Key skills
PythonJavaRubyBashRuby on RailsRailsAWSTerraformKubernetesIAMCDNCloudflareSDLCMentoringCommunicationCollaborationOWASPCloud SecurityWAF
About this role
Reverb is the largest online marketplace dedicated to buying and selling new, used, and vintage musical instruments. They are seeking a Senior Engineer in Security to join their team of security engineers, responsible for safeguarding systems, code, networks, and customers from potential security threats. The role involves leading security strategies, conducting assessments, and mentoring junior team members.
Responsibilities:
- Lead the design, implementation, and maintenance of comprehensive security strategies and solutions to protect our networks, systems, and applications
- Conduct detailed security assessments to identify vulnerabilities and weaknesses in our infrastructure and applications
- Develop and enforce security policies and standards across the organization
- Collaborate with development and operations teams to integrate security practices into the software development lifecycle (SDLC)
- Keep up with emerging security threats, vulnerabilities, and industry trends to ensure proactive defense mechanisms
- Lead incident response efforts, conduct post-incident analysis, and implement corrective actions to prevent future occurrences
- Mentor and guide junior security team members, fostering their professional growth and skills development
- Engage peer teams in collaboration efforts to address security concerns and provide recommendations for risk reduction
- Evaluate and select security technologies and tools to enhance the organization's security posture
Requirements:
- Extensive experience in any relevant security domain and deep knowledge of at least one of the following areas: Cloud Security, Application Security, DevSecOps, Corporate Security
- Familiarity with frameworks such as OWASP Top 10, CIS Controls, and NIST CSF
- Hands-on experience with security tools such as EDR/XDR, WAF, SIEM, SAST/DAST, DLP, PAM, SOAR, CASB, etc
- Proficiency in scripting and programming languages (e.g., Python, Java, Bash, Ruby, Node) to automate security tasks and assess vulnerabilities
- Excellent problem-solving skills and the ability to think critically under pressure
- Strong communication skills to effectively collaborate with technical and non-technical partners
- Good data gathering skills to connect and triage issues
- Proven track record of leading security initiatives and driving projects to successful completion
- Development experience in Ruby, Ruby on Rails, or Node
- Experience working with and implementing Terraform
- Familiarity with WAF or CDN technologies, including Cloudflare
- Hands-on knowledge of AWS Security including: IAM, SecurityHub, Config, etc
- Understanding of Kubernetes