Senior Engineer, Security
Indexed description
We love working at Reverb because we’re making the world more musical—through our marketplace and through Reverb Gives, which provides musical instruments to youth music education programs. We were named a “Best Place to Work” by Built in Chicago and a “Top Workplace'' by the Chicago Tribune.
About The Role
We are looking for a security professional to join our enthusiastic team of security engineers. We are a team who value collaboration, authenticity, feedback, creative problem-solving, humility, and trust. Our team works with multiple security domains including application, cloud, and corporate security. Engineers on our team get the opportunity to explore multiple different security areas and grow themselves into areas they may not have worked in before. By taking a broad approach to security, our team ensures that every aspect of Reverb’s business is safeguarded against potential breaches and vulnerabilities.
As a member of our team, you will play a pivotal role in safeguarding our systems, code, networks, and customers from potential security threats. Your expertise in crafting, implementing, and managing security solutions will be essential in maintaining the integrity and availability of our services. You will work with teams across Reverb to build thoughtful solutions that balance our operational needs, customer experience and security requirements. We care deeply about encouraging an environment that promotes fulfilling and impactful work. You’ll play an active role in selecting the projects and initiatives that are both exciting to you as well as meaningful to our company security posture.
This is a full-time, hybrid position reporting to the Senior Director, Infrastructure Engineering. Our hybrid team members work from our Chicago office once a week [on Tuesdays]. Local candidates are preferred; however, we are open to fully remote candidates within the US for the right fit.
Responsibilities
- Lead the design, implementation, and maintenance of comprehensive security strategies and solutions to protect our networks, systems, and applications.
- Conduct detailed security assessments to identify vulnerabilities and weaknesses in our infrastructure and applications.
- Develop and enforce security policies and standards across the organization.
- Collaborate with development and operations teams to integrate security practices into the software development lifecycle (SDLC).
- Keep up with emerging security threats, vulnerabilities, and industry trends to ensure proactive defense mechanisms.
- Lead incident response efforts, conduct post-incident analysis, and implement corrective actions to prevent future occurrences.
- Mentor and guide junior security team members, fostering their professional growth and skills development.
- Engage peer teams in collaboration efforts to address security concerns and provide recommendations for risk reduction.
- Evaluate and select security technologies and tools to enhance the organization's security posture.
- Extensive experience in any relevant security domain and deep knowledge of at least one of the following areas
- Cloud Security
- Application Security
- DevSecOps
- Corporate Security
- Familiarity with frameworks such as OWASP Top 10, CIS Controls, and NIST CSF
- Hands-on experience with security tools such as EDR/XDR, WAF, SIEM, SAST/DAST, DLP, PAM, SOAR, CASB, etc.
- Proficiency in scripting and programming languages (e.g., Python, Java, Bash, Ruby, Node) to automate security tasks and assess vulnerabilities..
- Excellent problem-solving skills and the ability to think critically under pressure.
- Strong communication skills to effectively collaborate with technical and non-technical partners.
- Good data gathering skills to connect and triage issues
- Proven track record of leading security initiatives and driving projects to successful completion.
- Development experience in Ruby, Ruby on Rails, or Node
- Experience working with and implementing Terraform
- Familiarity with WAF or CDN technologies, including Cloudflare
- Hands-on knowledge of AWS Security including: IAM, SecurityHub, Config, etc
- Understanding of Kubernetes
Remote-eligible roles (as indicated in the location header of each job description) are available in all U.S. states except Alaska and Hawaii. Remote roles are currently only available within the U.S. unless otherwise specified in the specific job description.
Benefits
Reverb offers a comprehensive total rewards package that combines base, bonus, and an array of benefits. Some of our key benefits include but are not limited to the following:
- 100% paid premiums for medical, dental, and vision coverage for the employee, spouse or domestic partner, and all eligible dependents. Medical coverage includes gender affirming care.
- Life, AD&D, and supplemental long-and short-term disability insurance
- A matching 401(k)
- A generous PTO policy that includes vacation, sick/mental health days plus 11 paid holidays and two floating holidays
- Professional development and continued learning opportunities through access to mentoring, 1:1 coaching, and platforms like Skillsoft
- 18 weeks of gender-neutral parental leave for the birth or adoption of a child
- Up to $25,000 reimbursement of adoption and/or surrogacy related expenses
- Paid sabbatical program
- Annual work/life stipend
- Ways to give back to your community through volunteer time off
We know that the impostor syndrome and confidence gap are real. Please do not hesitate to apply!
The Pay Range For This Role Is
139,000 - 181,000 USD per year (US)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search