Senior Security Engineer
Updated on 11/13/2023
Transforming workplaces with visitor, desk, and delivery management
Envoy is a pioneering company that is reshaping the modern workplace experience with its comprehensive platform, offering solutions for visitor management, employee health checks, desk and room bookings, and delivery management. With a client base that includes renowned companies like Slack, Pinterest, and Warby Parker, Envoy's products are trusted by over 14,000 locations worldwide, processing more than 100,000 sign-ins daily, demonstrating its industry leadership. The company's focus on smart space solutions and workplace occupancy metrics, as well as its commitment to security across all facilities, showcases its dedication to making office life more efficient, safe, and meaningful.
Data & Analytics
San Francisco, California
Growth & Insights
6 month growth↓ -1%
1 year growth↓ -14%
2 year growth↑ 11%
San Francisco, CA, USA
Development Operations (DevOps)
- 5+ years of security engineering experience OR equivalent experience in a Infrastructure/DevOps role and an interest in working on security engineering initiatives
- Demonstrated expertise in triaging and prioritizing vulnerability reports, including the ability to assess the severity and impact of reported vulnerabilities.
- Proficient in reproducing reported vulnerabilities and working closely with development teams to validate findings.
- Strong hands-on experience with deploying and managing automated security scanners, such as SAST, DAST, and SCA tools.
- Knowledge of industry-leading security scanning tools and their integration into development pipelines.
- In-depth understanding of secure coding practices and the ability to perform code audits to identify vulnerabilities, coding best practices violations, and architectural weaknesses.
- Proven track record in managing successful bug bounty programs, including defining program guidelines, scope, and engagement with security researchers.
- Ability to effectively communicate and coordinate with security researchers, ensuring prompt and accurate triaging of vulnerability reports.
- Ability to think critically and analytically, identify potential security risks, and propose effective solutions.
- Excellent troubleshooting and problem-solving abilities in complex technical environments.
- Strong written and verbal communication skills, with the ability to articulate complex security concepts to technical and non-technical stakeholders.
- Proven ability to collaborate effectively with cross-functional teams, including development, operations, and executive leadership.
- Demonstrated commitment to continuous learning and staying updated with the latest security trends, vulnerabilities, and best practices.
- Preferred certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or similar.
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field is desirable.
- Triage and prioritize incoming vulnerability reports from various sources, including a bug bounty program, responsible disclosure program, and internal sources.
- Develop and maintain scripts to automate security-related tasks, including but not limited to vulnerability scanning, log analysis, and incident response.
- Collaborate with development teams to reproduce and validate reported vulnerabilities, ensuring accurate and detailed documentation of findings.
- Coordinate with internal stakeholders to implement necessary remediation actions and track their progress.
- Deploy and manage automated security scanners, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools.
- Conduct code audits and reviews to identify security vulnerabilities, coding best practices violations, and architectural weaknesses.
- Manage and maintain our bug bounty program, including the development of program guidelines, scope definition, and engagement with security researchers.
- Stay up to date with the latest security trends, emerging vulnerabilities, and industry best practices to continuously improve security measures.
- Security certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or similar.
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.