Security Engineer

Established in 2021, Independence Pet Holdings is a corporate holding company that manages a diverse and broad portfolio of modern pet health brands and services, including insurance, pet education, lost recovery services, and more throughout North America.

We believe pet insurance is more than a financial product and build solutions to simplify the pet parenting journey and help improve the well-being of pets. As a leading authority in the pet category, we operate with a full stack of resources, capital, and services to support pet parents. Our multi-brand and omni-channel approach include our own insurance carrier, insurance brands and partner brands.

PetsBest’s Information Security team is seeking a skilled and hands-on Security Engineer to join our team. The Security Engineer will play a crucial role in maintaining and enhancing our company’s cybersecurity posture. As a Security Engineer with a broad knowledge base, you will address a range of security challenges, from infrastructure, cloud, and network security to application and endpoint protection. Your expertise in various domains of security, combined with a proactive and hands-on approach, will help us build robust, scalable, and secure systems.

The ideal candidate will specialize in secure code development and review, software security and vulnerability scanning, DevSecOps practices, threat modeling, and ensuring our codebase is secure and free from exploits and vulnerabilities. This role involves integration of new systems and collaborating with cross-functional teams to integrate security into all stages of system implementations and the software development lifecycle (SDLC).

The Security Engineer will work closely with IT and Infrastructure teams, Marketing, and Procurement to secure systems, network, applications and data.

Location: Remote (US) excluding: MA, CA, WA, HI, AK, CO, CT, MT, NY, NJ

Main Responsibilities: 

• Secure Software Development Lifecycle Management.  Implement and promote secure coding practices in application development
• Perform manual and automated code reviews of applications to detect security flaws, remediation requirements, and implementation to ensure compliance with security standards
• Conduct regular vulnerability assessments on applications and manage remediation efforts for vulnerabilities and security misconfigurations
• Triaging and escalating security vulnerabilities as necessary
•  Integrate  security tools and processes into pipelines, automating security testing and compliance checks
• Conduct threat modeling exercises specific to applications to identify potential security threats and mitigation strategies
• Monitor applications and network for security threats and incidents. Design, implement, and maintain security controls across various platforms
• Investigate security incidents, conduct root cause analyses, and implement remediation measures
• Collaborating with IT and Infrastructure teams to resolve any potential incidents and prevent recurrences
• Proposing and enhancing security automations workflows
• Deploy and scale proactive security controls to new environments (e.g. acquisitions, cloud, third-party solutions)
• Build secure encryption and access controls using modern-era tools and techniques to protect sensitive data and systems
• Utilize infrastructure management tooling to enable consistent hardening configs
• Assess and deploy Data Loss Prevention (DLP) solutions focusing on PII and PCI related data that may be in SaaS applications (e.g. Microsoft, Salesforce, Google Tag Manager) and consider additional DLP strategies
• Orchestrate security posture checks on all new infrastructure deployments

Qualifications:

• 7+ years of experience in Security Engineering across multiple functions
• Bachelor’s Degree in Cyber Security, Computer Science, or related area of study
• Certifications such as CISSP, CSSLP, CEH a plus
• Strong understanding of security best practices, including threat hunting, vulnerability management, and incident response
• Excellent communication skills, particularly in explaining complex security issues to technical and non-technical stakeholders
• Extensive experience in secure software development lifecycle
• Familiarity with security and compliance frameworks such as NIST, CIS, SOC2, and PCI
• Familiarity with DLP and EDR technology
• Knowledge of the threat landscape, common attacks and mitigation methods
• A firm grasp of or meaningful experience in the following areas:
• —Operating systems internals and hardening (macOS, Linux, and Windows).
• —Networking protocols and operations
• —-Cloud Security Architecture and posture management.
• —-Authentication, authorization and directory services.
• Proficient in scripting and or SOAR to improve security processes
• Provide security expertise and guidance on new projects and technologies
• Design and drive implementation of secure infrastructure at scale
• Harden our clients, servers, and networks against exploitation
• Build and / or implement tools that aid in enhancing the security posture of corporate infrastructure and services
• Experience with encryption techniques, secure storage, and key management
• Commitment to staying updated on the latest security trends, vulnerabilities, and technologies

All of our jobs come with great benefits including healthcare, parental leave and opportunities for career advancements. Some offerings are dependent upon the location of where you work and can include the following:

• Comprehensive full medical, dental and vision Insurance
• Basic Life Insurance at no cost to the employee
• Company paid short-term and long-term disability
• 12 weeks of 100% paid Parental Leave
• Health Savings Account (HSA)
• Flexible Spending Accounts (FSA)
• Retirement savings plan
• Personal Paid Time Off
• Paid holidays and company-wide Wellness Day off
• Paid time off to volunteer at nonprofit organizations
• Pet friendly office environment
• Commuter Benefits
• Group Pet Insurance
• On the job training and skills development
• Employee Assistance Program (EAP)