ButterflyMX
We make property access simple for 10,000+ multifamily, student housing, gated community, and commercial properties.
Smartphone Security • Property Management Software • Video Intercom • Touchscreen • Application Development
201 - 500
Senior Security Engineer
May 11
🏡 Remote – New York
ButterflyMX
We make property access simple for 10,000+ multifamily, student housing, gated community, and commercial properties.
Smartphone Security • Property Management Software • Video Intercom • Touchscreen • Application Development
201 - 500
Description
• Lead and develop security operations for ButterflyMX's software and services. • Design, implement, and maintain robust security controls and processes. • Drive vulnerability management and remediation efforts to enhance security posture. • Extend detection and response capabilities to identify and remediate threats. • Ensure compliance with industry security standards and best practices. • Collaborate with teams to integrate security into product development. • Educate employees on security awareness and best practices.
Requirements
• 5+ years of security engineering experience building, managing & scaling security operations at a fast-paced, agile/dynamic, cloud native, technology-driven startup • You enjoy working as a security engineer in organizations that develop software as a service &/or operate managed infrastructure & technology services for their own customers • Experience securing a tech stack/solution that includes SaaS, Mobile, & IoT • Experience working with cross-functional teams to identify & mitigate security, compliance & data privacy risks • Proficiency with deploying, operationalizing & managing security solutions in a remote first organization, with a cloud tech stack built for providing SaaS • AWS Security SME - experiential knowledge of securing EC2, S3, Lambda, EKS • AWS Security Stack Experience - WAF, Inspector, Security Hub, GuardDuty, etc.. • Security Overlay Solutions: EDR, SIEM, CNAPP/CSPM, DSPM, DLP, IDS/IPS.. • Google Workspace, Apple, Windows, MDM, Secure Email Gateway • Extensive experience & expertise across multiple security domains including cloud security, data security, network security, application security, incident management, threat/vulnerability/patch/configuration management, identity & access management • Strong understanding of security best practices, frameworks, standards, & compliance requirements, & particularly how these apply to a startup environment through enterprise environments. Experience maturing security controls as an organization matures • Experience maintaining SOC 2 Type II compliance & associated security controls within an organization • Demonstrated technical expertise in implementing data privacy controls & safeguards to include facilitating the deployment of technical measures to ensure compliance with data privacy regulations such as GDPR & CCPA • Expertise in DevSecOps practices, such as automating security testing within CI/CD pipelines & conducting static & dynamic code analyses, through remediation of findings • Experience automating security controls. Proven technical proficiency using Terraform & other infrastructure as code tools, with a strong track record of managing vulnerabilities in ephemeral cloud infrastructure environments • Incident response management: Experience in developing & implementing incident response plans, conducting investigations, & managing security incidents effectively • Demonstrated ability to educate an engineering audience about technical application security vulnerabilities, i.e., OWASP Top Ten, OWASP API Security Top 10 • Adept in a data-driven approach for decision-making & a risk-based mindset to prioritize & address security concerns effectively • Experience with implementing Security & Privacy by design principles into a development lifecycle involving incorporating threat modeling to identify potential risks & ultimately design appropriate security controls. • Customer focused & Solution oriented, Enthusiastic, Empathetic, Adaptable/Flexible, Bias for Action, Forward thinking, Optimistic, Trusted Advisor. Everyone is a customer & everyone is on the security team! • A strong inclination to dive into the details, actively engaging in hands-on work. • Continuous improvement mindset. Pursues ongoing professional development, stays updated with emerging threats & technologies • Industry certifications such as AWS Security Certified, CISSP, CCSP, CSSLP, GXPEN, OSCP, SANS Certifications, Burp Suite Certified, Security+, CEH, CIPP, CIPT
Benefits
• Comprehensive Medical (ButterflyMX covers 90% of the cost) starting day 1 • Dental and Vision plans (ButterflyMX covers 100% of the cost) starting day 1 • 401(k) plan with a match • 13 paid holidays and 25 days of PTO • Paid Family Leave • Employee Assistance Program • Quarterly self-care stipends • HealthAdvocacy Program • Access to optional benefits, including pre-tax flexible healthcare spending accounts (FSA and HSA), Dependent Care FSA, and Commuter Benefits, as well as optional Supplemental Life, AD&D, Hospital Indemnity, Disability, Legal, Accident, Critical Illness, Pet, and Personal Liability Insurance • Collaborative, dynamic work environment filled with kind, intelligent people who are working hard on an industry-defining product
Apply Now
