We are looking for a highly motivated Lead SecOps Engineer to join Voltron Data’s team. As a hands-on lead you will be expected to be knowledgeable in multiple areas and contribute significantly to the Voltron Data InfoSec Team and various groups throughout Voltron Data. You will have the ability to develop solutions and apply appropriate technologies while following InfoSec best practices. You will be considered a security thought leader for the organization and have the opportunity to make an impact and mentor other engineers.
Why work at Voltron Data?
- We are Going for Impact: We are a Series A, venture-backed startup assembling a global team to build a new foundation for data analytics with Apache Arrow. This foundation will usher in a wave of innovation in data processing that can take full advantage of the speed and efficiency offered by modern hardware.
- We are Committed to Bridging Open Source Communities: We are a collection of open source maintainers who have been driving open source ecosystems over the last 15 years, particularly in the C++, Python, and R programming ecosystems.
- We are Building a Diverse, Inclusive Company: We are creating a representative, equitable, and respectful workplace that prioritizes employee growth. Everyone at Voltron Data is bought into the company’s success; all voices are critical to shaping the organization’s future.
You will foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to fully participate in planning Voltron Data’s InfoSec Team's work and constantly seek opportunities for process improvement. You should also have a deep understanding of networking while understanding the application of information security in various technical areas. You will need a combination of troubleshooting, technical, and communication skills and the ability to handle disparate tasks, including project, support, and software development work.
We are looking for someone based in the AMER region, between the Eastern and Pacific time zones.
What you’ll do:
- Conduct infrastructure, application, and network security reviews suggesting and deploying tooling along with said recommendations.
- Develop road maps & project plans for our Security team.
- Ensure we meet ISO 27001 and 27002 standards.
- Support, project, and research work as needed for not only the security team but also other groups.
- Create Security guidance documentation for all audience levels.
- Advise on Security tool development or new vendor evaluation as needed.
- Analyze user behavior and organizational controls apparent in security logging.
- Leverage analysis from tooling to build technical detections and controls.
- Drive the development and implementation of automated data access checks across various platforms to help detect abuse and data exfiltration.
- Perform security incident investigations using data analytics and computer forensics.
- Provide regular status updates on projects and requests to stakeholders.
- Identify gaps in our infrastructure and work with business partners to gain visibility through logging and detection.
- Partner with stakeholders to support Security Awareness messaging, training, and exercises.
- Drive deployment, development, and improvements in Security Incident and Event Management, Case Management, and Automation.
- Provide security guidance to various organizations throughout the company.
- Review security requests from teams and make recommendations.
Skills and Experience Required:
- Experience as a hands-on lead in security operations in startups or technical environments with progressive growth.
- Built and operated a robust security infrastructure in collaboration with various partners.
- Experience with “Zero Trust” systems, their development and implementation.
- Exposure to programming, scripting, and query languages such as Python, Golang, bash, and SQL to identify vulnerabilities from our tooling and remediate them through scripts.
- Strong ability to work collaboratively across teams during high-stress situations.
- Flexibility in managing multiple competing priorities and good judgment in establishing an order of operations in a dynamic environment.
- Experience developing road maps & project plans along with the technical documentation.
- Self-motivated and creative problem-solver able to work independently with minimal guidance.
- Experience working in GCP, GitHub & AWS environments.
- Ability to communicate technical findings & requirements to various stakeholders, along with strong general communication skills.
- Experience in technical investigations or digital forensics and incident response.
- Deep knowledge and knowledge with technologies relevant to external & insider threats.
- Experience with security reviews & audits, internal and external, ensuring compliance with ISO 27001 and 27002, SOC 2, and NIST standards as examples.
- The ability to use API’s to automate workflows, reports and tasks
- Proficiency in or with Google Suite, Slack, macOS, Ubuntu, Windows, VDI’s, JumpCloud, Docker, Kubernetes, CrowdStrike, Snyk, GitHub, and Datadog.
- Experience leading small teams is a bonus but not required
- Certifications such as CISSP, CISM, CRISC, CCSP are a bonus but not required
- Knowledge of Infrastructure as Code with skills in Terraform or Pulumi
US Compensation - The salary range for this role is between $170,000-$220,000. We have a global market-based pay structure which varies by location. Please note that the base pay range is a guideline and for candidates who receive an offer, the exact base pay will vary based on factors such as actual work location, skills and experience of the candidate. This position is also eligible for additional incentives such as equity awards.