Information/Product Security Engineer Lookout
San Francisco, CA

Job Description

Lookout is a cybersecurity company for the post-perimeter, cloud-first, mobile-first world. Powered by the largest dataset of mobile code in existence, the Lookout Security Cloud provides visibility into the entire spectrum of mobile risk. Lookout is trusted by hundreds of millions of individual users, enterprises and government agencies and partners such as AT&T, Verizon, Vodafone, Microsoft, Apple and others. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, India, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com and follow Lookout on its blog, LinkedIn, and Twitter.

Lookout is a modern startup for the modern world, run by apps! As part of Lookout's engineering team, you will have an opportunity to take on some of the most interesting challenges in one or more core areas of intellectual property and fundamental building blocks that form Lookout's category-defining Personal and Enterprise products. In order to tackle these challenging problems, you must be open-minded to explore new areas as well as evolve key existing systems, such as high scale cloud systems, mobile platforms(iOS/Android) development, detection engines, analysis systems cloud backend micro-services, front-end/UI, Data Engineering, Machine Learning, Threat research and CI/CD. If you enjoy building cutting edge products leveraging the latest technologies, tools and development methodologies, and want to make an immediate impact through your work, come check us out.

About the job:

Lookout's users and product developers trust our Information Security team to provide them with the most secure experience. We're looking to hire Application Security Engineers to ensure that our products are designed and implemented in the highest security standards. You will have incredible communication skills and experience analyzing products from a security perspective.

You immerse yourself in all aspects of security, especially as it relates to building secure microservice-based cloud products, DevSecOps and stopping attacks in the cloud. You are looking for an opportunity that will try your technical skills and challenge your creativity. You are ready to face a wide range of security questions, many of which have not been considered before. Production servers, networks, endpoint devices, and data are safe in your hands. You are a subject matter expert who wants to implement tactical solutions and contribute to innovative solutions to big picture issues.

Responsibilities:

You'll be tasked with improving security across all aspects of Lookout. The infrastructure, mostly in Amazon Web Services, will run complex highly security-sensitive services, and at significant scale. You will be challenged every day.

* Push the boundaries of security technology to create defenses for large scale production infrastructure and networks.
* Provide subject matter expertise on network architecture, DevSecOps, building secure software and implementation security controls in an Agile environment
* Perform security assessments of production, corporate and cloud infrastructures
* Define and implement network access control policies, automation and technical controls
* Harden our infrastructure from attack by implementing strong Agile Security Development Lifecycle (SDL) tools and processes
* Define and implement innovative monitoring and alerting systems to enable detection of intrusions
* Provide training to engineering teams on application security related topics.
* Build frameworks to provide secure defaults to engineering teams and tools that will automatically scan and detect security problems.
* Evangelize security within Lookout.
* Create services and tools to manage the security of our infrastructure

Requirements:

* BS in Computer Science, Computer Engineering of Electrical Engineering
* 8 + years of practical experience with security architecture, design and implementation in large scale products and cloud infrastructure
* Experience in a DevOps and Security (DevSecOps) focused environmentHands on experience with AWS and AWS security controls (IAM, Lambda, Cloudtrail, KMS)
* Experience with writing and using network automation tools, and scripting languages (ruby/python preferred)
* Software development experience, and deep familiarity with Secure Development Lifecycles
* Expert knowledge of Linux operating systems
* Expert knowledge of cryptographic protocols
* Security Certifications are a plus
* Familiarity with compliance frameworks and standards (FedRamp, PCI, etc.) is preferred

Desired qualifications and skills:

* 1+ years of experience in application security related field (code reviews, application penetration testing, security engineering).
* An expert in two or more of the following domains: cryptography, authentication and security protocols, web application security, mobile application security, cloud based services, and threat modeling.
* Development experience in Ruby or Java.
* Excellent written and verbal communication skills.
* Excellent teamwork and leadership skills.