Senior Security Operations Engineer
SoFi is a mission driven company where we are laser focused on helping our members get their money right. We’re doing this by providing a set of game changing capabilities for our members across a broad set of financial products that our members use daily -- moving from a high pressure, transaction based sales relationship to a mutually beneficial, incentive-aligned lifetime relationship. We are looking for a talented Senior Security Operations Engineer that’s both excited about this mission and about using technology to help make our members financial lives better.
The Senior Security Operations Engineer operates and maintains the Security team’s portfolio of vulnerability management, Security Incident and Event Management (SIEM), automation, and authentication tools. Additional tasks include forensic recovery/support, event management, spam investigation, threat feed management, penetration tests findings mitigation, proactive defense, network sensor auditing, and security event management. This role will focus heavily on operational and strategic level tasks, and provide counsel and guidance to the junior level security operations engineers in the department. The Senior Operations Engineer also serves in an architectural capacity, providing the appropriate information and planning required for new technology and policy deployments.
The ideal candidate is hands-on, articulate and focused, and can own projects, features and functionality; enjoys learning and mentoring others. Our core tools are LogRhythm/Cloudflare/Digital Guardian/Nessus/Clair/Whitesource, but you don't have to be an expert in any of these; we're looking for a world-class operations engineer to help create a world class security operations environment.
At SoFi, you’ll become part of a new kind of finance company whose ambition is to help our members achieve financial independence and reach their goals. We aim to be at the center of our members’ financial lives, and to help every member get their money right. We created student loan refinancing, addressing the biggest financial challenge of a new generation through a modern approach to lending and personal finance. Next we expanded our products and services across loans, wealth management, and insurance. SoFi Money—a modern take on a checking or savings account--is our newest innovation and disruption to the financial services industry. SoFi has achieved significant growth, with ambitious plans ahead, but to continue this growth we need great talent. And that starts with you.
Key responsibilities include
- Take the lead in security operations, including management, enhancement, and implementation
- Proactively identify, troubleshoot, and mitigate vulnerabilities and provide metrics for reporting
- Participate in incident response, threat modeling, and threat hunting
- Help expand defense-in-depth security for the organization to protect critical IT assets and data from internal and external threats
- Assist in the development, execution, and enforcement of security processes, policies, and procedures
- Monitor computer networks for security issues.
- Investigate security breaches and other cyber security incidents.
- Document security breaches and assess the damage they cause.
- Monitor and track known vulnerabilities in our applications and infrastructure.
- Work with teams to fix the vulnerabilities in their respected areas
- Stay current on IT security trends and news.
- Work with the security team to develop company-wide best practices for security.
- Research security enhancements and make recommendations to management.
- Stay up-to-date on information technology trends and security standards.
- Bachelor's degree in computer science or a related field.
- 6+ years of experience in information security or related field.
- Understanding of DNS, firewalls, proxies, WAFs, SIEM, antivirus, and IDPS concepts.
- Ability to identify and mitigate vulnerabilities and explain how to avoid them.
- Experience in network administration and security
- Experience in Web Application security and OWASP Top 10 knowledge
- Experience in UNIX/Linux operating systems administration
- Experience with configuration management tooling such as Salt
- Understanding of database administration and security issues related to relational databases (MySQL or Postgres)
- Experience with AWS cloud security and best practices
- Working knowledge of Python or other scripting language
- Working experience with Java (or another Object-Oriented Programming language)
- Familiarity with at-scale services
- Familiarity with Docker and kubernetes
- Familiarity with secure coding practices
- Familiarity with security standards such as PCI DSS, ISO 27001, etc.
- Experience working with identity and access control management solutions
- Familiarity with infrastructure best practices
- Experience working in a risk based security program
Personal Attributes of the Ideal Candidate Include
- Ability to thrive in a fast-paced growing company.
- Ability to drive a project from inception to completion.
- Enthusiasm for solving challenging problems.
- Team attitude: a willingness to roll up your sleeves, work with others and get stuff done.
Competitive salary packages and bonuses.
Comprehensive medical, dental, vision and life insurance as well as disability benefits.
100% of medical, vision, and dental premiums paid by SoFI for employees and their dependents.
Generous vacation and holidays
401(k) and education on retirement planning.
Tuition reimbursement on approved programs, up to $5,250 a year.
Monthly contribution to help you pay off your student loans.
Employer paid lunch program and subsidized gym membership.
Fully stocked kitchen (snacks & drinks)