Staff Security Engineer

Remote US

Applications have closed

Everlaw

Transform your approach to litigation and investigations with the world’s most advanced ediscovery software.

View all jobs at Everlaw

Everlaw is looking for a Staff Security Engineer. Reporting to the Director, Security Engineering, you will be a leading member of the technical security team at the company. Security is one of the main strategic pillars at Everlaw, and we are looking for someone to help us execute on that strategy and protect our most valuable asset--our customer data.

Everlaw's customers entrust us with some of their most sensitive information, and it takes dedication and care to protect it. Some of the world's most high-profile cases are managed using the Everlaw Platform. We set a high bar to do what's right by our users.  Tackling litigation with technology presents deep challenges. Data is spread across distributed systems, stored in varied databases, housed at different physical locations. Keeping our users' data safe requires a passion for learning new technologies because we have to be good custodians no matter whether data flows through a Web application, gets stored in a data warehouse, or is used to train the latest machine learning algorithms. We are dedicated to continuously learning and improving our processes to achieve our mission.

Security Engineering supports teams across Everlaw in creating and operating a secure platform that meets the security and compliance requirements of our customers and company.  We collaborate, build, and use technology to make it easy to do the right thing.  We seek to understand people's needs and strive to protect confidentiality, integrity, and availability of information.

At Everlaw, our mission is to promote justice by illuminating truth. Our company culture is open and vibrant and we’re committed to the professional growth of our team members, offering an annual learning and development stipend and regular check-ins with managers regarding career goals. If you’re looking for a place that values passion, integrity, thinking big, and a desire to learn, we’d love to hear from you! Think you’re missing some of the skills and are hesitant to apply? We do not believe in the ‘perfect’ candidate and encourage you to apply if you feel you can bring value to our team.  

This is a full-time, exempt remote position. 

Getting started

  • We want you to feel like part of the team early on! Our onboarding process will integrate you into the company with informative sessions on our product, policies, processes, and team structure and goals. 
  • We’re excited for you to learn, grow, and contribute right away! We trust that you’ll bring experience and knowledge that will uplift and uplevel the team, but we don’t expect you to know everything on Day 1.

In your role, you'll...

  • Help define and implement Everlaw's security strategy.
  • Lead a team of security engineers to build and integrate tools to ensure a scalable and efficient secure software development lifecycle (SSDLC).  You'll draw upon your experience to guide and develop the skills of other security engineers.
  • Advise other engineers on building a secure platform.  You'll lead threat modeling sessions, conduct security design reviews, and review code and configuration changes for security concerns.
  • Build out security improvements on our AWS accounts, covering areas like authentication, authorization, threat detection, encryption, and reducing attack surface.  We have a vision including IAM, AWS Security Hub, Amazon GuardDuty, AWS Config, Service Control Policies, AWS Firewall Manager, and more.  You'll add to the vision and help make it reality.
  • Collaborate with Engineering, Engineering Operations, IT, and GRC teams to help meet our operational security commitments by probing for vulnerabilities, assessing the risk, and advising on how to respond to them.
  • Triage security events and respond to security incidents, first taking action to contain them and later guiding us to recover normal operations and minimize the chances of recurring threats.
  • Develop new security processes, procedures, and runbooks, and refine existing ones, to help Everlaw scale with its rapid growth.
  • Find creative ways to solve problems without saying no to innovation.  You'll find many thoughtful coworkers at Everlaw who are interested in making things more secure.  The expertise you bring will be valued and will help others develop a security mindset and think like an attacker.

About you

  • You have an interest in security and want to develop your security knowledge, skills, and abilities.
  • You have at least 8 years of experience working in security.
  • You have led significant security projects with a team of engineers that were delivered successfully and impacted multiple functions.
  • You have programming skills in at least one scripting language (like Python).
  • You have a keen eye for spotting problems and figuring out how to exploit them or defend against them, and don't like to let them go unfixed.
  • You're able to collaborate effectively with coworkers on different teams.  You can explain technical concepts without jargon, and keep security relatable.  A big part of the job is helping others across the company solve security problems.
  • You are willing to find creative ways to improve security without blocking others.  Security is important, but it's just as important for people to be able to do their work, and we need to find the right balance and make security easy for people.

Pluses

  • You have previous experience with software-as-a-service and distributed systems.
  • You have programming skills in at least one compiled language (like Java).
  • You have experience with AWS, Terraform, Ansible, git, and other infrastructure, development, and operations tools.
  • You're familiar with security tools like vulnerability scanners (e.g. Nessus/ZAP/Burp), host intrusion detection systems/HIDS (e.g. OSSEC/Wazuh/Threat Stack/auditd), network intrusion detection systems/NIDS (e.g. Snort/Suricata/Zeek), security information and event management/SIEM (e.g. Splunk/ElasticSearch+Kibana/ArcSight/Qradar), and security orchestration and response/SOAR.

Benefits

  • The expected salary range for this role is between $198,000 - $247,500. The final offered salary will be dependent upon many factors including the candidate’s experience and skills. The base pay range is subject to change in the future.
  • Equity program
  • 401(k) retirement plan with company matching
  • Health, dental, and vision
  • Flexible Spending Accounts for health and dependent care expenses
  • Paid parental leave and approximately 10 days (80 hours) per year of sick leave
  • Seventeen paid vacation days plus 11 federal holidays
  • Membership to Modern Health to help employees prioritize mental health and wellness
  • Annual allocation for Learning & Development opportunities and applicable professional membership dues
  • Company-sponsored life and disability insurance
  • Find out more about our Benefits and Perks

Perks

  • Monthly home internet reimbursement
  • Select your preference of hardware (Mac or PC) and customize your desk setup
  • Enjoy a wide variety of snacks and beverages in the office
  • Bond over company-wide out-of-the-box events and fun activities with your team
  • Time off for company-sponsored volunteer events and 4 paid hours per quarter to volunteer at a charitable organization of your choice
  • Take advantage of learning and career development opportunities 
  • Ranked #9 on Glassdoor's Best Places to Work 2023 for US small and medium companies
  • One of Wealthfront’s 2021 Career Launching Companies, and ranked #2 on the “2022 Bay Area Best Places to Work” list by the San Francisco Business Times and the Silicon Valley Business Journal
  • One of Fast Company’s World's Most Innovative Companies for 2022 and proud contributor of free ediscovery resources to benefit the greater good through “Everlaw for Good”
  • #LI-EJ1
  • #LI-Remote
Pursue Truth While Finding Yours At Everlaw, we are deeply invested in pursuing the truth, for our clients and for our employees. We know that when you’re empowered to pursue your passions, it is reflected in the work. That’s why we’re committed to the professional growth of all our team members, offering an annual learning and development stipend and regular career check-ins with managers. If you’re looking for a place that values passion, integrity, and a desire to learn, we’d love to hear from you!    ​​About Everlaw We help law firms, government agencies, and corporations sift through millions of documents of evidence in big lawsuits and investigations to find the proverbial smoking gun (or needle in the haystack -- pick your metaphor). It's a multi-billion dollar space typically dominated by service-oriented vendors, and we're coming at it with cutting-edge technology and elegant design. It's working, and we've been growing very rapidly: we host hundreds of terabytes of data and work with all 50 state Attorneys General and hundreds of law firms on some of the most high-profile cases litigated today.    Everlaw is an equal opportunity employer. We pride ourselves on having a diverse workforce and we do not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law. We respect the gender, gender identity and gender expression of our applicants and employees, and we honor requests for pronouns. It is our policy to comply with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity, including the California Equal Pay Act.  Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.   Everlaw requires all of its employees to be fully vaccinated for COVID-19, unless a medical or religious exemption applies.  If you are hired, we will require you to prove that you have received the COVID-19 vaccine, unless you have received a medical or religious exemption.   We collect and process the personal information you provided along with your job application in accordance with our Applicants Privacy Notice and Notice at Collection.
Job stats:  38  7  0

Tags: Ansible ArcSight AWS Compliance Elasticsearch Encryption Exploit Firewalls IAM Intrusion detection Java Machine Learning Nessus Privacy Python QRadar Scripting SDLC Security strategy SIEM Snort SOAR Splunk SSDLC Strategy Terraform Threat detection Vulnerabilities

Perks/benefits: Career development Equity / stock options Flex hours Flex vacation Health care Home office stipend Insurance Medical leave Parental leave Snacks / Drinks Startup environment Team events Wellness

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.