Help shape the next generation of ecommerce for the next generation of consumer.
Technology @ StockX:
Our Technology Team is on a mission to build the next-generation e-commerce platform for the next generation of customers. We build outstanding, innovative experiences and products that give our users access to the world’s most coveted products and unlock economic opportunities by turning reselling into a business for anyone. Our team uses cutting-edge technologies that handle significant scale globally. We’re an internet-native, cloud-native company from day 1 - you won’t find legacy technology here. If you’re a curious leader who loves solving problems, wearing multiple hats, and learning new things, join us!
About the role
Our mission requires that users have deep trust in the company where they store their personal information. We are looking for a Security Engineer to help us harden our environment and prepare for the next generation of cyber threats.
Come join our Security Engineering team and demonstrate the drive, intelligence, and maturity to be a change-maker. In this role, you will undertake tactical and critical initiatives in order to shield StockX against threats, security breaches, computer viruses, and attacks by cyber-criminals. You will help to identify and mitigate risks, work to secure an enterprise cloud-based environment, and work across IT, Data Protection, Security Architecture, and other verticals within the greater StockX organization.
What you'll do
- Drive security efforts across the company to improve InfoSec posture.
- Understand, evaluate, and respond to security incidents.
- Implement information technology strategies, policies, and procedures by evaluating trends, identifying problems, and anticipating requirements.
- Stay abreast of emerging security threats and conduct research on emerging products, services, protocols, and standards in support of security improvement.
- Assist with the reporting, investigation, and resolution of data security incidents.
- Ensure effective security governance and operational efficiency
- Be on the lookout for security risks; track exceptions to security policies, standards, and procedures.
- Use reporting and analytics to provide a sharper "image" of our security posture & the threat landscape.
- Ensure that we have implemented the appropriate security configurations, policies, processes, and procedures.
- Navigate ambiguity and exercise a moderate degree of autonomy while being proactive and creative in your approach to securing the environment.
- Ensure all services meet security requirements and standards - monitoring & log analysis, hunting operations, compromise assessments, forensics analysis, root cause analysis, investigation assistance, insider threat management, and incident management.
- Knowledgeable of Sec Ops and the relationship between threats, vulnerabilities, and risk management.
- Build an incident response plan that will identify, contain and resolve information security incidents.
- Bachelor’s degree in Cyber Security or another relevant subject area
- 3 years of professional experience working in the Information Security space with knowledge spanning network security, application security, cryptography, SDLC security tools/practices, threat management, penetration testing, abuse, fraud, security compliance, incident response.
- Uniquely able to communicate security and risk-related concepts to technical and non-technical audiences.
- You have integrity and a keen ability to work discretely; you are able to navigate confidential matters.
- Ability to build and maintain a high level of trust and confidence in the group's knowledge of, and concerns for, business, legal and regulatory requirements.
- You are a mentor and someone who always empowers those around you.
- Experienced at implementing and crafting information security systems and an understanding of regulatory and compliance requirements such as GDPR, PCI, SOX, HIPAA, CCPA, and NIST CSF.
- Knowledgeable of Security Tools, services, and hardware such as VPN, anti-virus software, intrusion detection, firewalls, content filtering, endpoint security solutions, file integrity monitoring, and data loss prevention tools.
- Experience working with AWS and Cloud-related tools such as SecurityHub, GuardDuty, CloudTrail, CloudWatch, and Crowdstrike, Lacework, DataDog, Cortex, Snyk.
- A sophisticated understanding of how threats like Spam, Phishing, Bots, DDoS Attacks, Brute Force Attacks, SQL Injections, XSS, Trojan Horses are executed, and also, how to protect against.
- Experienced in design approaches to continuously monitor an organization's networks and systems for security breaches or intrusions.
- InfoSec Certifications are a plus - CISSP, CISM, SANS/GSEC, CIPP, CRISC, CFE, CEH, etc.
Our global platform offers unprecedented access to current culture while our data-driven, bid-ask model provides buyers with the real-time visibility to know they’re getting a fair price. And, unlike other ecommerce sites, StockX hand-checks every purchase (20,000+ daily trades) at one of our regional authentication centers.
StockX’s special formula has rocketed the company to a multibillion dollar valuation, with 10M+ lifetime trades on the platform—more than half of those coming in the last year. And we’re just getting started.