Information Security Engineer

RESPONSIBILITIES:

• Collaborate with Information Technology, GRC, and other teams to reduce risk across the organization.
• Develop, implement, manage, maintain, and document security procedures, controls, and automations to protect WHOOP systems and data.
• Conduct regular security assessments, vulnerability testing, and risk analysis to identify and mitigate potential threats.
• Participate in incident response efforts, including investigation, remediation, and documentation of security incidents.
• Contribute to a culture of security awareness and best practices.
• Stay abreast of emerging security trends, technologies, and regulatory requirements to ensure WHOOP’s security posture remains robust and compliant.
• Identify and implement new or improved security tools or software to advance the maturation of the security program. Continuously evaluate and improve security tools and processes to address evolving security needs.
• Participate in an on-call rotation to provide 24/7 support for critical security incidents.

QUALIFICATIONS:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 4+ years of experience in an Information Security, IT Security, or similar role.
• Hands-on experience with security technologies such as endpoint protection (EDR), data loss prevention (DLP), SIEM, identity providers (IDP/SSO), mobile device management (MDM), and security automation tools.
• Experience with securing cloud environments, including public cloud infrastructure (IaaS/PaaS) and/or SaaS business platforms such as Salesforce.
• Excellent problem-solving skills and the ability to work effectively under pressure.
• Ability to manage and prioritize multiple tasks and projects effectively.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Strong documentation skills with a proven ability to track work in ticket systems such as Jira or similar platforms.