Principal Information Security Engineer

FabFitFun is one of the best places to work in Los Angeles and its amazing success has been achieved due to our amazing business initiatives (over 2 million members), dedicated leadership, inclusive corporate culture, and career growth opportunities.

Guided by our company values, FFF seeks to maintain a work culture that encourages innovation, rewards creativity, values teamwork, and supports inclusion and equity.

The company endeavors to foster confidence, effectiveness, and success for all employees who work with these values every day.

We are looking for a Principal-level Security Engineer to join our Security Engineering team.

The ideal candidate will participate and lead efforts to create new security designs based on current business needs, capacity increases, and customer growth.You will play a pivotal role improving security across all aspects of the FabFitFun infrastructure.

What You’ll Do:
Manage security incidents as Incident Commander: determining direction of investigations, incident exit criteria, and update cadence.

Conduct host/network, forensics & log analysis in support of incident response investigations Identify attacker tools, tactics, and procedures (TTPs) to develop indicators of compromise Hunt FabFitFun networks for indicators of compromise, looking for evidence of a compromise Preserve and analyze data from a diverse set of data sources, including attack patterns and bad actors identified by FabFitFun’s CX team Work with cross functional teams to contain and remediate security incidents related to breach and compromise.

Provide feedback across engineering, product and IT teams about accuracy and quality of security detections, controls and remediations Identify areas of opportunity, and drive improvements to the incident response process and technology directly impacting the team Work with partner teams including: PR, HR, Legal, Compliance, Investigations, Engineering, and external partners including AWS, Google and other strategic technology providers to further FabFitFun’s information security maturity Support mentoring and technical development for engineering, product and IT teams Identify areas of opportunity, and drive improvements to information security processes and technologies Be a voice of security within FabFitFun, championing best practices and promoting a “secure business” environment
What You’ll Bring:
4+ years experience with incident management, cross team coordination, and management update cadences for multi-day incidents.

3+ years of experience with common actor attack vectors and tracing IOC/IOA through SIEMs, EDR, raw logs, and other telemetry.

Previous experience with actor tactics, techniques and procedures (TTP), and following lateral movement (i.e.

Mitre ATT&CK framework).

Previous experience with one or more of these environments: cloud, physical, production, e-commerce and business environments.

Previous experience with understanding the impact chain for security decisions and remediation impact downstream Ability to apply NIST CSF, PCI DSS, SOX and other relevant standards to inform and execute information security functions Ability to monitor and secure AWS / public cloud infrastructure environments Ability to monitor and secure SaaS platforms Ability to participate in occasional on-call activities during cybersecurity incident investigations.

Ability to develop scripts and/or automation tools in programming languages such as Java or Python a plus Ability to develop scripts to ingest log data from IaaS/PaaS/SaaS platforms into log aggregators / SIEMs such as AWS GuardDuty, Amazon Detective, or Splunk/SumoLogic/Chronicle a plus BA/BS degree in Information Security, CyberSecurity, Computer Science, or other related technical disciplines, or equivalent practical experience Must be able to travel domestically (USA) and Internationally (UKI, SE Asia) up to 15% of the time once global travel resumes (maybe 2x/year)
What You’ll Get:
Matching 401k and equity incentives Be a part of one of the fastest growing companies in the US that is revolutionizing eCommerce Open/Flexible PTO policy
– we trust our employees to manage their time!

Free FabFitFun subscription and quarterly credit in the Add-Ons store Monthly cell phone reimbursement Monthly work from home stipend while the company is temporarily remote How did you hear about this role / FabFitFun?

 *

LinkedIn Profile

Do you have a preferred First Name?

Do you have a preferred Last Name?

If you have been previously employed with FabFitFun, please enter your @fabfitfun.com email address associated with your employment

Are you willing and able to work onsite at FabFitFun’s HQ in Los Angeles as of July 1, 2021 if asked to do so?

 *

Are you authorized to work in the United States for any employer?

 *

Will you now or in the future require visa sponsorship?

 *

Are you subject to any restrictive covenants with a current or former employer, such as a non-solicitation agreement, non-compete agreement or non-disclosure agreement?

 *

U.S.

Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at FabFitFun are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.

You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary.

Whatever your decision, it will not be considered in the hiring process or thereafter.

Any information that you do provide will be recorded and maintained in a confidential file.

Gender Please select Are you Hispanic/Latino?

Please select Race & Ethnicity Definitions
If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection.

As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA.

Classification of protected categories is as follows:

A “disabled veteran” is one of the following: a veteran of the U.S.

military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A “recently separated veteran” means any veteran during the three-year period beginning on the date of such veteran’s discharge or release from active duty in the U.S.

military, ground, naval, or air service.

An “active duty wartime or campaign badge veteran” means a veteran who served on active duty in the U.S.

military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An “Armed forces service medal veteran” means a veteran who, while serving on active duty in the U.S.

military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status Please select
Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability
Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities.

We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities.

To do this, we must ask applicants and employees if they have a disability or have ever had a disability.

Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so.

Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions.

Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past.

For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S.

Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp .

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabil

Related Post