Startup Jobs Startup Companies Post a Job! Startup Newswire Job Widgets
Search Startup Jobs
FundingShhhh...
Employees95
SalaryShhhh...
FulltimeYes
TelecommuteNo
IndustryWeb 2.0, Consumer, Database, E-commerce, Social Networking
View full company profile
Other Openings
Engineering
Engineering
Engineering
Company News
23andMe….and me: Interview SNPwatch: Do These Genes Make 23andMe’s Relative Finder Mouse Studies Show that Remember: Turkey Day is Also

Enterprise Security Engineer

at 23andMe in Mountain View, CA   —   Mar 25, 2014   |  
Overview
Do you like to identify and implement missing key security program elements? Have you worked on security policies, procedures, guidelines, procedures, controls, trainings, metrics and technologies? Do you like to run vulnerability/penetration tests/gap assessments, and review and audit application/database logs? If so, come join the 23andMe team.
Responsibilities
dentify and implement missing key security program elements that may include security policies, procedures, guidelines, procedures, controls, trainings, metrics and technologies.
Run vulnerability/penetration tests/gap assessments.
Review and audit application/database logs and respond to alerts.
Manage and coordinate with the VP of Engineering and Chief Security Officer incident response and mitigation plans to address cause(s).
Secure software design—translating security requirements into application design elements
Secure software implementation/coding—work with QA to implement unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
Software acceptance—security implication in the software acceptance phase
Software Deployment, Operations, Maintenance and Disposal—security issues around steady state operations and management of software
In conjunction with the VP of Engineering and Chief Security Officer, serve as 23andMe’s security point person on Infrastructure and Application Development security issues.
Assist with internal security audits
Work with external audit entities to ensure compliance.
Review responses to client security questionnaires and RFPs.
Advise Engineering and IT leadership concerning technology architecture, and configuration of IT infrastructure and applications to improve security.
Research business and technical requirements and evaluate vendor products and services.
Perform related duties as requested or assigned.
Experience
Extensive experience implementing/deploying security initiatives and systems that partner with other IT areas and business units.
Expert knowledge of Web Application security (OWASP, black/whitebox testing of web applications, application firewalls, fuzzing).
Experience with Encryption, Two-Factor Authentication, Integrity Monitoring, Log Management and intelligence, Penetration/Vulnerability testing and other common security technologies.
Extensive experience with broad inter-disciplinary skills; systems, networks, security, application development using LAMP stack.
Experience developing Business Continuity/Disaster Recovery plans.
Understanding of and experience with HIPAA, HITECH Act, Sarbanes-Oxley, PCI, CA SB-1386, and CA SB-24 requirements.
Experience developing corporate policies, crisis management, performing technical and documentation audits.
Knowledge of and demonstrated experience with variety of network, host, database and other monitoring tools.
Knowledge of and demonstrated experience with the layers of the ISO stack, TCP/IP, Encryption technology, PKI, VPN, IPSec, and SSL.
Strong understanding of the core principles of confidentiality, integrity and availability.
Ability to successfully plan, organize and prioritize projects, work on multiple tasks simultaneously.
Skills
Demonstrated success working independently in a fast paced environment against changing priorities.
Deep understanding of core security technologies such as vulnerability assessment, intrusion detection/prevention, auditing principles, secure software development life cycle, application/code vulnerability and penetration technologies, host and network security.
Windows, OSX and Unix security knowledge and experience.
General working knowledge of networking technologies (LAN, WAN, etc).
Knowledge of security standards (ISO-17799/27001).
Education
Bachelors degree in computing, business, or equivalent combination of training and experience.
8+ years experience in an information security role.
Certified Information Systems Security Professional (CISSP) required.
Certified Information Systems Auditor (CISA) strongly preferred.
Other certifications strongly preferred (CSSLP, CIPP/IT, GIAC, Security+, CISM, CGEIT, CRISC).
Want this Job? Apply Now
About Us  |  Privacy Policy   |   Terms & Conditions  |  Contact Us
© 2014 Job Alchemist, Inc. All rights reserved.

Feedback

Startuply is in beta. Love it? Hate it? Want to suggest new features or report a bug? We'd love to hear from you.
    
Feedback