Corporate Security Engineer

Job Overview

We are seeking a motivated and detail-oriented Corporate Security Engineer to help protect Posit's employees and corporate systems. The ideal candidate will have a strong interest in endpoint and SaaS security and a desire to build secure, scalable solutions for a distributed workforce. You'll play an important role in maintaining our security posture, implementing key controls, and ensuring the security of our employee-facing systems and data. Our department's mission is to ensure the security of Posit's employees, assets, and customer data. You will collaborate closely with other Corporate Security and Security Operations engineers to achieve our departmental mission. We achieve this through secure architecture design, threat detection and response, supply chain security, secure development practices, and security operations, enabling innovation with right-sized security controls. Since its inception, Posit has operated as a 100% distributed company with a SaaS-based infrastructure. This presents unique challenges and requires pragmatism, creativity, and a collaborative, detail-oriented approach to be successful.

Key Responsibilities

Own

• Set and enforce secure configuration standards for employee workstations across MDM solutions (Jamf, Intune, Kolide).
• Investigate and respond to corporate security incidents, including analysis, remediation, and digital forensics for workstations.
• Monitor and optimize the SIEM platform for corporate threat detection.
• Lead proactive threat hunting efforts, identifying adversary Tactics, Techniques, and Procedures (TTPs) using frameworks like MITRE ATT&CK across corporate systems.
• Conduct targeted security research into emerging threats and defensive strategies.
• Conduct regular workstation audits and analysis using CrowdStrike Falcon EDR.
• Proactively harden and monitor security configurations of collaboration platforms (Slack, Google Workspace, Zoom).
• Perform external network security scans of corporate assets to identify and resolve vulnerabilities.
• Utilize and enhance corporate security incident response playbooks.
• Support the vulnerability management program for workstations and corporate systems.

Assist

• Contribute directly to the enhancement of our security awareness and phishing programs.
• Support compliance initiatives by providing evidence of security controls for corporate systems.
• Help execute the security monitoring strategy across all corporate infrastructure and SaaS platforms.
• Aid in the security review and risk management of new vendors and software.
• Support security issue management during on-call rotation.

Teach

• Ability to work with IT and Operations for secure system administration, encompassing patching and security assessments.
• Guide and enforce security controls for all corporate SaaS platforms (e.g., Salesforce, Netsuite, BambooHR).
• Create and maintain technical documents and standards for corporate security, such as internal blog posts and security advisories.

Learn

• Use AI to improve Corporate Security and ways to protect software development and Posit customers from AI threats.
• Data science workflows to report on security operations and security posture.
• Experience with or knowledge of endpoint security architecture and services (EDR/XDR, MDM).
• Familiarity with securing SaaS applications and corporate environments.
• Familiarity with issue management systems for ticketing and event monitoring.
• Experience with security controls with an emphasis on vulnerability management and detection of misconfigurations.
• Experience with or willingness to learn a scripting language (e.g., Python) for security automation.
• Experience with or willingness to learn GitOps practices for versioning configuration and IaC.
• Familiarity with SIEM platforms and security telemetry analysis.
• Knowledge of identity and access management principles.
• Experience with or knowledge of security incident response procedures.
• Excellent written communication for use by other engineers and operators.
• Familiarity with security and compliance frameworks (e.g., CIS, NIST CSF,  SOC2, ISO 27001). 

Within 1 month, you’ll…

• Complete all HR and IT onboarding processes, security practices, and communication channels.
• Familiarize yourself with Posit products, departments, and goals. 
• Familiarize yourself with Posit's corporate security toolset
• Shadow members of the Corporate Security/Security Operations teams during routine tasks, including incident response investigations and security monitoring, to understand current workflows. 
• Begin active participation in team meetings and understand the current priorities and ongoing projects within the SecOps team.
• Conduct an initial review of the existing secure configuration standards for key collaboration platforms.

Within 3 months, you’ll…

• Independently investigate and respond to low-to-medium complexity corporate security incidents affecting workstations, utilizing established playbooks and performing digital forensics as needed. 
• Conduct your first external network security scan of designated corporate assets, document vulnerabilities, and present your findings and remediation suggestions to the team.
• Actively contribute to the execution of one security awareness campaign, including setup, monitoring, and analysis of results. 
• Propose and begin implementing at least one specific improvement to the security configuration of a designated collaboration platform (e.g., Slack, Google Workspace, Zoom). 
• Take the lead on researching one trending threat or vulnerability, delivering an internal intelligence brief that outlines its relevance to Posit and proposed defensive measures. 

Within 6 months, you’ll…

• Gather and provide evidence of security controls for corporate systems for audit requests to support compliance initiatives, based on systems knowledge
• Consistently manage and enforce secure configuration standards for employee workstations across MDM solutions
• Take ownership of monitoring and optimizing a specific segment of the SIEM platform for corporate threat detection, such as alerts related to endpoint or SaaS activity.
• Develop and publish at least one piece of technical documentation or an internal blog post on a corporate security topic relevant to Posit employees or IT operations.
• Successfully complete at least one on-call rotation for security issue management, effectively handling incoming alerts and issues.
• Lead the process from hunt to detection by independently executing threat hunts based on the MITRE ATT&CK framework.
• Enhance our threat intelligence capabilities by developing and integrating a new threat feed into our internal collaboration platform, delivering automated, actionable alerts to the security team.

Within 12 months, you’ll…

• Proactively identify and report on key security metrics related to workstation security and vulnerability management from tools like CrowdStrike Falcon EDR. 
• Elevate the threat hunting program by designing and automating novel hunting methodologies, measurably improving detection coverage, and reducing manual investigation time.
• Become a recognized subject matter expert on threat actors relevant to Posit. Translate your research into actionable security controls and team-wide training to directly shape defensive strategy and mentor team members.

 

Posit offers competitive compensation with extensive human-first, people-focused benefits to prioritize your personal and financial well-being. Individual pay decisions are based on a number of factors, including qualifications for the role, experience level, and skillset. This hiring range reflects base salary and assumes that the job will be performed in the United States.

Hiring Range$120,600—$159,170 USD

Working at Posit:

• We welcome all talented colleagues and are committed to a culture that represents diversity in all its forms.
• We prioritize giving ourselves “focus time” to get deep work done. We minimize meetings and attempt to operate asynchronously.
• We are a learning organization and take mentorship and career growth seriously. We hope to learn from you and we anticipate that you will also deepen your skills, influence, and leadership as a result of working at Posit.
• We operate under a unique sustainable business model: We have over 50% of our engineering dedicated to creating free and open source software.  We are profitable and we plan to be around decades from now.
• Posit is a Public Benefit Corporation (PBC) and a Certified B Corporation®, which means our open-source mission is codified into our charter. As a result, our corporate decisions balance the community's interests, customers, employees, and shareholders. Hear more about why we think this matters here.

Notable:

We offer competitive compensation with extensive human-first, people-focused benefits to prioritize your personal and financial well-being. These benefits apply to full-time positions only.

• 100% of medical, dental, and vision insurance premiums are covered for employees and their families! Fertility and gender-affirming healthcare is included in all of our plans.
• Supplemental mental health and wellness benefits are available via Ginger even if you don’t opt in to our insurance plans, including Ginger for teen family members.
• Posit's gender-neutral paid parental leave policy covers all new parents, including foster and adoptive parents.
• All full-time employees are eligible for 401k enrollment starting on day one.
• After six months of employment, Posit provides a substantial yearly match to employee 401K contributions.
• An annual profit-sharing bonus for employees recognizes our team’s contributions to company performance across the year.
• We are a 100% distributed team. You are also welcome to come into our Boston office. 
• We offer a $400 monthly reimbursement for coworking space rental if you prefer to work away from home. 
• Our Lifestyle Savings Account offers an initial deposit of $1800 and then an additional quarterly stipend of $375 to cover the costs of professional development, wellness, financial health, charitable giving, and remote work support.
• We provide a flexible environment with a generous vacation policy that encourages a minimum of four weeks PTO per year plus 13 paid company holidays.

Are you excited about this role but not sure if your experience aligns with every qualification in the job description? That’s okay. We know multiple perspectives are essential for a thriving organization and we'd still love to hear from you! 

Posit is committed to being a diverse and inclusive workplace. We encourage applicants of different backgrounds, cultures, genders, experiences, abilities, and perspectives to apply. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed.

Posit Software, PBC participates in the federal E-Verify program, which confirms employment authorization of newly hired U.S. based employees. E-Verify is not used as a tool to pre-screen candidates and is only initiated upon hire.

E-Verify Participation Notice (English/Spanish)

Right to Work Notice (English/Spanish)

#LI-REMOTE