RStudio creates great software that helps people understand data and make better decisions in real-world applications. Our core offering is an open source data science platform, and we aim to make it available to everyone, regardless of their economic means.
We are looking for an experienced Security Engineer to help grow and guide our information security program. As a key member of the IT & Security team, you will have broad responsibilities and will be an integral part of building and redesigning systems and processes to help us scale. This position will help to identify and mitigate threats, develop and implement policy, and protect organizational information, assets, and people. This role will also help to expand the third-party vendor compliance program and ensure security is embedded in every level of the organization.
RStudio is committed to being a 100% distributed company with a SaaS-based infrastructure and some security policies will require pragmatism and creativity to put in place. The position requires the ability to be proactive and strategic while being comfortable with rolling up one’s sleeves. RStudio is a remarkable organization working to advance the field of data science. Our job is to keep them safe while they do it.
What you’ll be doing:
- Assist in the practical design of technical security controls to support policy and compliance initiatives such as SOC2.
- Collaborate with key stakeholders to develop and implement security best practices and hardening standards.
- Perform threat modeling exercises to identify risks in current and proposed processes and procedures.
- Research and implement information security improvements by assessing current situations, evaluating trends, and anticipating future requirements.
- Assist with standardizing product security testing and work with the product development teams to ensure new releases meet security standards.
- Research, identify, and test reported product vulnerabilities and assist with security helpdesk questions (low volume, internal and customer).
- Educate employees on information security standards, policies, and best practices to ensure the RStudio culture is vigilant and maintains a commitment to security.
- Work directly with foundational teams to assess and harden RStudio’s SaaS / IaaS / PaaS business systems.
- Conduct vulnerability scanning, penetration testing, and coordinate third-party testing engagements.
- Perform vendor risk assessments of proposed third-party software services and assist with evaluating the security controls and policies of our existing vendors.
- You thrive on solving problems through investigation and deductive reasoning and aren’t afraid to ask for help. You are internally driven by curiosity and continuous learning.
- You invest in strong relationships with your colleagues and employ empathy when working through their security issues. You have the ability to communicate with people on all levels, and help make complex issues easier to understand.
- You are self-driven and maintain a high degree of professional conduct at all times. You are highly ethical, possess excellent decision-making capabilities, and execute good time management skills.
- You possess excellent documentation skills and the ability to scope and manage multiple projects concurrently.
You should have the following technical experience:
- Expertise with security testing tools and methodologies.
- Understand current IT security regulations and standards.
- Experience in designing secure networks, systems and application architectures.
- Deep technical understanding of common security vulnerabilities and risks.
- Strong knowledge of risk countermeasures and compensating controls.
- Working knowledge of AWS and other cloud platform as a service (PaaS) security.
- Demonstrated security & risk management experience working in a technology-focused company.
- RStudio is a Public Benefit Corporation (PBC) and a Certified B Corporation®, which means that our open-source mission is codified into our charter, and that our corporate decisions balance the interests of the community, customers, employees, and shareholders.
- We welcome all talented colleagues and are committed to a culture that represents diversity in all its forms.
- We prioritize giving ourselves “focus time” to get deep work done. We minimize meetings and attempt to operate asynchronously.
- We are a learning organization and take mentorship and career growth seriously. We hope to learn from you and we anticipate that you will also deepen your skills, influence, and leadership as a result of working at RStudio.
- 100% distributed team with minimal travel
- Competitive compensation with great benefits including: medical/dental/vision insurance (100% of premiums covered)
- 401k matching
- a home office allowance or reimbursement for a coworking space
- a profit-sharing program
- Flexible environment with a generous vacation policy
RStudio is committed to being a diverse and inclusive workplace. We encourage applicants of different backgrounds, cultures, genders, experiences, abilities, and perspectives to apply. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sexual orientation, gender, gender identity, age, physical disability, or length of time spent unemployed.