Security Engineer

Company: Foursquare
Location: Chicago
Posted on: June 26, 2022

Job Description:

Foursquare is the leading independent location technology and data cloud platform, dedicated to building meaningful bridges between digital spaces and physical places. Our proprietary technology unlocks the most accurate, trustworthy location data in the world, empowering businesses to answer key questions, uncover hidden insights, improve customer experiences, and achieve better business outcomes. A pioneer of the geo-location space, Foursquare's location tech stack is being utilized by the world's largest enterprises and most recognizable brands.Foursquare's flexible building blocks include technology to maximize marketing impact and drive incremental real-world engagement (Attribution, Audience, Proximity, SDK); data to deeply understand points of interest and real-world behavior patterns (Places and Visits), and tools to conduct advanced analysis, data enrichment, unification and visualization (Unfolded Studio).About The TeamFoursquare is seeking an experienced Security Engineer to lead efforts and implement solutions to keep our users' and customers' data private and our systems secure.The Security team works with infrastructure and feature engineering teams to identify and mitigate risks to the business. We propose, design, plan and implement strategic and tactical security improvements - from remote access systems for employees, to authorization rules on our production fleet, to forward-thinking policy initiatives. Our infrastructure and feature engineering teams will be active and supportive partners, but the Security Team organizes and leads these efforts across the entire organization. We are trusted to stay one step ahead of malicious actors in a rapidly-changing threat landscape.As part of the Security Team, your work will be instrumental in ensuring both the safeguarding of our users' data and Foursquare's future business success.Our Tech Stack

• Languages: Java, Scala, Python, Clojure, Ruby
• Tools for pipeline orchestration: Airflow, Luigi
• Frameworks: Spark, MapReduce, Scalding, Spring Boot
• Infrastructure: AWS, Hadoop, Kubernetes, Docker
• Other technologies: Postgres, Hive, HBase, MongoDBResponsibilities
  • Propose, design, plan, and implement strategic and tactical security improvements across the organization, including surfacing non-obvious risks and attack surfaces.
  • Organize and lead cross-team efforts with infrastructure and engineering teams
  • Mitigate security risks and attack surfaces using a combination of policies and technological measures.
  • Establish and promote security recommendations and best practices, as well as provide security expertise across our entire tech stack.
  • Build security automation and guardrails using Test-Driven Development, Infrastructure as Code, and serverless frameworks.
  • Respond to Security Events, including isolating, mitigating, and investigating active threats. Conduct post-mortems to elevate the security posture of the company.
  • Advocate for the security culture of the organization, including collaborating with stakeholders across the company.Qualifications
    • 3+ years of experience in security engineering
    • 1+ years of experience in securing cloud environments (preference to AWS) with a deep understanding of Identity and Access Management
    • Thorough understanding of common access control patterns (especially RBAC), AuthN/AuthZ models, SSO standards (SAML 2.0, OAuth)
    • Experience developing and implementing employee remote access policies and systems
    • Working knowledge of network security with a focus on cloud networking
    • Strong written and verbal communication skills
    • Solid background using Linux and *nix operating systems
    • Proficiency in at least 1 programming or scripting language (preference to Python or Java), with a strong emphasis on Test-Driven DevelopmentNice To Have
      • Security research, penetration testing, or other red team experience
      • Other cloud security experience (GCP, Azure, Oracle Cloud etc.)
      • Experience with container orchestration systems such as Kubernetes
      • Security incident response experience including real-time mitigation of ongoing attacks
      • Experience in designing, architecting, and deploying large technical projects, with a focus on security
      • Experience with Infrastructure as Code frameworks such as Terraform or AWS CDK.
      • Experience with serverless frameworks such as AWS Lambda.
      • Proficiency in conducting security investigations, including log forensics and preservation of evidence.
      • Experience with understanding, predicting, and managing human factor risks.Perks And Benefits
        • Learning and development programs from individual contributors to managers
        • Individual, professional coaching for all full-time employees
        • Flexible time off - rest and recharge when you need it!
        • Comprehensive and competitive health, vision, dental, life insurance
        • 401(k) with company match
        • Home office setup: you get all necessary hardware and internet reimbursement
        • Family planning programs via Carrot and Maven
        • Employee Resource Groups to help you stay connectedFoursquare is proud to foster an inclusive environment that is free from discrimination. We strongly believe in order to build the best products, we need a diversity of perspectives and backgrounds. This leads to a more delightful experience for our users and team members. We value listening to every voice and we encourage everyone to come be a part of building a company and products we love.Foursquare is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected Veteran status, or any other characteristic protected by law.

Keywords: Foursquare, Chicago , Security Engineer, Engineering , Chicago, Illinois