Product Security Engineer

SGNL’s modern Privileged Identity Management system eliminates standing access to critical systems by granting and revoking contextual access in real time, drastically reducing the potential impact of a breach. By incorporating context-based intelligence, SGNL prevents attackers—leveraging compromised credentials or other means—from freely navigating cloud applications like Azure, AWS, GitHub, and Salesforce, as well as on-prem systems.

That’s why global enterprises and fast-growing mid-market companies alike are turning to SGNL to reduce their identity attack surfaces and secure critical systems. Founded in 2021, SGNL is backed by top security technology investors, including Cisco Ventures, Costanoa Ventures, Fika Ventures, M12/Microsoft’s Venture Fund, Moonshots Capital, and Resolute Ventures. For more information about SGNL, visit https://sgnl.ai.

Candidates only, no recruiters please

Reporting to the CISO, this member of the Information Security Team will partner with the DevOps and Development teams to help keep SGNL secure. 

Key Responsibilities

• Design and optimize processes as part of a secure software development lifecycle and security program
• Implement security infrastructure and automation within cloud environments
• Perform and review findings from manual and automated security assessments
• Respond to security alerts and reports to assess validity, impact, and provide appropriate mitigation or remediation measures
• Perform application and infrastructure architecture reviews to identify potential issues and to conformance with good practices
• Maintain security metrics and reports that convey the state of security health
• Engage with developers and operations teams to consult with, educate, and evangelise practical and achievable good security practices

About You

Candidates will have spent time building, maintaining, and operating components of SSDLC and Cloud Security programs based upon security industry accepted good practices and documented standards. They will be well versed in the relevant threats and how to protect against them. They will be skilled in the art of cooperatively engaging with other teams to achieve positive outcomes that balance managing risk with maintaining velocity and stability.

Experience

• Designed, built, and operated security infrastructure in a DevSecOps, SRE, Cloud Security, or a similar type of role
• Drove adoption of an SSDLC framework and implementation of relevant general principles and practices
• Secured modern cloud-based applications built on AWS, Azure and K8
• Assessed microservice architecture and cloud service providers for threats and developed protection strategies
• Performed security assessments for applications, triaged findings, and developed mitigation or remediation strategies
• Implemented vulnerability management processes and solutions to identify issues throughout the platform, i.e. OS, containers, libraries
• Implemented and tuned SAST, SCA, DAST, and other application VM tools
• Ability to read and understand Go, AngularJS, and other languages, frameworks
• Enhanced and operated SIEMs for cloud environments
• Strong communication skills and can explain complex security issues in understandable terms
• Bias for action and self starter

Good to Have

• Infrastructure as Code (IaC) orchestration via Helm charts, Terraform, Ansible, Bash, and YAML
• Prior usage of common cloud native security tooling, e.g. Defender, Inspect, Sentinel, GitHub Advanced Security 
• Familiarity with any CSPM, DSPM, *PM tooling 
• Exposure to security standards compliance (e.g. PCI DSS, NIST 800-171, FIPS 140-3) and audits (e.g. SOC 2)
• Familiarity with security program frameworks including NIST CSF, CSA CCM, or ISO 27001, and how to implement relevant application and platform security measures
• Basic understanding of privacy requirements and compliance obligations for a US based company with non-US customers (CCPA, GDPR)

Compensation Information

Final offer will be at the company’s sole discretion and determined by multiple factors, including years and depth of relevant experience and expertise, location, and other business considerations.

• Base salary range for this position: $144,000.00 – $216,000.00 per year
• Eligible to participate in SGNL’s Equity Incentive Plan

SGNL is excited to offer full-time employees the following, growing list of benefits:

• Health benefits (medical, dental, and vision)
• Paid Time Off
• Paid Sick Leave
• Latest Apple equipment (as of your joining date)
• Customizable home office package, including external monitor, desk, office supplies
• Amazon Kindle and books covered by SGNL
• Professional development programs (Both inside and outside of SGNL)

SGNL reserves the right to amend or modify for any reasons in accordance with applicable law.

Does this all sound exciting to you?  Apply!  Even if you don’t meet 100% of the qualifications above, we encourage you to still apply because we know that the confidence gap and feeling like an imposter can stop truly amazing candidates and we want to speak with you.  We’re excited to review your application and do not require a cover letter (unless you want to submit one).  

Not located where the job is posted?  Still apply!  Our HQ is located in Palo Alto, CA but our people don’t have to be since we’re remote, hybrid, or in-person friendly.  We offer a competitive salary, an employee equity plan, 3 weeks of PTO (with an additional week for each year of service), and health coverage.

SGNL is committed to a diverse and inclusive workforce.  We want to celebrate what you bring to our team and know we can always get better.   SGNL is an equal opportunity employer and does not discriminate on the basis of race, ethnicity, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.  We are also committed to ensuring equal opportunity in employment for qualified persons with disabilities. Please email [email protected] or discuss with your recruiter if you require any reasonable accommodations throughout the recruiting process.

Quick video introducing our product

Want to see what all the hype is about? Check out this quick preview of the SGNL system and our approach to modern privileged identity management.