Principal Security Architect
Menlo Security's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense.
The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with empathy and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching.
Menlo is well-funded for growth and our investors are second to none. They include Vista Equity Partners (“Vista”), General Catalyst, JPMC, American Express, HSBC, and Ericsson Ventures.
Responsibilities:
- Security Design reviews, both broad product architecture and more minor changes. Includes integration/interaction with Cloud infrastructure (AWS).Security Code reviews.
- Designing and documenting the process of integration and deployment of enterprise Hardware Security Module and Key Management.
- Conducting assessments of third party software / SaaS offerings.
- Conducting assessments of integration with third party software / SaaS, both design and actual implementation.
- Overseeing internal and third party security assessments.
- In-depth assessment of vulnerability impact, both third party vulnerabilities and product vulnerabilities.
- Keeping abreast of and assessing product impact of upcoming technologies (e.g., new web standard or browser behavior changes).
- Assisting compliance and sales teams on technical aspects of regulations / RFPs.
- Participating in in-depth technical conversations with customers around security topics.
- Assisting with patent writing and review.
- Creating and reviewing technical material meant for external consumption, both written (blogs, white papers...) and oral (presentations…).
- Developing novel product features in the security space.
Skills:
- Advanced knowledge of applied cryptography (e.g. HSMs, TPMs) and Key Management Life Cycle (e.g. Key Generation, Storage, Distribution, Backup, Rotation, Revocation, Destruction)
- Deep knowledge of web and browser technologies: Same Origin Policy, XSS, CSRF, HTTP security headers, browser architecture, JavaScript engine internals.
- Thorough understanding of network and OS fundamentals: TCP, HTTP, TLS, DNS, Firewalls, WAFs…; DAC/MAC, Sandboxing.
- AWS security experience: IAM, Organizations, EC2, VPC...
- Familiarity with static and dynamic analysis concepts and tools.
- Advanced knowledge of C/C++, with focus on secure coding, and at least one other language (Python or JS preferred).
- Willingness to get your hands dirty to get things done.
- Minimum MSc/MEng or equivalent, PhD preferred.
MSGL-I4
Why Menlo?
Our culture is collaborative, inclusive, and fun! We have five core values: Stay Aligned, Get It Done, Customer Empathy, Think Creatively and Help Each Other Out. We believe in open communication, supporting new ideas, and sharing a mutual mindset of what we’re aiming to achieve together. There are tremendous opportunities to take initiative, implement new ideas, and have a hand in building a legacy.
All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.