Security Engineer

As the first and leading Security Engineer at Snorkel AI, you will establish the security bar and standardize security practices at Snorkel AI. You will achieve that by working and collaborating with cross-functional teams to provide guidance on security best practices. The security team is responsible for leading and implementing the various initiatives that relate to improving Snorkel AI's product and infrastructure security.

Main Responsibilities

• Implement and enhance software security SDLC tools and processes
• Drive and implement continuous security practices and posture for infrastructure such as K8s and AWS
• Find and remove outdated and vulnerable code and code libraries.
• Develop security training and guidance to internal development teams
• Provide subject matter expertise on architecture, authentication and system security
• Create and maintain artifacts in a protected repository established as a single source of truth
• Assess security tools and integrate tools as needed, particularly open-source tools
• Drive and collaborate on security and compliance certification such as SOC2, ISO27001, PCI, HIPAA, etc.
• Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
• Assist with customer engagements regarding security policies communication, documentation and vendor questionnaires

Preferred Qualifications

• Familiar with common security libraries, security controls, and common security flaws that apply to software products, SaaS and public clouds
• Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
• Knowledge of browser-based security controls such as CSP, HSTS, XFO.
• Experience with standard security scanning, testing and monitoring tools such as Bandit, Twistlock, Aqua Security, Snyk, AWS GuardDuty, among others.
• Familiarity with public cloud best practices for security.
• Ability to clearly and professionally handle communications with outside researchers, users, and customers.

The salary range for our Tier 1 locations of San Francisco, Seattle, Los Angeles & New York is $191,000.00 - $225,000.00.