Key skills
Threat ModelingOWASP Top TenSDLC AdoptionBug Bounty ManagementPythonSecurity CertificationsCommon Security VulnerabilitiesProcess ImprovementIncident InvestigationGolangAWSSDLCRisk ManagementCustomer SuccessOWASP
About this role
Samsara is a pioneer of the Connected Operations™ Cloud, enabling organizations to harness IoT data to improve their operations. They are seeking a Senior Security Engineer with expertise in threat modeling to enhance their security and compliance strategy while collaborating with cross-functional teams.
Responsibilities:
- Lead and own ongoing operation and maintenance of Samsara’s threat modeling program, ensuring consistent execution of processes
- Assist in detecting, raising risks found within the Samsara ecosystem, and recommending best next steps while balancing business needs
- Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports
- Collaborate with engineering teams to track and support the remediation of identified vulnerabilities, providing guidance on best practices
- Participate in security incident investigations related to high-profile vulnerabilities, helping gather data and assess potential impact on Samsara infrastructure
- Contribute to documentation and process improvements to streamline risk management workflows
- Champion Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) in daily work
- Be regularly on call to support
Requirements:
- 6+ years of relevant experience with demonstrated impact for application or product security and threat modeling in an enterprise environment
- Deep familiarity with OWASP Top Ten, the STRIDE threat modeling framework (or equal such as PASTA or DREAD), MITRE ATT&CK
- Defining and driving SDLC adoption with business focused engineers
- Experience managing Bug Bounty programs such as Bug Crowd
- Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business
- Experience coding with Python or GoLang
- Security certifications such as CISSP, AWS Certified Security Specialty, or equal
- Experience and knowledge of FedRAMP and other regulatory security requirements
- Experience with Semgrep or Wiz