Senior Security Engineer

Description

TripleTen is a service that empowers individuals, regardless of their prior experience, to embark on the exciting and challenging journey of mastering tech professions. Our bootcamps focus on training students in software engineering, data science, business intelligence analytics, and QA engineering in a feasible and accessible way, ultimately leading them to thrive in a new career.

Our mission is to ensure that every student has the opportunity to successfully master a new profession, find their purpose, and become a valuable member of the tech industry. TripleTen is a remote-first organization, mirroring our students who complete our bootcamps in a remote environment.

As a Senior Security Engineer, you will conduct security due diligence for all new vendors and SaaS solutions, ensuring they meet baseline security requirements such as SSO, 2FA, and encryption, while maintaining a live inventory and assessing third-party risks. Security at our company is owned by a tight two-person team. You and another seasoned engineer will work closely together—splitting areas of responsibility, collaborating on reviews, and making joint decisions.



What you will do

Vendor & SaaS Risk Management

• Lead security due-diligence for every new external service or software purchase.
• Maintain and evolve our baseline security requirements (2FA, SSO, encryption, etc.).
• Maintain a living catalogue of third-party services and assess risks of data leakage.

Policies & Access Governance

• Develop and enforce policies for handling and protecting personal data (e.g., GDPR, CCPA).
• Define and control access rules for systems processing sensitive or regulated data.
• Run periodic Access Reviews for critical and SOX-in-scope systems.
• Design and implement technical controls required for SOX IT audit.

Security Architecture & Audits

• Conduct security audits for new services and major architectural changes.
• Collaborate with engineers to identify and mitigate security issues early in the design phase.

Infrastructure & Tooling

• Manage CSPM operations via Wiz.io: configure dashboards, tune alerts, triage incidents.
• Drive implementation of SIEM and DLP systems (currently in progress).
• Maintain and monitor Google Workspace security policies.
• Operate and evolve device management via Kanji MDM.

Requirements

• 5+ years in Security Engineering or similar roles, with at least 2 years at a senior/staff level.
• Strong knowledge of cloud infrastructure (AWS, GCP, or Azure) and SaaS tools.
• Hands-on experience with CSPM, SIEM, or DLP solutions.
• Familiarity with compliance frameworks like SOX, ISO 27001, or SOC2.
• Ability to perform threat modeling and communicate risks and trade-offs clearly.
• Scripting or automation experience (Python, Go, Terraform) is a plus.
• Proficient in English.

What we can offer you

• Fully remote and full-time collaboration with professional freedom and minimal micromanagement;
• Dynamic Team: Join a diverse, global team with experience across tech, ed-tech, and various industries;
• We use digital tools like Miro, Notion, and Google Workspace for seamless collaboration;
• Impactful Work: Your efforts directly influence the success rates of students finding jobs post-graduation.

*At this time, we are unable to offer H-1B, L-1A/B sponsorship opportunities.

**This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.



***TripleTen is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, color, religion, sex, national origin, age, religion, disability, marital status, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.