Senior Security Engineer at CLEAR
CLEAR’s mission is to strengthen security and create frictionless experiences for consumers. We believe you are you and by using your biometrics - your fingerprints, eyes, and face - we keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet or phone. Now in 60+ airports and other venues nationwide, you are your ID, credit card, ticket, reservation and more with CLEAR.
We’re defining and leading an entirely new industry, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List and winner of the SXSW Interactive Innovation Award, we're working tirelessly to create frictionless customer experiences for our 4+ million members across the country.
The Senior Security Engineer will be responsible for coordinating with all aspects of the company to assess, design, and implement various security processes, tools, controls, and automation. The role will deliver an engineering and automation focused set of products and services for the company. You will work closely with our infrastructure and development teams to produce innovative and secure solutions. The right person for this role has a strong drive to solve security challenges within a rapidly expanding environment, and the desire to implement best-in-class security measures using cutting edge technology. Additionally, the right person for this position has a strong track record of delivering high-quality, scalable security solutions by leading with example, infusing transparency into decision making, and partnering across levels and functions with a collaborative lens.
What You Will Do:
- Coordinating with all aspects of the company to assess, design, and implement various processes and controls of the company’s core cloud and infrastructure security and business continuity programs.
- Evaluating, designing, and deploying security tools to support: Identity and Access across Clear’s Cloud and Infrastructure.
- Lead the development/automation of various workflows to support critical infrastructure and compliance needs.
- Define security requirements and implement controls such as SSO, logging/alerting, and RBAC for 3rd party systems and technologies.
- Building automated tools and infrastructure for automating incident response and vulnerability remediation.
- Strong working knowledge of key management, privilege management and least privilege practices.
- Performing infrastructure as code reviews and risk assessment of NACLs, Security Groups, IAM, S3, KMS, and other core AWS infrastructure services don’t put the business in a risky state.
- Creating clear and concise documentation to formalize security processes.
Who You Are:
- You have at least 6 years of experience in security engineering experience with at least 2 years using cloud/PaaS technologies (AWS, GCP, Azure, Kubernetes).
- Strong Experience in using one or more scripting or programming languages such as Python, GO, C++, Java, or C# to automate tasks and manipulate data.
- Operational knowledge of endpoint, systems, databases, orchestration/configuration as code technologies (e.g. Ansible, Puppet, Chef, Terraform), and network security engineering best practices.
- Solid problem solving and analytical skills; able to quickly digest issues encountered and recommend an appropriate solution.
- Strong understanding of software development practices (gitflow), various open standards such as OAuth2/ODIC, and API driven development.
- Experience with AWS and SoA
- Working knowledge with a compliance framework NIST-800-53, HIPAA, PCI and FedRAMP
- Experience conducting third party assessments of vendors and SaaS apps
- Experience with integrating IAM tools and workflows