OverviewAt Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while engineers are stuck integrating the tools they want to use. Segment standardizes and streamlines data infrastructure with a single platform that collects, unifies, and sends data to hundreds of business tools with the flip of a switch. That way, our customers can focus on building amazing products and personalized messages for their customers, letting us take care of the complexities of processing their customer data reliably at scale. We’re in the running to power the entire customer data ecosystem, and we need the best people to take the market. 

The Security team at Segment is building a comprehensive security program in order to protect our customers’ data. We work with different teams across the company to ensure our security practices and controls are constantly improving. In order to keep up with our internal customers’ needs and our external customers’ expectations around security, we need our security controls to provide clear insight into the risk introduced into our environment. These controls must be lightweight, efficient, automated to the extent possible, and mature enough to stand up to customer and third party audits. We also need to enable our go-to-market teams to provide fast and accurate responses to security questionnaires from our customers, and assist with responses when needed. Further, we need to efficiently and accurately assess the risk introduced into our environment through the use of third parties while balancing the need to enable our internal customers. These are top-tier business problems that you as a Security Workflow Engineer at Segment could dig into right away. Security is the most important thing happening in engineering at Segment, and will always have strong support and high internal visibility by company leadership. 

Who we are: 

We're a small team with a passion for startup security, which means we are always thinking of newer and better ways to tackle hard security, risk, and compliance problems. We take on ambitious projects that have a big impact on our customers and the security of our company. We talk about our methods, trials and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you; if you want to create innovative security solutions for classic security problems, we'd love to hear about your approach and introduce you to our team.

A little more about our Security and GRC team:

• We showcased the importance of making security tooling more usable by demoing our OWASP ZAP contributions at Appsec USA
• We discussed our overall approach to our security engineering program at LASCON
• Our CISO’s approach to Building a Security Team and Program
• We deleted every employees’ AWS keys!
• We help organize the OWASP SF chapter, the AppSec California, B-Sides SF, and Day of Shecurity conferences

What we do:

• We are the Governance, Risk, and Compliance (GRC) team within the overall Security organization, and we deliver compliance, privacy, and risk projects that have a positive business impact at Segment.
• We help assess and manage internal and third-party risk to Segment and our customers.
• We enable our sales and customer success organization by accurately and confidently communicate our security posture to customers.
• We set ambitious goals, and we hold ourselves and each other to high standards.

We encourage you to apply if this role excites you - even if you think you may not meet all of the qualifications. At Segment, we live by four values: karma, drive, tribe, and focus. We are always looking for outstanding individuals with diverse backgrounds and perspectives who embody these values. To learn more about life at Segment and our commitment to diversity, equity, and inclusion, visit our LinkedIn page. We’re excited to meet you!

Who we are looking for:

We are seeking an individual who is enthusiastic to learn, contribute, and influence all facets of the security Governance, Risk, and Compliance program. Qualified candidates will successfully demonstrate the following experience and attributes:

• You understand threats, vulnerabilities, and risk, and the value of providing actionable data points to stakeholders.
• You are comfortable creating GRC dashboards and are excited to create GRC tools.
• You have worked to design, build, or implement APIs to maximize usage of data across multiple systems.
• You have ability to simplify complex security issues and risks for business stakeholder consumption and decision making.
• You have figured out how to spend less time doing manual work and are constantly think about how to automate things.
• You have a high-level understanding of how cloud infrastructure works including AWS, Terraform, and GCP.
• You have strong organizational and prioritization skills and can get challenging projects across the finish line.
• You are genuinely interested in working on a fast-paced Security GRC team, learning from industry professionals and challenging the status-quo.

Projects We’re Currently Working On:

• Revolutionizing the way that GRC is done everywhere. We are implementing multiple GRC processes and want to automate as many aspects of our maturing GRC program as possible - think GRC as a service. These processes are in areas such as risk, third-party security, and compliance audits.
• We are constantly evaluating and raising the security and privacy bar to exceed customer expectations.

Requirements:

• A degree in Computer Science or equivalent experience 
• Successfully built or heavily contributed to automating processes that were once manual 
• Comfortable working with at least one high level programing language
• Experience working in an environment that required compliance to common security or privacy frameworks, such as SOC 2, ISO 27001, FedRAMP, or HIPAA
• Top notch communication skills and comfort sharing contributions to the rest of the company
• Stay current with emerging security and privacy trends

We encourage you to apply if this role excites you - even if you think you may not meet all of the qualifications. At Segment, we live by four values: karma, drive, tribe, and focus. We are always looking for outstanding individuals with diverse backgrounds and perspectives who embody these values. To learn more about life at Segment and our commitment to diversity, equity, and inclusion, visit our LinkedIn page. We’re excited to meet you!

Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment in all terms and conditions of employment regardless of sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, race, color, religion, creed, national origin, ancestry, age (over 40), physical disability, mental disability, medical condition, genetic information, marital status, domestic partner status, military or veteran status, height, weight, AIDS/HIV status, and any other protected category under federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.