Key skills
PythonGolangAWSSDLCRisk ManagementCustomer SuccessOWASP
About this role
Samsara is the pioneer of the Connected Operations™ Cloud, enabling organizations to harness IoT data to improve operations. The Senior Security Engineer will lead the threat modeling program, collaborate with teams to manage vulnerabilities, and contribute to security incident investigations.
Responsibilities:
- Lead and own ongoing operation and maintenance of Samsara’s threat modeling program, ensuring consistent execution of processes
- Assist in detecting, raising risks found within the Samsara ecosystem, and recommending best next steps while balancing business needs
- Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports
- Collaborate with engineering teams to track and support the remediation of identified vulnerabilities, providing guidance on best practices
- Participate in security incident investigations related to high-profile vulnerabilities, helping gather data and assess potential impact on Samsara infrastructure
- Contribute to documentation and process improvements to streamline risk management workflows
- Champion Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) in daily work
- Be regularly on call to support
Requirements:
- 6+ years of relevant experience with demonstrated impact for application or product security and threat modeling in an enterprise environment
- Deep familiarity with OWASP Top Ten, the STRIDE threat modeling framework (or equal such as PASTA or DREAD), MITRE ATT&CK
- Defining and driving SDLC adoption with business focused engineers
- Experience managing Bug Bounty programs such as Bug Crowd
- Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business
- Experience coding with Python or GoLang
- Security certifications such as CISSP, AWS Certified Security Specialty, or equal
- Experience and knowledge of FedRAMP and other regulatory security requirements
- Experience with Semgrep or Wiz