Senior Security Engineer

Medallia is the customer experience management company. Founded in 2001, the company is trusted by the world’s leading brands including Verizon, Macy’s, Sephora, Honeywell, Four Seasons, Sodexo, and Mercedes to improve customer experiences. Medallia’s Software-as-a-Service (SaaS) application enables companies to capture customer feedback across Web, social, mobile, and contact center channels, understand it in real-time, and take action everywhere.

We are seeking security engineers with a natural affinity for modern security patterns - the key to success in engineering pragmatic security solutions at scale for fast-moving and rapidly changing environments. This role requires a deep passion for engineering (mostly) invisible security-at-scale, the kind that works and that is minimally disruptive in a fast-paced engineering culture.

* Have full ownership of assigned security engineering initiatives for production and corporate infrastructure * Make key contributions to balanced security solutions that improve our posture without getting in the way of productivity * Take part in building creative tools and services, basically “the glue”, that will tie together our data gathering abilities in ever-expanding ways as we grow our incident response capabilities and adapt to the evolving threat landscape * Provide security domain expertise on system, network, encryption and authentication services * Participate in pro-active threat-hunting across our infrastructure * Carry out vulnerability triage assessments as needed, based on the output of continuous security scanning and monitoring activities * Participate in our vulnerability management program, including bug triage assessments, communicating findings to key stakeholders, and driving remediation efforts with relevant Engineering owners

**Requirements** * BS or MS in Computer Science, or equivalent experience * 5+ years industry experience * Experience building security in a fast-paced, web-scale environment, preferably for a SaaS provider * In-depth knowledge of multiple OS platforms with strong emphasis on Linux * Advanced knowledge of core networking protocols (TCP/IP, DNS, etc.), including routing protocols such as BGP and OSPF * In-depth knowledge of authentication protocols, applied cryptography, PKI and TLS * Proficiency in at least one programming language (Python would be a plus) for writing automation frameworks and relevant security tools * Solid understanding of modern programmatic infrastructure components and deployment patterns **Nice to haves:** * Experience securing microservice-based architectures * Experience working on a red team * Knowledge of the latest attack trends, tools and the threat landscape