Who is Recruiting from Scratch:

Recruiting from Scratch is a premier talent firm that focuses on placing the best product managers, software, and hardware talent at innovative companies. Our team is 100% remote and we work with teams across the United States to help them hire. We work with companies funded by the best investors including Sequoia Capital, Lightspeed Ventures, Tiger Global Management, A16Z, Accel, DFJ, and more.

Security Engineer II

We are looking for a Security Engineer to be part of our Security Operations & Engineering (SecOps) team. SecOps is committed to proactively detect, respond to, simulate, and identify breach attempts and threat actors.

You will manage security platforms, systems, and applications that quickly identify breach attempts, work with the SecOps team to contain and eradicate threats, streamline the security incident response processes, continuously monitor the security stack (e.g. DLP, IDS/IPS, SIEM), and monitor and report threat intelligence... The position requires a hands-on technical administrator who is well versed in cloud security platforms, creating dashboards, reporting metrics that demonstrate continuous improvements, executes successfully on strategies for improvements, and works well in a collaborative fast paced cross-functional agile environment (security, product, infrastructure, engineering).

What you’ll be doing:
• Improve the ability to respond to threats through technology selection, internal process development, and implementing automation of manual tasks and processes.
• Respond to Security Incidents of varying severities and complexity.
• Develop processes, procedures and playbooks that will be used during an incident response process.
• Create detailed process management workflows to ensure audit trails of activities are reviewed, policies are followed, and audit requirements are met.
• Assist peer teams in securing applications, business software and services, and infrastructure.
• Participate in new solution requirements gathering and design development.
• Assist with development, review, and execution of test plans to ensure effectiveness of security controls.
• Assist teams with mitigating findings including assessment of impacts, possible solutions, and efficacy of remedies.
• Assist with the secure integration of cloud applications and infrastructure.
• Develop and maintain technical support/knowledge base.
• Develops Service Level Agreements to set expectations and measure performance.
• Be a member of the Incident Response Team.
• Other duties as assigned. Management reserves the right to assign or reassign duties and responsibilities at any time.

What we expect from you:
• You are a dedicated, highly organized and motivated person who is passionate about technology and security.
• You are inquisitive, have a can-do attitude and a remarkable positive track record for figuring things out and getting things done.
• You work well within a team but also individually and with little direction.
• You can communicate effectively in both written and oral forms to technical and non-technical audiences.
• You can work under deadlines in a fast-paced environment.
• You use scripting languages to automate tasks and integrate systems.
• You have working knowledge about modern web application architecture and how to secure it (OWASP, SANS Top 25).
• Experience implementing controls against various Frameworks such as NIST CSF, HIPAA, HITRUST, ISO-27001 and SOC-2
• 3+ demonstrated hand-on years experience securing cloud services (AWS, Azure, Google Cloud)
• 3+ demonstrated hand-on years experience configuring and implementing multiple cloud based security tools (e.g. SIEMs, EDR, UBA, PAM, IAM, MFA, DLP, etc.).
• Strong communication and interpersonal skills with the ability to effectively listen and communicate information in a clear and concise manner.
• Bachelor’s degree in Computer Science, Engineering, MIS, IT. Or related coursework and/or equivalent work experience.
• Minimum of 5 years of professional or technical experience in IT with a strong background in all aspects of security tools administration and incident response.
• Must have within 12 months of hire Security+, CYSA+, GSEC, GCIH, Google or Azure or AWS Cloud Security Professional /Engineer unless alternative professional education is approved.

Benefits provided:

Focus on total health including:
• Generous medical, dental, vision coverage available day 1 + access to One Medical.
• 12 yearly no-cost visits to the Spring Health network of therapists and medication management providers for you and your dependents.
• Unlimited paid time off, 12 paid holidays throughout the year, and 10 sick days
• 4-4.5 months of fully paid parental leave.
• $500 per year Wellness Reimbursement.
• Supporting you financially through:
• Our People team benchmarks all salaries using the Radford Global Compensation Database for technology and life sciences industries. Radford benchmarks salaries with 3,589 global firms, 6.5 million employees, and 98 countries across the globe. We do this to ensure all of our team members are paid equally and competitively.
• On top of competitive and benchmarked salary, Spring Health offers incentive pay (based on role), and equity that begins vesting after one year with the company.
• Employer sponsored 401(k) match of up to 2% after 90 days of employment.

Creating a culture you can thrive in:
• Flexible work arrangements:
• 60% of Spring Health team members work fully remote while 40% work in a hybrid model from our New York City offices.
• Calm Fridays: no meetings, no distractions, just time for you to get work done.
• $200 per year donation matching to support your favorite causes.
• Our team members have created five employee resource groups thus far and looking to add on more

Salary Base: $140-170k base
St Louis Senegal

Salary Criteria