Senior Security Engineer

Updated on 11/13/2023

201-500 employees

Transforming workplaces with visitor, desk, and delivery management

Company Overview

Envoy is a pioneering company that is reshaping the modern workplace experience with its comprehensive platform, offering solutions for visitor management, employee health checks, desk and room bookings, and delivery management. With a client base that includes renowned companies like Slack, Pinterest, and Warby Parker, Envoy's products are trusted by over 14,000 locations worldwide, processing more than 100,000 sign-ins daily, demonstrating its industry leadership. The company's focus on smart space solutions and workplace occupancy metrics, as well as its commitment to security across all facilities, showcases its dedication to making office life more efficient, safe, and meaningful.

Data & Analytics

Company Stage

Series C

Total Funding

$208.1M

Founded

2013

Headquarters

San Francisco, California

Growth & Insights

Headcount

6 month growth

↓ -1%

1 year growth

↓ -14%

2 year growth

↑ 11%

Locations

San Francisco, CA, USA

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Bash

Development Operations (DevOps)

JavaScript

Kotlin

Ruby

Python

TypeScript

CategoriesNew

Software Engineering

Requirements

5+ years of security engineering experience OR equivalent experience in a Infrastructure/DevOps role and an interest in working on security engineering initiatives
Proven experience in scripting and coding, with expertise in languages such as Python, Bash, Javascript, or Ruby.
Demonstrated expertise in triaging and prioritizing vulnerability reports, including the ability to assess the severity and impact of reported vulnerabilities.
Proficient in reproducing reported vulnerabilities and working closely with development teams to validate findings.
Strong hands-on experience with deploying and managing automated security scanners, such as SAST, DAST, and SCA tools.
Knowledge of industry-leading security scanning tools and their integration into development pipelines.
In-depth understanding of secure coding practices and the ability to perform code audits to identify vulnerabilities, coding best practices violations, and architectural weaknesses.
Proficiency in programming languages commonly used in web and application development (e.g., TypeScript, Kotlin, Ruby, JavaScript).
Proven track record in managing successful bug bounty programs, including defining program guidelines, scope, and engagement with security researchers.
Ability to effectively communicate and coordinate with security researchers, ensuring prompt and accurate triaging of vulnerability reports.
Ability to think critically and analytically, identify potential security risks, and propose effective solutions.
Excellent troubleshooting and problem-solving abilities in complex technical environments.
Strong written and verbal communication skills, with the ability to articulate complex security concepts to technical and non-technical stakeholders.
Proven ability to collaborate effectively with cross-functional teams, including development, operations, and executive leadership.
Demonstrated commitment to continuous learning and staying updated with the latest security trends, vulnerabilities, and best practices.
Preferred certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or similar.
Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field is desirable.

Responsibilities

Triage and prioritize incoming vulnerability reports from various sources, including a bug bounty program, responsible disclosure program, and internal sources.
Develop and maintain scripts to automate security-related tasks, including but not limited to vulnerability scanning, log analysis, and incident response.
Collaborate with development teams to reproduce and validate reported vulnerabilities, ensuring accurate and detailed documentation of findings.
Coordinate with internal stakeholders to implement necessary remediation actions and track their progress.
Deploy and manage automated security scanners, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools.
Conduct code audits and reviews to identify security vulnerabilities, coding best practices violations, and architectural weaknesses.
Manage and maintain our bug bounty program, including the development of program guidelines, scope definition, and engagement with security researchers.
Stay up to date with the latest security trends, emerging vulnerabilities, and industry best practices to continuously improve security measures.

Desired Qualifications

Security certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or similar.
Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.

About Envoy

Envoy’s workplace platform has redefined how companies welcome visitors, improve the onsite experience, book desks and meeting rooms, manage deliveries, and access accurate and unified workplace data in 16,000 locations around the globe by designing products that solve common workplace problems.

Envoy provides a simple way to manage your complex safety, security, and compliance needs across all your workplace locations—wherever you need to bring people together.

Rely on smart, automated solutions to common workplace problems, like freeing up unused space and eliminating repetitive tasks. Not only does this allow you to make the most efficient use of your space and resources, it frees up your team’s time to focus on the work that matters.

With Envoy’s intuitive technology that employees actually enjoy using, you can create a great workplace experience that fosters community and togetherness by making it easy for teams to coordinate working onsite.

Unlike companies that offer disconnected workplace solutions and disparate (and often imprecise) data sources, Envoy’s platform provides accurate, comprehensive, and unified workplace data so you can make informed business decisions. Envoy’s integrated solutions pull data from multiple sources to ensure that you always have the most accurate data available.

For more information, visit Envoy.com.

About the Role

We strive to be a top-notch engineering organization with a great culture and have the same high standards with our code, systems, practices, and people. We value learning and growth. Look to hire diverse, well-rounded, communicative people we can trust.

We are looking for exceptional engineers to join our growing team at Envoy. We love to drive innovation in the workplace through hack projects. If you’re looking to challenge the status quo and build the Office OS. Come join us.

This is a hybrid position that requires at least 3 days a week (Tuesday - Thursday) in our San Fransisco HQ.

You will

Triage and prioritize incoming vulnerability reports from various sources, including a bug bounty program, responsible disclosure program, and internal sources.
Develop and maintain scripts to automate security-related tasks, including but not limited to vulnerability scanning, log analysis, and incident response.
Collaborate with development teams to reproduce and validate reported vulnerabilities, ensuring accurate and detailed documentation of findings.
Coordinate with internal stakeholders to implement necessary remediation actions and track their progress.
Deploy and manage automated security scanners, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools.
Conduct code audits and reviews to identify security vulnerabilities, coding best practices violations, and architectural weaknesses.
Manage and maintain our bug bounty program, including the development of program guidelines, scope definition, and engagement with security researchers.
Stay up to date with the latest security trends, emerging vulnerabilities, and industry best practices to continuously improve security measures.

You have

5+ years of security engineering experience OR equivalent experience in a Infrastructure/DevOps role and an interest in working on security engineering initiatives
Coding for Security Tools:
- Proven experience in scripting and coding, with expertise in languages such as Python, Bash, Javascript, or Ruby.
Vulnerability triaging and reproduction:
- Demonstrated expertise in triaging and prioritizing vulnerability reports, including the ability to assess the severity and impact of reported vulnerabilities.
- Proficient in reproducing reported vulnerabilities and working closely with development teams to validate findings.
Automated security scanners:
- Strong hands-on experience with deploying and managing automated security scanners, such as SAST, DAST, and SCA tools.
- Knowledge of industry-leading security scanning tools and their integration into development pipelines.
Code auditing and review:
- In-depth understanding of secure coding practices and the ability to perform code audits to identify vulnerabilities, coding best practices violations, and architectural weaknesses.
- Proficiency in programming languages commonly used in web and application development (e.g., TypeScript, Kotlin, Ruby, JavaScript).
Experience managing a bug bounty program:
- Proven track record in managing successful bug bounty programs, including defining program guidelines, scope, and engagement with security researchers.
- Ability to effectively communicate and coordinate with security researchers, ensuring prompt and accurate triaging of vulnerability reports.
Strong analytical and problem-solving skills:
- Ability to think critically and analytically, identify potential security risks, and propose effective solutions.
- Excellent troubleshooting and problem-solving abilities in complex technical environments.
Effective communication and collaboration:
- Strong written and verbal communication skills, with the ability to articulate complex security concepts to technical and non-technical stakeholders.
- Proven ability to collaborate effectively with cross-functional teams, including development, operations, and executive leadership.
Continuous learning and adaptability:
- Demonstrated commitment to continuous learning and staying updated with the latest security trends, vulnerabilities, and best practices.
- Flexibility to adapt to the changing security landscape and evolving technologies.
Security certifications and education:
- Preferred certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or similar.
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field is desirable.

You’ll get

A high degree of trust in your ideas and execution
An opportunity to partner and collaborate with other talented people
An inclusive community where you feel welcomed and cared for as a person
The ability to make an immediate impact helping customers create a great workplace experience
Support for your personal and professional growth

Compensation description

Envoy’s compensation package includes market competitive salary, equity for all full time roles, and great benefits. If you are located in San Francisco Bay Area, our expected cash compensation for this role is $170K-$200K (Annually).Final offers may vary within the range provided based on experience, expertise, and other factors.

If you have any questions related to compensation, please contact Recruiting after you apply.

#LI-Hybrid

By applying for this position, you acknowledge that you have fully read and understand the job requirements and received the Envoy Privacy Notice for applicants, which is linked here. Completing this application requires you to provide personal data, such as your name and contact information, which is mandatory for Envoy to process your application. Envoy is an EEO Employer and does not discriminate on the basis of any characteristic protected by local, state or federal law.