Maveron Portfolio Companies You'll Love To Work For...

Senior Security Engineer



Software Engineering
Canada · Remote
Posted on Tuesday, May 14, 2024

Splash’s mission is to develop the most innovative event technology to help marketers reach and engage their target audiences. From simplifying event creation to capturing attendee insights and measuring event impact, Splash enables teams to efficiently scale event programs and connect event-driven engagement to business results. More than half of the Fortune 500 use Splash to streamline event marketing execution and optimize performance.

What we’re looking for 🔎

Join our dynamic engineering team as a Senior Security Engineer, supporting Splash's expansion into new markets. Our innovative modular software and scalable cloud infrastructure enable us to deliver stable and flexible SaaS features to a diverse client base. Focused on workflow, efficiency optimization, and bulk data manipulation, we prioritize building and maintaining trust with our customers by ensuring the security of our product and infrastructure.

As a Senior Security Engineer, you will collaborate with Splash's autonomous teams to champion and execute security initiatives within a limited timeframe. Your role is crucial in appropriately prioritizing information security and upholding the trust we have established with our stakeholders. Key responsibilities include assessing complexity, designing security solutions for new features, implementing measures, and iterating on various engineering security projects. This short-term position provides you with the opportunity to lead your projects and contribute to critical initiatives at Splash.

Our development and product teams are integral to Splash's success, and we take pride in fostering an environment where continuous skill and technique improvement is encouraged. As a Senior Security Engineer, we expect you to inspire and contribute to the evolution of our engineering conventions and tools during this engagement. Join us in this exciting phase of growth and make a meaningful impact on the security of our expanding operations.

In this role, you’ll get to…

  • Lead and execute all required audits and security practices: SOC2, secret rotation, and engineering access control.

  • Field and triage reported vulnerabilities against Splash’s product or infrastructure.

  • Provide security expertise regarding vulnerabilities, exploitation/attack scenarios, and the risk in terms of likelihood and impact.

  • Conduct internal security assessments on our product and infrastructure to continually evaluate our attack surface and overall security posture.

  • Communicate security concepts and vulnerability impacts with non-technical stakeholders.

  • Imagine and propose improvements to our vulnerability management systems, automating the most common aspects of the vulnerability management lifecycle and providing a simple interface for asset owners to self-manage their vulnerability findings.

  • Ensure Splash remains compliant with GDPR and the Data Privacy Framework, by advising on any privacy-related matters with regards to protecting sensitive customer data.

  • Coordinate the resolution of outstanding vulnerability findings that require human intervention.

  • Working to ensure our vendors and data sub-processors have the appropriate security controls and compliance requirements in place prior to their onboarding.

  • Ensure our security policies are kept up to date and reviewed for accuracy.

  • Respond to customer-related inquiries related to our security practices and procedures.

On your first day, we’ll expect you to have…

  • 3+ years of experience in offensive/defensive security, or systems engineering.

  • 3+ years of experience in risk management and performing risk assessments.

  • 3+ years of experience in application security and vulnerability management.

  • In-depth understanding of risk management frameworks, such as NIST, ISO, COBIT, etc.

  • In-depth understanding of the incident response process and lifecycle.

  • Experience with Terraform or an equivalent infrastructure as code language.

  • Experience with implementing AWS security best practices: IAM, Security Groups, etc.

  • Experience mentoring and evangelizing security practices through cross functional work with engineering teams.

Not a dealbreaker, but it'd be great if you had...

  • 2+ years production level Kubernetes experience.

  • 2+ years production level Docker experience.

  • Experience with Security and Compliance software: OPA, Falco, and OSSEC/Wazuh.

About Splash Engineering

At Splash, we embrace collaboration and co-creation as a way to engineer a world-class product. We learn from each other through PR reviewing, RFCs, documentation, architectural conversations and pair programming. Everybody has a voice here and you’re encouraged to stay curious.What’s next?

If you’re interested in joining the team, apply below and you can expect to hear from us soon 🙂. Please give us at least 2 weeks to get back to you. We promise we’re not ignoring you, playing Pokemon all day, or waiting anxiously for an NSYNC reunion 👀. It just takes a little TLC to go through all the applications and see if there’s a possible fit for you here.

When we find the right person, we try to put our best foot forward with an offer that excites you. We consider what you are looking for, the skills and experience you bring, what similar jobs pay and make sure there’s fair pay among those you’ll be working with. Final offer amounts are determined by multiple factors including your experience and expertise and may vary from the amounts listed above. What we can’t quantify for you are all the exciting challenges, supportive team, and amazing culture we enjoy. Please click here to gain invaluable insights from our Splash Culture Book.

At Splash, we believe that big ideas and great communities come from a team that celebrates diversity of all kinds. We are committed to being an equal opportunity workplace and encourage people from all backgrounds to apply.

We collect personal information (PI) from you in connection with your application for employment with Splash, including the following categories of PI: identifiers, 8 personal records, 9 commercial information, 10 professional or employment information, 11 non-public education records 12 and inferences drawn from your PI. 1314 We collect your PI for our purposes, including performing services and operations related to your potential employment. For additional details or if you have questions, contact us at [privacy@Splashthat.com].