Security Engineer

Security Engineer

Reporting to: Chief Information Security Officer

Location: New York, NY

What is Bilt?

Bilt Rewards is the first program for consumers to earn rewards on rent and daily neighborhood spend while creating a path towards home ownership.

With an alliance of the nation’s largest real estate owners, Bilt Rewards enables renters in more than three million units across the country to earn points just by paying rent.

Bilt Rewards boasts one of the highest value rewards programs on the market today, including one-to-one point transfers to twelve loyalty programs allowing members to travel across more than 100 major airlines and hotel partners; fitness classes at the country’s top boutique studios; limited-edition and exclusive collections of art and home decor through the Bilt Collection, and the ability to use points for rent credits or towards a future downpayment.

Bilt has also partnered with Mastercard to create the Bilt Mastercard - the first and only credit card that can be used to pay rent with no fees. 

What’s the role?

We are seeking a Security Engineer with a deep passion for information security to collaborate with us in developing the most outstanding security program possible. As a Security Engineer at Bilt Rewards, you will be entrusted with the critical task of protecting sensitive company data, responding promptly to potential breaches, and implementing robust security and data governance protocols. You will work closely with various departments of the organization to lead and participate in security operations, risk assessments, incident responses, and project maintenance. Our ideal candidate must possess the ability to work alongside more traditional engineering teams, IT teams, and non-technical employees alike to attain product goals and implement fundamental changes that enhance the overall security posture of the company.

In this role, you will… 

• Develop and run tools to gather security signals from production services.
• Automate workflows and improve identification and response time for security events.
• Build and optimize security detection rules for production infrastructure and services. 
• Respond to security events, triage, perform investigations, incident analysis, and communicate clearly and efficiently to stakeholders.
• Partner with the engineering team on internal and customer-facing security and privacy initiatives while ensuring secure data accessibility, quality, and reliability are considered.
• Work closely with the engineering and IT team to document the security architecture, review non-security process workflows, and threat model against both.
• Interact with all Bilt employees and contractors for incident response followups, containment, security awareness education, tabletops and trainings. 
• Contribute to refining Bilt Rewards’ policies, guidelines, and procedures about protecting information assets, and presenting those policies Bilt-wide when appropriate. 
• Work closely with various departments of the organization to lead and participate in security operations, vulnerability management, risk assessments, and project maintenance. 
• Remain updated on common, bleeding-edge security incidents affecting the industry and ensure Bilt remains properly protected from them.
• Understanding application security (AppSec) standards and practices is preferred but not mandatory, such as the OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Security Testing Guide (MSTG).

In terms of qualifications, we’re seeking:

• 2+ years with GCP or 4+ years with AWS/Azure experience 
• Hands-on experience with data analysis, modeling, and correlation at scale.
• Experience developing tools and automation using common DevOps/DevSecOps toolsets and programming languages.
• Ability to analyze endpoint, network, and application logs for anomalous events.
• Operating systems internals and forensics experience for macOS, Windows & Linux.
• A sense of helpfulness towards the less technical, dedication towards the Bilt mission and a critical-thinking mindset often needed in InfoSec. 
• BurpSuite, BigQuery, Java, GitHub admin experiences a big plus

With also…

• AppSec Engineers with Incident Response experience, or
• T2 Incident Responders with forensic/containment experience in Google Cloud Platform (GCP), Data Loss Protection (DLP), or 
• Purple-teamers with experience applying their own remediations successfully in client environments, or
• Detection/Rules engineers with track record of successful workflow automations, or
• Security Researchers/Threat Hunters who specialize in Cloud (GCP), Web/Mobile apps, and/or DLP, or 
• Someone with a blend of action-oriented, automation-focused incident response and AppSec experience (2+ years), or
• Your background!

Benefits:

• Compensation - We offer a competitive salary with a meaningful stake in the company via equity and our performance bonus program
• Health insurance for you (& your loved ones) from day one - Enjoy a One Medical Membership, wellness stipends, family programs and more, on us. We’ve got you and your family covered from day one.
• 401k plan with a match - Retirement may feel more like a pipe dream than a reality but we’re here to help you get there.
• Commuter FSAs - We believe the best ideas come from being together in one place. We just don’t think getting there should be so expensive.
• UNLIMITED PTO - Because we believe that working hard shouldn’t mean always working. Take time for you as often as you need it.
• Exclusive Employee only Bilt Points - We give our employees unique opportunities to earn points throughout their time at Bilt.
• Team Events - We believe in human connection so we hold events to help our employees break from the monotony of the typical work week.

At Bilt Rewards, we believe in transparency and we do our best to make sure the company and our candidates are on the same page as it relates to compensation. In addition to posting salary ranges for our open roles, candidates should expect to be asked about compensation expectations and requirements early on in their interview process. Our goal is to highlight when expectations and Bilt’s salary range may be out of sync, and work with the candidate to determine whether it makes sense to continue conversations.

We are considering candidates with differing levels of expertise for this position. Leveling will be based upon your experience and performance in the interview process.

Where a new hire falls within a range will be based on their individual skills and experience, and how these competencies compare across other employees in the same role. Bilt's bands are designed to allow for individual compensation growth within the role. As such, new hires typically start at the lower end of the range. Bilt rewards performance and outcomes - should you join the company, you will have the opportunity to grow your salary over time.

The salary range for a Security Engineer is $125,000 - 180,000 and will be eligible for equity and an annual performance-based bonus.