Manager, Security Operations

Engineering San Francisco, California


Description

SoFi is a mission driven company where we are laser focused on helping our members get their money right. We're doing this by providing a set of game changing capabilities for our members across a broad set of financial products that our members use daily -- moving from a high pressure, transaction based sales relationship to a mutually beneficial, incentive-aligned lifetime relationship. We are looking for a talented Security Operations Manager that's both excited about this mission and about using technology to help make our members financial lives better.

The Security Operations Manager will be responsible for managing, developing and leading the security operations team for SoFi. The Security Operations Manager will be responsible for running our threat intelligence function, owning, improving and monitoring our SIEM and other monitoring tools, and running our vulnerability management process in collaboration with the rest of the security group. They will also need to work with the other groups to monitor and test our disaster recovery process, and lead our security incident handling function.

The ideal candidate is hands-on, articulate and focused, and can own projects, features and functionality; enjoys learning and mentoring others. Our core tools are LogRhythm/Cloudflare/Digital Guardian/Nessus/Clair/Whitesource, but you don't have to be an expert in any of these; we're looking for a world-class Security Operations Manager to help create and lead a world class security operations environment.

By joining SoFi, you'll become part of a forward-thinking company that is transforming financial services. Ranked as one of the fastest growing fin tech companies, we strive to hire world class talent to our team and offer the excitement of a rapidly growing startup with a strong leadership team. SoFi is a new kind of finance company taking a radical approach to lending, wealth management and insurance. From unprecedented products and tools to faster service and open conversations, we're all about helping our members get ahead and find success. Whether they're looking to buy a home, save money on student loans, ascend in their careers, or invest in the future, the SoFi community works to empower our members to accomplish the goals they set and achieve financial greatness as a result. Having raised nearly $2 billion in funding since 2011 and boasting over 500,000 members and over 1,400 employees, SoFi's future is bright.


Key responsibilities include

  • Take the lead in security operations, including management, enhancement, and implementation.
  • Participate in incident response, threat modeling, and threat hunting.
  • Help expand defense-in-depth security for the organization to protect critical IT assets and data from internal and external threats.
  • Assist in the development, execution, and enforcement of security processes, policies, and procedures
  • Monitor computer networks for security issues.
  • Investigate security breaches and other cyber security incidents.
  • Document security breaches and assess the damage they cause.
  • Monitor and track known vulnerabilities in our applications and infrastructure.
  • Work with engineering teams to fix the vulnerabilities in their respected areas.
  • Stay current on IT security trends and news.
  • Work with the security team to develop company-wide best practices for security.
  • Research security enhancements and make recommendations to management.
  • Stay up-to-date on information technology trends and security standards.
  • Mentor and grow the security operations team.


Requirements

  • Bachelor's degree in computer science or a related field.
  • 6+ years of experience in information security or related field.
  • 2+ years in a management/team lead position.
  • Experience with managing a remote/distributed team
  • Understanding of DNS, firewalls, proxies, WAFs, SIEM, antivirus, and IDS/IPS concepts.
  • Ability to identify and mitigate vulnerabilities and explain how to avoid them.
  • Experience in network administration and network security.
  • Experience in Web Application security and OWASP Top 10 knowledge.
  • Experience in UNIX/Linux operating systems administration.
  • Experience with configuration management tooling such as Salt.
  • Understanding of database administration and security issues related to relational databases (MySQL or Postgres).
  • Experience with AWS cloud security and best practices.


Pluses

  • Working knowledge of Python or other scripting language.
  • Working experience with Java (or another Object-Oriented Programming language).
  • Familiarity with at-scale services.
  • Familiarity with Docker and kubernetes.
  • Familiarity with secure coding practices.
  • Familiarity with security standards such as PCI DSS, ISO 27001, etc.
  • Experience working with identity and access control management solutions.
  • Familiarity with infrastructure best practices.
  • Experience working in a risk-based security program.
  • Personal Attributes of the Ideal Candidate Include
  • Ability to thrive in a fast-paced growing company.
  • Ability to drive a project from inception to completion.
  • Enthusiasm for solving challenging problems.
  • Team attitude: a willingness to roll up your sleeves, work with others and get stuff done.
  • Ability and desire to lead direct team members, virtual team members, and projects.


Benefits

  • Lunch stipend, a fully stocked kitchen, and subsidized gym membership.
  • Competitive salary packages and bonuses.
  • A flexible vacation policy allows you to truly relax and reboot.
  • Comprehensive health, vision, dental, and life insurance as well as disability benefits.
  • 100% of health, vision, and dental premiums paid by SoFI for employees and their dependents.
  • 401(k) and education on retirement planning.
  • Tuition reimbursement on approved programs, up to $5,250 a year.
  • Monthly contribution to help you pay off your student loans.



Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.