and improve processes.Familiarity with: Containers, Cloud, Servers, Networking, DNS, and PaaS & SaaSDeep technical understanding of the OWASP Top 10Experience with Splunk or similar SIEMExperience with Nexpose or similar vulnerability scanning toolsExperience integrating security tools to work as an ecosystemSolid experience in threat modeling and identification techniquesAbility to work with developers to resolve security issuesExperience in code reviews, vulnerability detection, and root cause analysis25+ years of experience in web application security, secure application design and architecture, threat modeling, secure coding, and cryptographyStrong sense of ownership, urgency, and driveSelf-motivated and proactive, discovering, and resolving issues before they become problems.What you'll get in return:Competitive Base Salary Generous paid vacationGenerous parental leave (16 weeks at 100% pay), family care leave, and unlimited sick daysIndustry-leading health benefits that are applicable per country of residence for all our full-time employeesCompany-paid Life InsuranceHome Internet stipendProfessional allocation for your growth and developmentOne-time allowance to assist with your home office setupCompany-paid access to Calm, Bravely, LinkedIn Learning, MyAcademy and OverdriveStack Overflow is proud to be an equal opportunity workplace. We value diversity, inclusion, equity and belonging and these pillars are at the heart of how we work together here at Stack. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying. For individuals based in California, and other locations where required, we will consider employment qualified applicants with arrest and conviction records.