Engineering Manager, Security (Blue Team)

What You'll Do

• Guide and coach Olo’s Blue Team on Information Protection, Incident Detection and Response and Service Delivery.
• You will recruit, develop, and scale a team of world-class security engineers, providing strategic and tactical oversight to the team and the program.
• Support a team of security engineers and analysts who hunt, detect, and respond to internal and external threats.
• Collaborate with customers and partners to strengthen their security posture.
• Drive ongoing optimizations by implementing new technologies, replacing technologies, addressing evolving threats, scaling practices and automating security activities.
• Ultimately, you will keep team and customer data secure by identifying and mitigating vulnerabilities and risks by providing actionable guidance to product teams.


Information Protection
• Lead Olo’s Information Protection program, including the selection, testing, implementation and maintenance of security tools and services, security awareness, service provider management, and the ongoing testing of those controls
• Oversee Vulnerability Management program, including vulnerability assessments, risk scoring, and vulnerability resolution.
• Oversee Threat Hunting program to detect and mitigate advanced threats
• Manage non-event-driven security reviews, including concept reviews, design reviews, patching, firewall rules, and system configuration checks.
• Apply Web application and API security principles and techniques, such as zero trust, RBAC, authentication, authorization, auditing, rate limiting, challenges, etc., to protect our cloud-based services from unauthorized access and abuse


Incident Detection and Response
• Oversee Incident Detection and Response program including ownership of incident response processes, tools and services and the ongoing continuous improvement of those controls.
• Coordinate the detection and response to attacks through all incident phases.
• Ensure incident reports are accurate, detailed and relevant.
• Monitor, detect, and remediate misconfigurations and security risks across our cloud environments. 
• Participate in a 24/7 on-call rotation.


Security Services
• Oversee Security Services program including security support requests, risk assessments, vendor assessments, PCI and SOC audit support and service provider management.

What We'll Expect From You

• 5+ years of Security Engineering, Security Operations or Security Architecture experience
• CISSP, GCIH or similar certification preferred
• Experience managing distributed teams consisting largely of remote engineers
• Experience complying with PCI-DSS and other compliance and regulatory standards
• Experience with attacker tactics, techniques and procedures
• Knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards.
• Experience developing and leading incident response, remediation and mitigation activities, and providing status updates and reports.
• Experience analyzing security events to discern events that qualify as a legitimate security incident as opposed to non-incidents (ie. incident investigation, implementing countermeasures, and conducting incident response).
• Deep understanding of operating system, networking and application concepts
• Experience hardening Windows, MacOS, Linux Containers and Kubernetes
• Familiarity with AWS security best practices and Infrastructure-as-Code
• Experience deploying and maintaining security technologies. (e.g. Access Proxies, API Gateway, Anti-Malware, Application Control, Cloud Security Posture, Data Leak Prevention, Data Mapping, Endpoint Detection & Response, Intrusion Detection System, File Integrity Monitoring, Firewalls, Mobile Device Management, Multi Factor Authentication, SIEM, Static Inspection, Vulnerability Assessment, Web Proxies, WAF and Zero Trust).
• Adept at working with internal Product & Engineering, Legal, People & Culture, Finance and GTM teams and external partners, auditors and customers
• Ability to work during critical incidents or to support coverage requirements