Senior Information Security Engineer

Lookout is an integrated endpoint-to-cloud security company. Our mission is to secure and empower our digital future in a privacy-focused world where mobility and cloud are essential to all we do for work and play. We enable consumers and employees to protect their data, and to securely stay connected without violating their privacy and trust. Lookout is trusted by millions of consumers, the largest enterprises and government agencies, and partners such as AT&T, Verizon, Vodafone, Microsoft, Google, and Apple. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.

Lookout's users and product developers trust our Information Security team to provide them with the most secure experience. We're looking to hire Product Security Engineers to ensure that our products are designed and implemented to the highest security standards. You will have incredible communication skills and experience analyzing products from a security perspective.

You immerse yourself in all aspects of security, especially as it relates to building secure microservice-based cloud products, DevSecOps and stopping attacks in the cloud. You are looking for an opportunity that will try your technical skills and challenge your creativity. You are ready to face a wide range of security questions, many of which have not been considered before. Production servers, networks, endpoint devices, and data are safe in your hands. You are a subject matter expert who wants to implement tactical solutions and contribute to innovative solutions to big picture issues.

Responsibilities:

You'll be tasked with improving security across all aspects of Lookout's products throughout their lifecycle, from design and architecture to code to deployment, in a cloud infrastructure (AWS/GCP) running complex highly security-sensitive services at significant scale. You will be challenged every day.

• Harden our products from attack by implementing strong Agile Security Development Lifecycle (SDL) tools and processes
• Provide subject matter expertise on network architecture, DevSecOps, building secure software and implementation security controls in an Agile environment
• Push the boundaries of security technology to enable defensible products in large scale production infrastructure and networks.
• Perform security assessments of applications, and solutions in production, corporate and cloud infrastructures
• Define and implement security standards and guidance for engineering teams, including automation and technical controls to enforce
• Build frameworks to provide secure defaults to engineering teams and tools that will automatically scan and detect security problems.
• Provide training to engineering teams on application security related topics.
• Operate, and help engineering teams utilize, security tools (SAST/DAST/SCA/etc.)
• Evangelize security within Lookout.

Requirements:

• BS in Computer Science, Computer Engineering of Electrical Engineering
• 5 + years of practical experience with security architecture, design and implementation in large scale products and cloud infrastructure, including 3+ years of experience in application security related fields (architecture reviews, code reviews, application penetration testing, security engineering).
• Significant (2+ years) software development experience, developing and delivering complex applications. Mobile applications and backends, microservice architectures, delivering to heavily regulated enterprise customers (financial, healthcare, government) a plus.
• Experience in a DevOps and Security (DevSecOps) focused environment. Experience automating security assurance by integrating security tooling with CI/CD pipelines
• Experience deploying and operating application security tools
• Hands on experience in AWS and/or GCP
• Deep familiarity with Secure Development Lifecycles
• An expert in one or more of the following domains: cryptography, authentication and security protocols, web application security, mobile application security, cloud based services, and threat modeling.

Desired qualifications and skills:

• Solid knowledge of Linux operating systems
• Development experience in Ruby or Java
• Experience with Kubernetes and container security
• Experience with using scripting languages (ruby/python preferred) for security automation tasks
• Excellent written and verbal communication skills.
• Excellent teamwork and leadership skills.
• Security Certifications are a plus
• Familiarity with compliance frameworks and standards (FedRAMP, ISO27001 etc.) is preferred