Staff Security Engineer at Drift
Drift is the new way businesses buy from businesses. With its quickly evolving set of tools and playbooks, Drift is the world’s leading conversational marketing platform, trusted by top enterprise businesses like Ellie Mae, Marketo, Okta, Outreach, Vidyard, and over 150,000 other businesses. Sales and marketing teams rely on Drift to connect now with the customers who are ready to buy now. Based in Boston, Drift was founded by serial marketing technology entrepreneurs David Cancel and Elias Torres and is backed by leading venture capitalists including CRV, General Catalyst, and Sequoia.
About the role
The Security team at Drift plays an integral and recognized role within the company. Our customer-centric focus means that ensuring the confidentiality, integrity and availability of their data and our services is something we are proud to demonstrate. That enables the team to not only practice their craft, but do so in a customer facing way, working cross functionally with sales, customer success, and others on a daily basis.
What you’ll be doing on the team:
As the security engineer in our Boston office, you’ll be responsible for:
- Overseeing our Production Network and Infrastructure Security in AWS.
- Developing our Security Operations Center (SOC) including being a leader of the Security Incident Response Team (SIRT).
- Distinguishing security-related alerts by operating a dedicated Security Event Information System (SEIM)
- Managing multiple layers of Corporate Security including Email, DLP, SSO, MFA, End-points and Firewalls.
- Flying side-by-side with our sales organization to respond to front-line customer questions about our security program.
- Monitoring internal controls and ensuring policy requirements are adhered to.
- Evaluating third-parties to ensure their security standards meet our requirements.
In one month you'll
- Become deeply familiar with our production and corporate environments and capable of navigating confidently within our architecture.
- Meet with your immediate teams and the key stakeholders you support and build trusted relationships.
- Understand our internal control framework and timelines by which oversight tasks must be completed.
- Work with Engineering to understand the incident response process and be able to represent the security team when called upon to collaborate in problem solving and response.
By month 3 you'll
- Serve as point with our external auditors to complete our 2019 SOC-2 Audit.
- Deploy a robust SEIM to centralize alerts and have it tuned appropriately.
- Know how to diagnose and make appropriate configuration changes in all of our production and corporate security applications and systems.
- Enhance internal documentation of security processes so that they are consistent and transparent.
- Have become a trusted advisor across the company, someone people feel comfortable turning to for assistance and expertise.
By month 6 you'll
- Develop an innate understanding of our environment and be able to independently handle even the most complex customer security questions
- Be prepared to propose whether our SOC should be internal or leverage an MSSP, and come to the table with an actionable proposal for management.
- Progress from understanding policies and managing internal controls to expanding the range of coverage to additional SOC principals and the ISO 27001 framework
- Leverage established internal relationships to achieve buy-in from other teams subject to additional and enhanced internal controls.
About you and what type of skills you’ll need:
- A calm demeanor that comes from experience handling real world security incidents, you don’t turn the dial to ten at the first sign of an alert and can act in a leading role when leading an investigation, triage, and response.
- A patient, humble mindset that explains in a risk based manner why security is important. Yes, you’re a security expert but you understand not everyone else is, and that’s ok.
- Administrative level experience with Intrusion Detection Systems (IDS) and Security Event Information Systems (SEIM)
- A high level of comfort with AWS-based environments including management tools such as Trusted Advisor
- Strong networking experience including firewall configurations
- Familiarity with multiple layers of Corporate security such as
- Email and File sharing
- Email filtering and encryption
- Endpoint configuration
- Endpoint security
- Excellent customer facing skills to support sales engineers and account executives when responding to security questionnaires and meetings.
- Have successfully completed at least one SOC-2 or ISO 27001 audit in the past and understand how to document evidence and communicate appropriately with auditors
Drift is committed to being an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Drift is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process.