Senior Security Engineer

Full Time

Website AurorHQ Auror Limited

Ready to partner with enterprise retailers in Australia, New Zealand, North America, and the United Kingdom who want to protect their profits, property, and people from crime, for good.

About Auror: At Auror, we’re empowering the retail industry to tackle theft and Organised Retail Crime, a $150 Billion problem globally. It’s high-volume crime that’s increasingly organised in nature and is putting people, retailers, and communities at risk every day.

Founded in New Zealand 11 years ago, we’re working with some of the best and largest retailers in the world across the US, Canada, Australia, New Zealand, and the UK.

Auror is connecting people and intelligence to reduce crime. We’re using technology for good. In partnership with our leading retail partners, we need people with the passion, determination, and innovation required to overcome one of the world’s largest problems. If you’re looking to make a difference with and for the people dedicated to stopping crime, for good, then we want you on our team.

About the Role: We are hiring for a Senior Security Engineer at Auror to help raise the bar on security through collaborating with cross-functional teams to provide guidance on security best practices. You’ll be hands-on solving problems at scale and you’ll be a part of the team that seeks to secure all things Auror.

Some of the responsibilities of this role include:

Operations

You will partner with our Site Reliability Engineers to look at the logs ingested and data in our azure portal and evaluate what trends or things that are happening and implement changes where needed.

Being part of the new Blue Team at Auror. This is all about analysing incoming traffic and events and evaluating actions to take while balancing short term engineering fixes with larger long term security goals and initiatives. The effort of Blue teams is large and newly formed so you will have the opportunity to help shape this for Auror. The role will also include incident response and vulnerability research. Here is more on what Blue teams do.

Working within the security team and partner teams to discuss and build the security policies, procedures, and methods that we will use to help shape the future of security for Auror.

Supporting our customer team to sign, and onboard new customers as quickly and efficiently as possible by working with them on Customer Security Reviews.

Product

Consult with other Engineers and Product Managers to analyse and propose application security standards, methods, and architectures as we continue to build and grow our platform.

Working with the wider Engineering team to review features for potential security risk. This could include performing threat model analysis or setting up security feature questions and looking at our existing code in our domain to help find and remediate any outdated or vulnerable code in partnership with the development and operational teams.

You will be a part of the team developing security training, giving guidance to other internal teams, and helping define our secure development (SDLC) process and procedures.

Operate SIEM tooling that includes writing queries, running log analysis, and operating playbooks for specific evaluations.

Perform SAST/DAST evaluations of code for risks and vulnerabilities.

You will be reporting to Scotland Symons, Director of Information Security

Scotland has been working in the Technology & Security industry for the last twenty years and has worked for Microsoft, Apple, Amazon, and a few more. Coming to Auror from the US, she runs the security team at Auror focusing on all of our efforts to secure the platform, code and efforts to protect Auror and its customers. In Scotland’s own words:

Security for me is about critical thinking and flexibility. Security is also not linear and requires lots of exploration and through good iteration driving towards the goal of good architecture. I try to weigh the needs of immediate action with long term Security & Engineering efforts while weighing the need of keeping the business going. The role of Information Security can sometimes be stressful especially in times where there is an incident and so I try to approach things with deep honesty as well as levity. I always keep failure in mind but don’t look at it as a dead end but rather an opportunity to learn how to get up and keep going.

Check out Scotland’s LinkedIn here.

Requirements

As our Senior Security Engineer, you’ll bring the following skills and experience:

A desire and ability to collaborate effectively with diverse and cross-functional teams – security is a partnership and team effort.

Strong communication skills – this is key as you communicate the ‘why’ behind certain practices and processes.

Curiosity and proactiveness – this will see you identifying opportunities for improvement across our security practices and you’ll be able to lead your work independently as required.

Comfort with ambiguity –  as we are at the beginning of our journey with building and scaling our security practices.

Deep technical understanding of multiple classes of security defects.

An understanding of a broad set of technologies, languages, and platforms – and the ability to quickly learn and adapt to new technology.

High standards for security domain knowledge along with a track record for writing quality code on popular platforms and languages.

Experience with designing solutions for security problems, partnering with service teams and other security stakeholders to ensure rapid adoption of solutions and mitigation of threats from beginning to end.

Experience of reviewing the design of services from a security perspective to identify vulnerabilities and weaknesses in the architecture, make appropriate recommendations, and guide teams to implement those recommendations through threat modelling & architecture reviews.

Experience of working with SIEM and creating scripts/queries to search for scenarios around security evaluation of logging & alerts.

We are looking for people who demonstrate a strong alignment to our Guiding Principles (you can find these on our Careers page).

Benefits

Competitive salary range: The hiring salary range for this role is $110,000-$170,000, depending on level of experience (this role has been scoped as IC3/IC4 level).

Employee share scheme: You’ll own part of a company making a real difference!

Flexibility: We are hard-working and outcome focused, but recognise there is more to life than work. We promote a healthy work/life blend.

Shorter work weeks (at full pay): Everyone gets Friday afternoons off, so you can start your weekend early, and do more of whatever it is that makes you happy.

Focus on mental and physical health: We understand how vital our health is and have policies to support your wellness, including: Wellness Days,  and up to three expert sessions paid for every year.

Health Care Plan: From 1 April ‘24, Auror covers 100% of the cost of your individual health insurance plan.

Family-friendly: We offer comprehensive parental leave and benefits for primary and non-primary caregivers, including a baby bonus and meals delivered to your door.

Personal growth: We support our team to participate in courses, conferences, or events that will help them develop their skills.

Team love: We have regular team lunches and social events where most (if not all) activities are during work hours.

With diversity and inclusion at the forefront of Auror’s guiding principles, we promote a culture that celebrates diversity and inclusiveness at Auror, regardless of, but not limited to, race, gender, sexual orientation, family status, religion, ethnicity, national origin, physical disability, veteran status, or age.

Next steps: If you’re excited about our mission and you have experience and a passion for this role, please hit “Apply” below.

We’re proud that Auror is a place where everyone can learn and grow. So if you’re not sure that you tick all the boxes but feel you’re close to what we’re looking for, please apply anyway as we’d love to hear from you!

Once you apply, you’ll hear from us to acknowledge your application. If you have questions about any of the above, or if you have any accessibility requirements, we’ll be able to help you from there.

To apply for this job please visit jobs.workable.com.