Security Operations Engineer - Remote
Who We Are:
Nacelle was built for technology-forward merchants drawn to the benefits of a headless architecture but dissatisfied with the costs and complexity associated with adoption. Leaders at FTD.com, Boll & Branch, and Thinx use Nacelle to eliminate the typical maintenance costs and infrastructure complexities related to going headless while accelerating their time-to-market. Unlike traditional commerce solutions, our product is built on event-driven and elastic core technology optimized for flexibility, performance, and customization.
Nacelle is an early stage, venture-backed, fully remote company. Recently closing our Series B round for $50m, our institutional investors include Tiger Global, Index Ventures, Inovia and more. We also have raised from notable industry angels including leaders from Shopify Plus, Attentive, and Klaviyo.
Nacelle is looking for a focused Security Operations Engineer who can take on a leadership role in responding to security issues across our SaaS platform and within our Organization. You must thrive in high-pressure situations, think like both an attacker and defender, and drive relevant teams to take the right actions in the right timeframes to mitigate risks.
We are looking for an individual who can balance technical risks against business risks and consistently drive for results. You must have a passion for engineering solutions to complex security challenges, and recognize and fill gaps in capabilities.
This role will report directly to the Sr Director of Security and Compliance and will work closely with Engineering and DevOps to successfully deliver on corporate security strategies.
- Manage and develop security monitoring systems such as IDS, SIEM, HIPS, etc.
- Work with engineering stakeholders to fix security issues
- Create workflows and processes to intake, triage, and resolve security issues
- Execute proactive threat modeling and implement measures to strengthen our preventative controls
- Support vulnerability scanning and remediation
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- Perform root cause analysis on past security incidents to recommend improvements
Skills & Qualifications:
- Practical knowledge of AWS cloud services and structure
- Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
- Thorough understanding of the latest security principles, techniques, and protocols.
- Network detection experience at various TCP/IP layers
- Strong knowledge of the AWS suite of security-related services.
- Experience in vulnerability management, risk quantification, and remediation
- Desire to work at a fast-paced startup
Nice to Have:
- Experience with the operation of cloud-based infrastructure and API security using services such as AWS EC2 security groups, AWS Web Application Firewall, or AWS Shield
- Past work experience with cloud-based security services like AWS Security Hub, Amazon GuardDuty, Amazon Inspector, Amazon Detective, or AWS Config
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols.
- Microservice architecture fundamental knowledge
Benefits & Perks:
- Competitive compensation packages
- Stock options
- Robust benefits packages which include medical, dental, vision, HSA/FSA, as well as employer-paid life insurance, and short/long-term disability
- 401(k) with an employer match
- Unlimited Mental Health Teledoc appointments
- Paid parental leave
- Unlimited PTO in addition to paid holidays and sick days
- Monthly wifi stipend
- Home office setup budget
- Annual Learning and Development stipend
- 100% Remote culture with a minimum of one company in-person retreat per year + team-specific retreats
- Company provided Macbook
- An environment that values and promotes continuous learning, true ownership, and teamwork