Senior Security Engineer
We have a simple mission at Calm: To make the world a happier and healthier place.
The heart of Calm is digital but the brand is expanding offline into a variety of products and services that bring more peace, clarity and perspective into people’s busy lives. We are building Calm into the Nike of the Mind. We believe Calm can become one of the most valuable and meaningful brands in the world.
Over 50 Million people have downloaded the app and we are growing by 85,000 new downloads a day. The company is profitable and headquartered in San Francisco, CA.
Calm was co-founded by Alex Tew (Million Dollar Homepage) and Michael Acton Smith (Mind Candy, Moshi Monsters, Firebox).
Mission
Calm is looking for a strong candidate to be a part of our Security Operations Center Team. The SOC team monitors, analyzes and responds to infrastructure and application threats and vulnerabilities. An ideal candidate for this position is a highly motivated individual, with a good IT security background who excels operating and deploying security technology. This candidate will have been either a SecOps engineer or possible a DevSecOps engineer in previous roles. This role is primarily designed to interface with lots of other teams, and ensure Calm is adhering to the security/compliance standards we have agreed to.
Outcomes
- Detection, monitoring, analysis, resolution of security incidents
- Perform network, application, and log intrusion detection, or implement and utilize technology that does so
- Prioritize activities based on current business objectives
- Must be able to maintain awareness of trends in security regulatory, technology, and operational requirements
- Lead monthly security awareness training for the entire Company
- Partner with IT/SRE in ensuring we are meeting all required compliance standards
- Ensure we are up to date on the latest patches, security issues
- Champion security improvements Calm can make internally in addition to required compliance standards
- Perform internal security audits and generate reports along with remediation documents
- Document and write internal security policies and ensure they are communicated to relevant parties
- Familiar with KMS, Encryption & SSL
- Automation for reporting and analysis
Competencies
- Strong communicator, both written and verbal
- 5+ years experience in SecOps/DevSecOps
- Strong attention to detail
- Proactive. Will follow up when things don’t get resolved
- Enthusiasm and passion for quality
- AWS, GCP or Azure (Prefer AWS)
- HIPAA Compliance (Or similar NIST, ISO, FedRamp)
- Log monitoring tools
- Access control tools/monitoringSTRONG network topology understanding and experience
- Audit alerting and monitoring and automation
Familiar with
Benefits
- Competitive salary and equity
- Take what you need PTO
- We pay your medical, dental, & vision insurance premiums
- 401K
- Commuter benefits
- Life insurance and disability benefits
- Apple equipment
- Fun, energetic work environment, and daily perks - snacks, drinks, catered lunch twice a week
- Opportunity to work with a product focused on making the world happier and healthier
And much more!