Help shape the next generation of ecommerce for the next generation of consumer.
Technology @ StockX:
Our Technology Team is on a mission to build the next generation e-commerce platform for the next generation customer. We build world-class, innovative experiences and products that give our users access to the world’s most-coveted products and unlock economic opportunity by turning reselling into a business for anyone. Our team uses cutting edge technologies that handle massive scale globally. We’re an internet-native, cloud-native company from day 1 - you won’t find legacy technology here. If you’re a curious leader who loves solving problems, wearing multiple hats, and learning new things, join us!
About the role:
Our mission requires that users have deep trust in the company where they store their personal information. We are looking for a Senior Security Engineer to join us on this mission. You will report directly to the Director of Security Engineering.
The candidate will demonstrate drive, intelligence, maturity, and energy, and will be a proven change leader. They will be responsible for leading tactical and strategic initiatives and coordinate projects within Security, Engineering, IT, Product, Legal, Compliance, and other teams throughout the company. This role is also responsible for protecting StockX’s computers, networks, and data against threats, such as security breaches, computer viruses, or attacks by cyber criminals. The ideal candidate will be a thought leader throughout the design, development, integration, testing, and implementation of appropriate security controls during the lifecycle. Candidate must have proven experience leading teams in a matrix environment.
The candidate will possess a high degree of business acumen and must have a “real world” perspective in order to effectively interact with the technical leaders across the company. Because you will identify and mitigate risks, you will have experience with Cloud Security, Enterprise Security, Security Engineering, and Data Protection in large server environments. You will have a strong presence, drive a sense of urgency, can effectively dive into the technical details, and advise cross functional teams. You will be passionate about the people and the business. You will review and assess technology, processes, and controls; utilizing industry best practices and
Role and Responsibilities:
- Drives security efforts across the company to address security requirements.
- Defines, delivers, and supports strategic plans for implementing information security.
- Understands, evaluates, and responds to security incidents.
- Implements information technology strategies, policies, and procedures by evaluating trends, identifying problems, and anticipating requirements.
- Stays abreast of emerging security threats and conducts research on emerging products, services, protocols, and standards in support of security improvement.
- Assists with the reporting, investigation, and resolution of data security incidents.
- Monitors security risk and tracks exceptions to security policies, standards, and procedures to ensure effective security governance and operational efficiencies.
- Provides timely reporting & analytics of security engineering design and how it relates to security postures & the threat landscape.
- Facilitates the development and implementation of appropriate security configurations, policies, processes, and procedures.
- Is a proven innovator and creative problem-solver. Navigates ambiguity and exercises a moderate degree of autonomy in decision making.
- Identifies risk of impeded work and provides proposed solutions to the management.
- Ensures the following services meet security requirements and standards: monitoring & log analysis, hunting operations, compromise assessments, forensics analysis, root cause analysis, investigation assistance, insider threat management, and incident management.
- Strong understanding of information security operations and the relationship between threats, vulnerabilities, and risk management.
- Develops and maintains a global information security incident response plan that will identify, contain and resolve information security incidents; and meet compliance requirements.
- Excellent verbal, written and interpersonal communications skills, including the ability to communicate security and risk-related concepts to both technical and non-technical audiences.
- Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters.
- Ability to establish and maintain a high level of trust and confidence in the group's knowledge of, and concerns for, business, legal and regulatory requirements.
- Proven experience leading global teams, projects and implementations.
- Knowledge of operating in a complex, global environment.
- Ability to coach, motivate and develop careers of others within a global team.
- Certifications: PMP, CISSP, CISM, ITIL, TOGAF, SANS/GSEC, CIPP, CRISC, CPA/CA, CFE
- Bachelor’s degree in an engineering or similar discipline, or equivalent work experience.
- Minimum of 10-12 years of experience in Information Security space spanning network security, application security, cryptography, SDLC security tools/practices, threat management, penetration testing, abuse, fraud, security compliance, incident response.
- Experience developing, implementing or creating information security systems with a strong understanding of information security regulatory requirements and compliance issues such as GDPR, PCI, SOX, HIPAA, CCPA, and NIST CSF.
- Strong understanding of VPN, anti-virus software, intrusion detection, firewalls, and content filtering, endpoint security solutions to include file integrity monitoring and data loss prevention, AWS security tools: SecurityHub, GuardDuty, CloudTrail, CloudWatch, and Crowdstrike, Lacework, DataDog, Cortex, Snyk.
- Technical understanding of how threats like Spam, Phishing, Bots, DDoS Attacks, Brute Force Attacks, SQL Injections, XSS, Trojan Horses are executed and how to protect our resources.
- Experience to design approaches to continuously monitor organization's networks and systems for security breaches or intrusions.
- Experience in designing best practices for protecting critical customer data.
Our global platform offers unprecedented access to current culture while our data-driven, bid-ask model provides buyers with the real-time visibility to know they’re getting a fair price. And, unlike other ecommerce sites, StockX hand-checks every purchase (20,000+ daily trades) at one of our regional authentication centers.
StockX’s special formula has rocketed the company to a multibillion dollar valuation, with 10M+ lifetime trades on the platform—more than half of those coming in the last year. And we’re just getting started.