Principal Security Engineer at CLEAR
With CLEAR, you are always you. CLEAR's mission is to enable frictionless and safe journeys using your identity. With more than 8 million members and 100+ partners across North America, CLEAR's identity platform connects you to the cards in your wallet - transforming the way you live, work and travel. Trust and privacy are the foundation of CLEAR. We have a commitment to members being in control of their own information and never sell member data. CLEAR is at the highest level of security by U.S. government regulators and is also certified as Qualified Anti-Terrorism Technology under the SAFETY Act.
We’re looking for an outstanding and passionate Principal Security Engineer. Successful candidates will be strong software developers and architects with an eye toward security and the ability to become evangelists and leaders.In this role, your primary focus will be ensuring and maintaining our high standards of security, specifically with regards to member data.
CLEAR is a fast and nimble company, so the ideal candidate will be able to leverage automation and data analysis to embed continuous security practices into our development and operational workflows. This role is hands on and technical while requiring a heads-up nature to identify gaps and drive the creative application of state-of-the-art security practices and controls
What You Will Do:
- Partner with the company’s Software Engineering, DevOps, and IT teams.
- Perform security risk assessments, threat modeling, security testing, and code review
- Automate security testing, code tools and pipelines, and create secure libraries and code launchpads to be used throughout the company
- Work side by side with and educate developers on security best practices.
- Lead internal and external penetration tests and code security audits
- Triage issues with internal stakeholders for remediation.
- Establish security standards and specifications to balance the needs of a more secure product offering with the needs of the business.
- Help develop and enable a secure by default culture
Who You Are:
- 7+ years of experience in software development with interest or experience in security/secure coding
- Ability to architect and design software applications
- Has excellent interpersonal communication skills and can take very technical issues and make them understandable to all audiences.
- Personal passion for security and cutting edge security concepts.
- Experience coding web applications and web services.
- Proficient in reading many different programming languages.
- Able to evaluate, deploy, and manage software tools and build strong vendor relationships.
- Experience with a public cloud based provider (AWS Azure, or GCP)
- Knowledge of containers (e.g Kubernetes, Docker, ECS).
- Experience integrating with continuous integration tools and pipelines
- Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details to business leaders.
- Experience leading teams or projects or have functioned as a software development lead
- Understanding of and/or experience with OWASP Top 10
- Previous experience on a Security team, coordinating responses to security incidents and/or writing and presenting application security assessment reports.
- Background in application security including knowledge of internet security issues and threat landscape
- Experience with mobile platform-specific security, privacy, and permission concepts for iOS & Android mobile platforms. (Intricate understanding of WebViews, TouchID API, Frida, Radare, etc.).
- Knowledge of TCP/IP, HTTP, RESTful APIs and experience supporting service-oriented, asynchronous, and distributed application architectures.
- Familiarity with one or more industry standards and regulations such as PCI, HIPAA, NIST 800-53, FedRAMP and ISO27001.
- Participates in CTFs or actively contributes to the security community through exploitation development.