Security Engineer vacancy at TaxJar
We know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To do that, we have to start internally. At TaxJar, we aim to provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, and extraordinary place to work.
We’re fast-growing, fully-distributed, talented, driven, and love what we do. We live all across the US, working from our homes, coworking spaces, coffee shops — even a boat! We have many different backgrounds and lifestyles, and everything we do is guided by our core values. We recruit from a varied pool of candidates, as we believe that a diverse team can create better solutions for our customers.
General overview of the role
The Security Engineer will help grow and maintain our Security Operations Program as it continues to mature. This is an individual contributor to our organizational, application, and cloud security areas. They understand how to break a project down into sizable, deliverable tasks. This position reports to the Head of Information Security.
Security Engineers at TaxJar primarily contribute by protecting, analyzing, monitoring, and detecting threats from different company assets. They are responsible for the vulnerability management program, for performing threat analysis using our Cloud SIEM solution and running our incident response process. As our business scales Security Engineers will need to identify new threats, risks, adapt to new regulations, and have ownership of changes to the architecture of our systems.
Experience securing/monitoring/reporting for AWS and its services such as EC2, Lambda, ELB, ECS, IAM, S3, RDS, AWS Config, etc
Working closely with the DevOps team to build, maintain, and enhance current cloud monitoring and incident response processes and toolsets.
Define and implement appropriate policies for AWS security solutions
Analyze, track, and monitor security events from our Cloud SIEM (security analytics tool) and other sources to be able to identify unauthorized activity
Build required dashboards and reports to provide a high-level overview of the current security threats we are seeing
Provide recommendations to the security team about necessary changes to our cloud resources based on current security alerts and threats
Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities
Investigate and mitigate security incidents by following our incident response plans
Stay up to date with current threats and vulnerabilities and prioritize them based on the criticality
Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened
Assist with the management and configuration of our Web Application Firewall (WAF)
Improve the security logging in the current applications, platform, and tools
Perform threat analysis on security logging for the entire tech stack
Configure and manage the endpoint protection/detection and phishing solutions
3-5+ years of experience in a Security Operations role preferably in SaaS
2-4+ years of AWS Cloud Security experience
Strong knowledge of threats and vulnerabilities associated with application and network security in a cloud environment (AWS).
Strong understanding of Amazon Web Services(AWS) cloud application architecture & microservices
Hands-on experience configuring and working with SIEM, SOAR, and EPP/EDR solutions
Experience with security technologies such as WAF, File Integrity Monitoring (FIM), SAST/DAST tools, etc.
Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.)
Experience with operating systems and hardening (Linux, OS X, and Windows) a plus
Certifications such as CISSP, GSEC, CEH or CISM highly desired
Agile, humble, trustworthy, and a team player