At Sequoia, we are fueled by a passion to serve our clients and their needs. Through a blend of guidance, service and technology, we are revolutionizing the way employee benefits, 401(k), insurance and HR are experienced by companies and their people.
Sequoia’s clients are innovative, people-first businesses who are shaping the future: the market disruptors, the paradigm shifters, and the leaders that are pushing their industries forward. As a team, we strive everyday to make an impact on lives in the workplace. We stay dedicated in our commitment to come through for people who put their trust in us, no matter what.
A new opportunity at Sequoia:
We’ve come a long way since launching Sequoia in May of 2001 with just a benefits services offering, one location, and five employees. Now, we have offices in 4 US locations, 1 global location and have big plans for the future. Our goal both then and now, create a truly special company that would take care of people and make a significant positive impact in their lives. The Security & IT Team is looking for a Security Engineer to support the complex security needs of our expanding operations and technologies.
What does the job entail?
The Security Engineer will partner with multiple teams to develop cutting edge processes and technology for protecting Sequoia’s information assets. As we continue to strengthen the company’s security posture, you will focus on conceptualizing, planning, implementing and operationalizing IT Security services and technologies for Sequoia globally, as well as testing the company’s systems and applications for security holes. The successful candidate will be based out of our San Mateo office and should demonstrate the desire and ability to learn and grow with our team.
What You'll Do:
- Use your deep technical expertise to penetration test and probe all company networks, applications, systems and technologies
- Prioritize and fix vulnerabilities that arise from testing and probing
- Collaborate with IT, Engineering and other teams to close security holes
- Conduct security-related events analysis and provide correlation and response support
- Participate in IR exercises and incident investigations
- Manage and improve the Threat and Vulnerability Management (TVM) program and the remediation of vulnerabilities for web, mobile applications and infrastructure.
- Set up a bug bounty program to help test and identify gaps
- Stay updated on security trends and emerging threats while understanding their impact on Sequoia
- Stay abreast of AWS services and security solutions, as well as other technologies and security tools
- Partner with the IT team to secure AWS, Azure and all corporate environments and services
What You'll Need:
- Bachelor’s degree required along with at least 3 years of relevant technical experience and at least one relevant certification (e.g., CISSP, CISA, CISM, CEH, GPEN, GXPN, GWAPT, GMOB, GCIH, OSCP, CEPT)
- Strong familiarity and experience with OWASP Top 10 and CWE/SANS Top 25
- Must be comfortable with systems operations and maintenance in an MS Windows environment (Active Directory, Office365), Unix/Linux/Ubuntu
- Knowledge of AWS services and eager to learn more about AWS security
- Expertise with tools such as Kali Linux, Metasploit Framework, Burp Suite, AppScan, WebInspect, static code scanners (Veracode, Fortify, SonarQube), Android Studio, qark, MobSF, Frida, Objection, ios-deploy, applesign, Charles Proxy, Pip3line, SublimeText
- Pen testing methodology, reverse engineering, vulnerability research and exploit development and ability to clearly write reports and explain findings and remediation
- Experience with digital forensics, debuggers, web proxies, web app scanners, network scanners and tools such as Nessus and nmap
- Networking knowledge of Internet firewalls, WAF, LAN, WAN, TCP/IP and VPN environments
- Excellent interpersonal skills are required along with the ability to build productive relationships in a collaborative and fast-paced environment
- Most importantly, live our Sequoia values day in and day out
What Success Looks Like in the First 3 Months:
- You have developed trust and partnership with the leaders and managers in Security & IT, Technology and other functional teams
- You have established a process for tracking and managing application and infrastructure vulnerabilities and reporting on those
- You have identified and addressed 5 vulnerabilities in our systems and applications
• Passion for service
• Growth oriented
• Caring for others
• Focused on relationship building
• Meaningful & Fun
What can we offer?
Competitive salary + performance-based bonus programs
Great health insurance + wellbeing package
401k retirement savings plan