Security Engineer

About Us:

Headquartered in beautiful Santa Barbara, HG Insights is the global leader in technology intelligence. HG Insights uses advanced data science methodologies to help the world’s largest technology firms and the fastest growing companies accelerate their sales, marketing, and strategy efforts. 

We offer a competitive salary, 401K, growth potential, great benefits, and a casual yet professional environment. Get your sweat on at one of our fitness classes or go for a run along the beach which is two blocks away. You can find employees riding bikes to lunch in the funk zone or hanging out in one of our collaboration spaces. We are passionate about our jobs with a get-it-done attitude, yet we don’t take ourselves too seriously. While we work very hard, we also enjoy all that the Santa Barbara coast has to offer.

What You'll Do:

HG Insights is amid significant growth and is looking for an experienced Security Engineer to be our first line of defense and raise the bar on security. You will have the opportunity to work collaboratively and cross-functionally to provide guidance on security best practices. You will lead and implement various initiatives that relate to improving HG Insights security.

What You'll Be Responsible For:

• Provide subject matter expertise on architecture, authentication, system, and endpoint security
• Act as a champion for good security practices throughout the organization
• Deliver on security related projects as determined by our annual IT Risk Assessment, pen tests and SOC2 Audit
• Create and maintain artifacts in a protected repository established as a single source of truth governing security best practices
• Assess and maintain security tools and integrate tools as needed including Drata, JIRA, Wizer and others
• Participate in the information security team and work closely with CISO and Senior Technical Operations Manager
• Proactively identify and reduce security risks
• Develop security training and guidance to internal teams
• Consult with Developers, DevOps, and Information Security team to analyze and propose application security standards, methods, and architectures
• Ability to communicate clearly on technical issues

What You’ll Need:

• BA/BS in Business Information Systems, Information Technology, Computer Science, or a related technical field
• Familiar with common security libraries, security controls, and common security flaws.
• Understanding of security concepts such SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
• Knowledge of browser-based security controls such as CSP, HSTS, XFO.
• Experience with standard network and web application security tools.
• Ability to thrive in a fast-paced startup environment
• Problem solver capable of recommending solutions to resolve technical issues

Nice to Haves:

• Container security and Kubernetes
• Experience with AWS / Cloud Security
• Experience with cloud monitoring tools like Prisma Cloud, DataDog, Splunk
• Experience with security patching and relevant languages (Elixir, Java, JavaScript)
• Experience with CI/CD pipelines

This role is a hybrid role that can work remotely, in our Santa Barbara office, or a combination of both.

Our Santa Barbara office is open! We are following all local and state guidelines while in office. Employee safety is of utmost importance, and we are taking all necessary precautions. For more information on how we are doing this, please speak with one of our HR team members. Full vaccination against COVID-19 is required unless you qualify for a federally protected exemption.

HG Insights Company is an Equal Opportunity Employer 

Please note that HG Insights does not accept unsolicited resumes from recruiters or employment agencies. In the event of a recruiter or agency submitting a resume or candidate without a signed agreement being in place, we explicitly reserve the right to pursue and hire such candidates without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted directly to hiring managers, are deemed to be the property of HG Insights