Staff Information Security Engineer

Staff Information Security Engineer

Department: Cloud Platform Operations

Employment Type: Full Time

Location: Minneapolis, MN

Description

We’re SmartThings, one of the leading IoT ecosystems in the world, creating the most effortless way for anyone to create a smart home. As a wholly owned subsidiary of Samsung, our corporate offices are based in Minneapolis and the Bay Area.

More than 350 million people worldwide use SmartThings to control and manage their connected life. SmartThings delivers simple, powerful experiences across Samsung’s leading portfolio of phones, TVs, and appliances.  We also offer the most versatile smart home experience as an open platform with a rich partner ecosystem (think IKEA, SONOS, Honeywell, and so many more). As a founding member of Matter, we are a leader in the industry to help make smart homes more secure, reliable and seamless to use.  Come be a part of the leading edge of IoT innovation!

About The Team

The Information Security and Privacy team at SmartThings is responsible for empowering our partners to succeed safely and securely. The world of IoT represents many new opportunities for how computers interact with the world around, and with that brings new challenges. As a Staff Information Security Engineer your role will support our ecosystem, its expansion, and growing list of new features to ensure the assets of SmartThings and our users are protected at all times.

Key Responsibilities

This position is a hybrid role, based onsite 3 days a week at our office in Minneapolis, MN. 

In this role, your primary responsibilities will include the following: 

• Collaborate with partner teams to achieve strategic initiatives by providing security and privacy expertise.
• Assess and audit the security and compliance posture of the cloud platform against various internal and external risk and regulatory security frameworks
• Develop and implement effective security controls for cloud-based and distributed architectures.
• Ensure necessary security controls and requirements are well understood and secure development practices are in place while empowering engineers to do their jobs confidently.
• Perform risk and data privacy assessments to assess the appropriateness and effectiveness of security measures and recommend enhancements.

Skills, Knowledge & Expertise

Inclusive Hiring Practices

Don’t meet all desired requirements? Studies have shown that some people are less likely to apply to jobs unless they meet every single desired qualification. At SmartThings, we are dedicated to building a diverse, inclusive, and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly in the job description, we encourage you to apply anyway. You may be just the right candidate for this or other roles.


What You Bring On Day One (Required Qualifications) 

• BA/BS or MS in Cybersecurity, Computer Science, or similar discipline.
• 8+ years of hands-on experience in information security with a strong focus on cloud security, risk management, and secure architecture
• Demonstrated expertise in securing AWS environments including deep familiarity with AWS native security services (e.g. Security Hub, GuardDuty, Inspector)
• Solid understandings of security architecture and design principles for cloud-native and distributed systems.
• Strong experience in vulnerability management with a focus on triaging and prioritizing vulnerability remediation
• Working knowledge of compliance and privacy frameworks such as ISO 27001, GDPR, and CCPA

Desired Skills

• Experience with infrastructure-as-code and security automation (e.g. Python, Terraform, Boto3)
• Experience conducting design reviews and threat modeling for new features and services
• Familiarity with privacy engineering concepts including data flow mapping and data minimization
• Security certifications such as CISSP, CCSP, AWS Security Specialty are a plus
• Understanding of IoT architecture and protocols (e.g. Thread,, Zigbee, Z-Wave) and the associated security challenges

SmartThings Benefits

• We offer an attractive compensation package with comprehensive health benefits, including medical, dental, vision, and mental health; an HSA with employer contribution; life & disability insurance; FSAs for health and dependent care expenses; a competitive 401k with a 5% employer match, and more.
• All of our employees enjoy unlimited PTO, 12 paid holidays, and a generous parental leave policy (8 weeks fully paid parental leave and 8 more fully paid weeks for childbirth recovery leave). 
• Eligible employees benefit from our education reimbursement program, and all employees enjoy access to learning resources through O’Reilly.
• Our commitment to diversity, equity, inclusion and belonging is embedded into our culture and our work, and everyone has frequent opportunities to join forums and groups and participate in ongoing projects.
• We offer a parking stipend to cover the monthly garage cost. EV chargers are also onsite.
• In-office catered lunches on Thursdays.
• Access to the onsite gym.

Base compensation range for this position is $135,760 to $203,640 USD Annually. Actual base within this range will depend on many factors including experience, skills, technical expertise and market alignment. In addition, this role is eligible for a 20% annual target bonus based heavily on individual performance.

At SmartThings, we are committed to creating an inclusive and accessible environment for all. If you require accommodations to participate in our hiring process or to perform the requirements of the job, we will work with you to meet your needs in compliance with applicable laws. Please reach out to talent@smartthings.com and a member of our Talent Acquisition team will connect with you further!