Senior Security Engineer - Operations and Cloud (Hybrid)

Hi, Future Homie!

As a Homie, you'll be part of an unstoppable team that puts customers first, embraces each day with excitement, and strives for excellence in everything you do. We’re revolutionizing the way small businesses manage their teams and grow their business. What this means for you is a shared passion for innovation and making a difference for the people we serve. So what do you say, will you join us on our mission to empower small businesses?

As a Security Engineer specializing in Operations and Cloud, you will be a critical member of our Homebase Trust and Security team, significantly contributing to the security and resilience of our cloud environments and operations. Reporting directly to the Security Engineering Manager, you will play a pivotal role in designing, implementing, and managing security solutions that protect our systems and data. You will be responsible for leading and executing a comprehensive security operations and cloud security program. We are seeking a highly skilled and motivated individual with a strong background in operations and cloud security. You will work closely with other security team members, infrastructure, and engineering teams to identify, assess, and mitigate security risks, ensuring that our infrastructure is secure, compliant, and aligned with industry best practices. 

Our Trust and Security team is a critical component of our organization, dedicated to safeguarding our systems, data, and customers. We have a broad scope of responsibilities encompassing application security, security operations, governance, risk, and compliance (GRC), and corporate security. Collaborating closely with internal and external stakeholders, we are committed to delivering exceptional security and quality services and products. By upholding the highest standards, we ensure the protection of our customers' trust and confidence. 

You will make an impact by

Security Operations

• Leading and maintaining our security operations and cloud security programs.
• Managing security monitoring and alerting systems.
• Developing automated response systems to streamline the detection, investigation, and remediation of security threats.
• Designing and implementing security policies and training.
• Taking a leading role in developing and overseeing the  Security Incident Response Team (SIRT), acting as the primary security incident response commander to identify, manage, and mitigate security incidents. 
• Joining the Security team's on-call rotation, responding to security incidents.
• Building and developing a threat intelligence program by collecting, analyzing, and sharing insights to proactively defend against emerging threats.
• Leading the project to establish a Security Information and Event Management (SIEM) system and coordinate with a managed service provider to externalize the Security Operations Center.
• Collaborating with engineering and infrastructure teams to develop and maintain comprehensive Business Continuity (BC) and Disaster Recovery (DR) plans, ensuring resilience in the face of disruptions.

Cloud Security

• Ensuring compliance with regulatory requirements and industry standards.
• Serving as the go-to expert in cloud security, providing guidance and support to the team and ensuring our cloud infrastructure remains secure.
• Continuously stay informed about industry trends, best practices, and regulatory updates, adapting our security strategies as needed.
• Embedding security best practices into the Software Development Life Cycle (SDLC) to ensure secure deployment of our applications.
• Establishing and monitoring key performance indicators (KPIs) and key risk indicators (KRIs).
• Developing and executing an internal audit plan to ensure compliance and identify opportunities for security enhancement.
• Contributing to the security architecture review program.
• Using modern approaches like “secure by default” and “zero trust” to build long-lasting, secure environments for our  team and developers.
• Implementing stringent security hardening practices across our cloud environments.
• Working with the infrastructure team on secure network architectures, credential management, and network security tools like IDS/IPS, WAF, and DDoS solutions to monitor and block malicious activities
• Implementing cloud vulnerability scanning processes and enhancing vulnerability management.
• Working with engineering and infrastructure teams on logging and audit standards.

You are a bar raiser, which means you come with

• Proven experience managing AWS security.
• Experience in programming languages (Python, JavaScript, Ruby, or similar.)
• Strong ability to analyze and respond to security incidents.
• Expertise in systems monitoring, centralized logging, and alerting.
• Solid understanding of cloud-centric architectures and DevOps principles.
• In-depth knowledge of cloud security principles and practices.
• Comprehensive understanding of security protocols and standards.
• Strong knowledge of theoretical and applied cryptography.
• Proficiency in Identity and Access Management (IAM).
• Expertise in building and operating SIEM systems.
• Hands-on experience in both offensive and defensive security operations.
• Familiarity with state-actor threats and other advanced persistent threats (APTs).
• Excellent analytical and problem-solving skills.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Strong leadership and project management skills.
• Strong sense of accountability.
• Experience with infrastructure as code technologies (Terraform)
• Experience in zero-trust architectures and tools
• Experience setting up a Detection Engineering Pipeline and leading threat hunts
• Involvement in security community activities, conferences, or publications
• Strong understanding of industry-specific regulations, framework, and compliance requirements (NIST CSF, NIST 800-53, ISO 27001/27002, MITRE ATT&CK)
• Bachelor's degree in information technology, cyber security,  computer science, or a related field (optional)
• Relevant certifications (e.g., AWS Certified Security Specialty, CISSP, CCSP or CCSK) are preferred.

What We Offer

• Stock Options - Everyone is an Owner! 
• Competitive group health benefits  coverage for you and your eligible dependents
• Group Investments, TFSA as well as an RRSP plan which offers a 4% company match
• Employer supplemented Medical, Dental, and Vision Insurance Plans
• Company-paid holidays and 20 days accrued PTO per year
• Continued learning and development stipend
• Paid parental leave after 1-year of service
• Top-of-the-line equipment and stipend for workspace setup
• Work from home days, Monday, Thursday, & Friday
• Meals provided at our vibrant workspaces
• Team offsites and monthly opportunities to engage with fellow Homie

What to Expect During the Interview Process:

• Meet the Talent Acquisition team, Alex V. 
• Meet the Hiring Manager, Ali F. 
• Participate in Technical Interviews
• Meet the Leadership team, Steven M. or Andrea C. 
• Professional Reference Checks
• Background Check + Offer Stage
• Welcome to the team, Homie💜🎉

Diversity, Equity, and Inclusion at Homebase

At Homebase, we take pride in fostering a welcoming space where every Homie of every gender, age, orientation, culture and walk of life can be their full selves. Diverse perspectives empower us to build the best-in-class platform for small businesses and hourly shift workers. We recognize that experience comes in many forms, so if you think you’re close to what we’re looking for (even if you don’t meet 100% of the qualifications), we encourage you to apply!

About Us

Our mission is to make hourly work easier for local businesses and hourly workers. Homebase currently serves more than 100,000 small (but mighty) businesses with everything they need to manage their hourly teams: employee scheduling, time clocks, payroll, team communication, hiring, onboarding, and compliance. Just don’t call us “Human Capital Management.” We have built tools for the busiest businesses, so owners and employees can spend less time on bullsh*t and more time on what matters. The Homebase team brings small business expertise from Intuit, Square, OpenTable, Yelp, Gusto, and First Data. Homebase is backed by leading venture investors Bain Capital Ventures, Baseline Ventures, Cowboy Ventures, Khosla Ventures, Plus Capital, and GGV Capital.

At Homebase, we value our differences, and we encourage all to apply. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, or any other characteristic protected by law. Homebase is proud to be an equal opportunity employer and participant in the U.S. Federal E-Verify program. Accommodations will be provided during the hiring process if needed. Please advise us of any accommodations needed within your application to ensure fair and equitable access throughout the recruitment and selection process.

**Interview Recording Notice

By participating in interviews with Homebase, you consent to the use of Metaview, a recording and transcription tool, during the interview process. Please be aware that all interviews may be recorded and transcribed for the purpose of evaluating candidates and ensuring the quality of our recruitment process. If you do not consent to being recorded, please inform the Talent Team at the beginning of the call, and appropriate arrangements will be made to accommodate your preference. Your privacy is important to us, and the recorded interviews will only be used for internal evaluation and assessment of candidates.