Published: Fri, 25 Oct 2024 14:50:18 GMT
Senior Security Engineer
About Us:
Seesaw is a trusted and beloved elementary learning experience platform used by 25 million educators, students, and families around the world. Our platform offers a suite of award-winning tools, resources, and curriculum for teachers to deliver inclusive and joyful instruction. Through interactive lessons, digital portfolios, and two-way communication features, Seesaw keeps everyone in the learning loop by providing continuous visibility into students’ learning experience to support and celebrate their progress.
Our Mission:
At Seesaw, our mission is to provide every elementary student with joyful and connected learning experiences that lay the foundation for success in life.
Your Team:
As a Senior Security Engineer, you will join our Core Platform team, a backbone team that plays a crucial role in Seesaw’s success. This team is responsible for building and maintaining the fundamental infrastructure and service libraries that support our product engineering teams in creating exceptional user experiences. They also take ownership of critical operational aspects, such as security, reliability, compliance, and cost-effectiveness, to ensure the seamless operation of Seesaw’s platform and cloud infrastructure. This is a diverse and impactful team that contributes directly to the success of the organization.
Working on Seesaw’s Engineering team is a unique experience. First, we give our team members a lot of ownership over the product roadmap, involving them in the planning process from the start. Second, we have a strong connection to our users, actively listening to teacher feedback and observing how students and families interact with our platform to continuously improve and iterate on our releases. And third, we value autonomy and give our team members the freedom to experiment and grow, often seeing their ideas brought to life in a matter of weeks, not months.
Millions of children around the world rely on Seesaw every day. This fact is both inspiring and daunting, as it means we are deeply invested in our work and feel a strong sense of purpose in improving students’ learning experiences. When a child experiences an issue with our platform, we feel it too.
As Seesaw continues to grow rapidly, our team is also growing quickly. Keeping up with this pace can be challenging, and we value flexibility as we continue to define and refine our needs. We have a learning culture and often learn through shipping, rather than obsessing over rigid processes. As we expand our team, we are committed to diversity, equity, and inclusion (DEI). We regularly survey employees, participate in training, and learn from our DEI Committee.
At Seesaw, we care deeply about our work and put in a lot of effort, but we don’t believe in working long hours or sacrificing our personal lives. We believe in taking breaks and recharging our batteries, so when we’re off, we’re truly off.
At the end of the day, the most fulfilling part of our work is seeing how much our users love our product. It’s incredibly gratifying to receive thank you tweets from teachers and know that our work is making a meaningful impact. While we experienced significant growth during the pandemic, we still have a lot of room to grow. By joining our team now, you will have the opportunity to help us expand into new markets and develop new features that enhance the learning experience even further.
Your Role:
Seesaw is looking for an experienced Senior Security Engineer to join our Core Platform team. In this role, you will play a key role in our international expansion efforts, working to achieve and maintain international compliance certifications like SOC2 and ISO 27001. You will work closely with engineering and product teams to conduct threat modeling, code reviews, and vulnerability assessments, promoting a culture of security awareness throughout the organization. Your expertise in automating security processes and enhancing existing frameworks will be critical in improving the security of our application and infrastructure. If you are passionate about building secure systems and driving compliance initiatives, we invite you to join our team at Seesaw and make a significant impact.
Your Responsibilities:
– Lead efforts to achieve and maintain internationally recognized compliance certifications such as SOC2 and ISO 27001, including developing and implementing policies, procedures, and training programs to ensure organizational alignment with compliance requirements.
– Collaborate with engineering and product teams to perform threat modeling, design, and code reviews to assess security implications and requirements for the secure development of new systems and technologies and remediate vulnerabilities in existing ones.
– Design, build, and deploy automation to scale application and infrastructure vulnerability discovery efforts across repositories, systems, and microservices.
– Develop automated security testing to validate secure coding best practices.
– Support external researchers through our bug bounty program and coordinate our annual security exercises.
– Proactively improve our security frameworks, documentation, tools, processes, and methodologies.
Your Requirements:
– Bachelor’s or Master’s degree in Computer Science, Information Systems/Technology, Cybersecurity, or a related field, or equivalent practical experience.
– 5+ years of experience in security engineering or application security, and 8+ years in a technical role.
– Proven experience in leading and managing the achievement of international compliance certifications, such as SOC2 and ISO27001, with a strong understanding of the associated frameworks and requirements.
– Experience identifying security issues in applications through code review, threat modeling, penetration testing, manual testing, and the use of security tools.
– Experience improving platform security practices within an AWS infrastructure stack and containerized environments.
– Experience collaborating with cross-functional product/engineering teams and providing guidance on addressing a broad set of security and privacy challenges.
– Strong knowledge and experience in at least one of the following programming languages: Python, JavaScript/TypeScript, or similar.
Nice to Have:
– Experience designing, implementing, and deploying production-quality systems.
– Strong understanding and experience with security controls and common security libraries in languages like Python and JavaScript.
– Experience with CI/CD pipelines and other general SRE skills.
– Experience with secure code review, penetration testing, and common security tools.
Compensation & Benefits:
We offer competitive salaries based on industry standards and our company size. Our total compensation package includes equity, perks & benefits, and development opportunities at Seesaw. Individual pay decisions are based on various factors, including qualifications for the role, experience level, skillset, location, and maintaining internal equity among team members. We expect that the majority of candidates offered a position at Seesaw will fall within our salary ranges based on these factors.
The annual base salary range for this position is $165,000 – $195,000 + RSUs.
This is an exempt position.
Benefits include:
– Medical/Dental + Orthodontics/Vision Coverage
– 401k Match
– Flexible Paid Time Off
– Mindfulness First Fridays
– Monthly Technology Stipend
– Home Office Setup Stipend
– Professional Development Stipend
– Paid Parental Leave
– Charitable Donation Matching
– Volunteer Days
Seesaw values building a diverse and inclusive team to better understand and advocate for our diverse K-12 users’ needs. We prioritize work-life balance and actively support our employees’ well-being. We encourage our team to work at a sustainable pace and have a flexible vacation policy that is actually used.
Seesaw is an equal opportunity employer. We do not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, national origin, physical or mental disability, medical condition, genetic information, marital status, veteran status, or any other class protected by applicable laws. In addition to federal law requirements, Seesaw complies with applicable state and local laws governing nondiscrimination in employment at all locations where the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
At Seesaw, we are committed to protecting your personal data. To learn more about the personal information we collect, how we use it, and your rights, please review our U.S. Privacy Notice.
Our company participates in E-Verify. Apply link
