Senior Security Operations Engineer

As a Senior Security Operations Engineer at Plotly, your primary responsibilities will include leading information security efforts across our production SaaS operations, maintaining compliance with security standards like SOC 2, and developing robust security policies. You'll also implement disaster recovery and business continuity plans and collaborate closely with DevOps teams to integrate security practices into the development workflow.

To qualify for the Senior Security Operations Engineer position at Plotly, you should have at least 5 years of experience in security operations, particularly in enterprise and public-cloud SaaS environments. Understanding security frameworks and regulatory requirements is crucial, as is hands-on experience with security certifications like SOC 2 and ISO 27001. Additional knowledge of compliance management platforms and vulnerability management will also enhance your application.

For the Senior Security Operations Engineer role at Plotly, you should possess strong skills in managing security tools and frameworks, including compliance management platforms and SIEM applications. You’ll need a deep understanding of security principles and frameworks like NIST and CIS, as well as expertise in incident response and forensic analysis. Familiarity with cloud security principles and disaster recovery planning is also essential.

At Plotly, you’ll work in a remote-first environment, which promotes flexibility and work-life balance. You’ll be part of a tight-knit and growing team of innovative professionals who are dedicated to embracing challenges and improving our security practices. With a focus on continuous learning and development, you'll have opportunities to expand your skill sets while contributing meaningfully to the company’s success.

Yes, Plotly provides comprehensive support for remote employees, including home office assistance and resources to foster a productive work environment. We value our team's health and well-being, offering generous benefits that include health coverage and a focus on professional growth through learning and development programs.

When answering, highlight your familiarity with frameworks like NIST and CIS, as well as your experience with regulations such as GDPR and CCPA. Share specific examples, such as projects where you ensured compliance or implemented security practices that meet regulatory requirements.

Discuss your experience creating and testing disaster recovery and business continuity plans. Provide examples of the tools and processes you've used to ensure system resiliency and minimal downtime, and emphasize how you conduct regular drills and updates to those plans.

Explain your approach to fostering a security-first mindset within DevOps teams, including how you introduce security tools into their workflow. You might also discuss any collaborative efforts you've led to conduct training sessions or implement secure coding practices.

Share experiences leading incident response efforts, detailing your role in identifying, containing, and resolving security incidents. Note any forensic tools you utilized and how you reported findings or made improvements post-incident.

Detail your familiarity with the compliance process for these frameworks, including how you establish policies, perform audits, and document compliance activities. Share any specific metrics or improvement initiatives you’ve implemented to maintain compliance over time.

Discuss the various vulnerability management tools you have experience with and how you utilize them to identify, assess, and remediate vulnerabilities. Mention any specific instances where these tools significantly improved the security posture of your previous organization.

Share a specific situation where you recognized a gap in security policies or enforcement and how you addressed it. Explain the process you followed to draft, communicate, and implement new policies, along with the results of your efforts.

Discuss your expertise in PKI, including your involvement in managing internal certificate authorities and utilizing mutual TLS authentication. You could provide examples of projects or issues you've navigated regarding encryption and secure communications.

Describe your methods for keeping up-to-date with cybersecurity trends, tools, and practices. This might include attending events, participating in online forums, or following key influencers in the security space. Highlight how you apply this knowledge to improve security strategies.

Convey your passion for information security and what draws you to the field, be it solving complex challenges, making a tangible impact on organizational security, or staying ahead of emerging threats. Share how this motivation drives your work every day.