By submitting, I acknowledge Triple Whale's Job Candidate Privacy Notice
What Do We Do?
Triple Whale is a leader in business intelligence for e-commerce. With thousands of customers in dozens of countries, our software tracks more than $40 billion of online commerce annually. Our culture, built on innovation, creativity, and speed, fosters an environment where great ideas can flourish. Headquartered in Columbus, Ohio, with additional offices in Israel, we are expanding our team to pursue an ambitious vision. Join us and be part of something big!
We are looking to hire an experienced Senior Security Engineer who will be responsible for implementing, managing, and enhancing the security measures that protect the company’s data, systems, and infrastructure. You will be our first security engineer, joining a talented team of 40+ engineers based in Israel. We are headquartered in Jerusalem, with a branch in Bnei Brak. We work a flexible, hybrid schedule with all employees required to come into the Jerusalem office one day a week on Wednesdays.
You will focus on both web and cloud security, spearheading initiatives in API security, authentication / authorization, IAM, network security, and others to protect web assets in GCP environments. You will work closely with development and operations teams to identify potential vulnerabilities, spot areas of opportunity to improve our overall security posture, ensure compliance with regulatory requirements, promote security best practices, as well as respond to security incidents.
Our ideal candidate will have both strong technical and thinking skills, with the ability to both set technical direction and priorities as well as execute on said initiatives in a timely manner working both independently and collaboratively with key stakeholders as necessary to meet security objectives.
Key Responsibilities
Security Architecture & Design:
* Architect and deploy robust security frameworks for our applications, with a special focus on GCP services.
* Integrate security at every phase of the SDLC and evangelize security best practices throughout the organization.
* Utilize GCP's security tools to monitor, manage, and react to security incidents.
* Design, implement, and manage network security architectures to protect against intrusions, attacks, and vulnerabilities, ensuring secure communication across all company networks, particularly within GCP environments.
Vulnerability Management:
* Conduct regular security assessments, including vulnerability scans and penetration testing.
* Identify and address security vulnerabilities in a timely manner.
* Work with the development and operations teams to remediate identified vulnerabilities.
Incident Response:
* Develop and maintain an incident response plan.
* Respond to security incidents, conduct forensic investigations, and provide detailed reports on findings.
* Implement measures to prevent future incidents.
Compliance & Regulatory Oversight:
* Ensure that the company complies with relevant security regulations and standards (e.g., GDPR, SOC2).
* Conduct regular security audits and risk assessments.
* Work closely with legal and compliance teams to address any regulatory requirements.
Access Control & Identity Management:
* Manage user access controls and ensure that proper authentication and authorization mechanisms are in place.
* Implement identity management solutions to control access to sensitive data.
Security Awareness & Training:
* Develop and deliver security awareness training programs for employees.
* Promote a culture of security awareness within the organization.
Threat Intelligence & Monitoring:
* Monitor security systems, networks, and applications for potential threats.
* Stay updated on the latest cybersecurity threats and trends.
* Implement threat intelligence tools to detect and prevent potential attacks.
Encryption & Data Protection:
* Implement encryption protocols to protect sensitive data in transit and at rest.
* Ensure that data handling processes comply with best practices and regulations.
General:
* Work closely with cross-functional teams to ensure that security measures are aligned with business goals.
* Provide guidance and support to other teams on security-related issues.
Qualifications
* 7+ years of experience in information security, with a focus on big data environments.
* GCP Professional Cloud Security Engineer certification or relevant experience
* Proven experience in security architecture (both web and cloud security), incident response, and vulnerability management.
* Relevant certifications such as CISSP, CISM, CEH, or similar, a plus.
* Proficient in securing web applications against attacks like SQLi, XSS, CSRF, etc.
* In-depth knowledge of security protocols, cryptography, and identity management.
* Strong understanding of cloud security, particularly in GCP environments.
* Strong scripting skills for automation of security tasks, Javascript/Typescript skills, a plus.
* Excellent problem-solving skills and attention to detail.
* Ability to communicate complex security concepts to non-technical stakeholders.
Our Values
We Are Customer Obsessed: From our mission to every detailed project, everything we do is designed to create a positive impact for our customers.
We Move (Very!) Quickly: The speed at which we work, iterate, and deliver value is our most competitive advantage.
We Are Trustworthy: Candor, directness, and honest communication helps us learn, grow and improve so we can win together.
We Are Curious: We extend beyond our comfort zone and ask questions that guide us towards new, creative, and bold paths.
We Act Like A Mensch: We act with honor, integrity and empathy, and have deep respect for our customers and each other.
In the News
By submitting, I acknowledge Triple Whale's Job Candidate Privacy Notice