Lead Security Engineer

Lithium delivers awesome digital customer experiences at scale for the world’s biggest brands including Airbnb, AT&T, Sephora and Spotify. Comprising Social Media Management and Communities, the Lithium engagement platform enables brands to manage multiple digital touchpoints, facilitate millions of conversations, and drive smarter decisions through data – connecting customers, content and conversations at the right digital moment.

Lithium is looking for an experienced and energetic Lead Security Engineer. You will become a strategic member of our Information Security Team and be responsible for ensuring that our products and services are built to the highest specifications of security standards. If you enjoy analyzing and solving complex information security problems, responding to current and emerging security threats, and mentoring junior team members this position is ideal for you. You will participate in security architecture and design reviews, vulnerability assessments, security audits, penetration testing, and overall security design and implementation of the Lithium products and our mission-critical SaaS environment.

* Work with developers, system/network administrators, and other colleagues to ensure secure design, development, and implementation of applications and networks in traditional data centers and public cloud (AWS or similar) * Drive the implementation and rollout of the secure SDLC process to ensure security is baked in to the software and product development lifecycle * Conduct static and dynamic security testing on web applications * Respond to security bugs and security scan report issues * Work with administrators, engineers and software QA teams to prioritize and address security bugs, security feature implementations and security enhancements * Conduct design and architecture reviews and develop security requirements related to new and existing software platforms, systems and features * Responsible for design and implementation of security tools and technologies, such as IDS/IPS, WAF, SEIM, log monitoring and alerting, etc. * Conduct internal and external security assessments, audits, and penetration testing * Create and maintain comprehensive internal and external documentation * Develop training materials for security awareness and deliver security technology training, such as emerging trends of security risks, latest security tools and methodologies, information security concepts, etc. * Mentor team members and evangelize information security topics by conducting lunch-and-learn type sessions and more focused seminars with internal and external audiences

**Qualifications** * 7+ years of professional experience in information security and web application security * The ability to communicate complicated technical issues and the risks they pose to R&D engineers, network and system administrators and management * Define security best practices and standards and plan the implementation and alignment of internal processes and practices accordingly * Deep understanding of OWASP Top-10 and SANS Top-25 vulnerabilities * Solid understanding of web technologies, frameworks and concepts (HTML, JavaScript, XML, JSON, REST, AJAX, AngularJS, Node.JS, etc.) * Good understanding of web protocols and security standards (TCP/IP, HTTP/HTTPS, TLS, DNS, SAML, SSH, Oauth, etc.) * Experience with commercial and/or open source security tools (Burp, Nessus, Qualys, Veracode, or similar) * Experience breaking down complex systems and applications to find flaws * Ability to identify vulnerabilities through client- and server-side code audits and analysis * Familiarity with programing languages such as Java, Javascript and the ability to pick up additional ones if necessary * Familiarity with scripting languages such as Python, Perl, Ruby, Shell, etc. * Proficiency in Linux/Windows/MAC OSX systems and security * Database experience is a plus (MySQL, Redis, Mongo) * Must have strong analytical and problem-solving skills * Must poses strong oral and written communication skills. * Bachelor degree (Computer Science or related Technology preferred) **Additional Desired Qualifications (not mandatory but a big plus)** * Security certifications such as GIAC and CISSP or similar * Experience in writing secure code * Experience with audits and compliance (SAS)