Security Operations at SpotHero
You will be one of the first Security Operations (SecOps) people at SpotHero; you will help us define how we go forward and create the strategy for SpotHero to get Security right as we scale.
Who we are: SpotHero is a $118MM-raised Series D company based in Chicago, US whose mobile & web platforms allows users to quickly and easily find off-street parking across North America.
Ranked at #15 for a Consumer Marketplace (The a16z Marketplace 100) SpotHero is a fast-growing market leader disrupting the mobility space. Drivers across North America use the SpotHero mobile app, website, and connected car integrations to reserve convenient, affordable parking. Parking companies (Operators) rely on us to help them reach new customers while optimizing their business through our Business Intelligence Tools. We connect the dots with cutting-edge technology, delivering value to both sides of this exciting, evolving marketplace.
In 2019 we:
- Parked our 30 millionth car
- We hired 97 people, 40 in Engineering alone
- Added more than 1,300 new parking facilities, exceeding 7,000 facilities across North America
- Added 200 new airport parking facilities serving 61 airports, and launched new partnerships with The Parking Spot, Toronto Pearson International Airport, and The South Terminal at Austin Bergstrom International Airport
- Added 300+ new events and venue partners, including the United Center, home of the Chicago Bulls and Chicago Blackhawks; PPG Paints Arena, home of the Pittsburgh Penguins; Fiserv Forum, home of the Milwaukee Bucks; and the American Airlines Arena, home of the Miami Heat
What kind of person are you?
- Curious and a hungry learner
- A Problem Solver
- Ability to collaborate
- An owner of your work
- An educator
- Insanely detail-oriented
- Fantastic communicator in and outside of Engineering
About the role:
- Help establish and drive the decision-making for platform and application security architecture
- Design and implement solutions to difficult engineering and security problems
- Collaborate across the stack to identify potential exploits and help the team avoid creating new ones
- Utilize a suite of techniques and security scanning tools to analyze the platform and infrastructure and then prioritize resolution based on the potential impact
- Develop security functional tests to execute in our CI/CD pipeline to ensure that prior issues stay remediated
- Join forces with your fellow teammates and the larger security community to maintain and continually improve our existing security tools using modern software engineering practices
- Work with external procurement and partner technology teams to answer questions about SpotHero’s corporate security
- Serve as a deeply skilled and knowledgeable resource within the security technology area
- Assist in efforts to detect, confirm, contain, remediate and recover from attacks
- Understand the technical aspects of Web and Mobile application security
- Maintain, improve, and evangelize standard security operating procedures and processes
- Run vulnerability scans and managing security tool updates
- Assist in creating documentation and training material
- Experience in Secure Code Review and best practices
- A passion for security topics as demonstrated by professional experience or personal projects
- Strong collaboration skills and proven ability to work in a diverse environment
- You have research and analytical skills and are able to pinpoint significant patterns related to cyber threats, strong organizational, presentation and communication skills
- Experience with network intrusion detection tools
- Strong understanding of Operating Systems: Android, iOS, Mac OS, Windows and Unix/Linux
- Working knowledge of database and operating system security
- Bachelor's degree in Computer Science, Business Administration, Business Information Systems, Cybersecurity, or a related field, or equivalent work experience
- Security certifications such as CompTia: Network+, Security+; ISC²: CCSP, SSCP, CSSLP; GIAC: GPEN, GCSA, GWAPT, GXPN, GWEB, SEC534, etc
Bonus points if you have:
- A background in data systems and statistics (Elasticsearch and related are extra helpful)
- Experience working on a team concerned with uptime or systems availability
- IAT Level II (GSEC, Security+, SSCP, or CCNA-Security) certification
- A good understanding of Mobile OS security for both Android and iOS
- You have or can obtain a Certified Ethical Hacker (CEH) certification within 6 months of your start date.
- Experience with an infrastructure as code (IaC) tool such as Terraform, Ansible, Chef, etc.
What we are offering:
- Career game changer – A truly unique experience to work for a fast-growing startup in a role with unlimited potential for growth.
- Excellent benefits – We cover up to 90% of Medical Premiums, 50% of Dental & Vision Premiums, and offer company sponsored Life Insurance.
- Flexible PTO policy, generous parental leave, 401k retirement savings plan + matching, and great work/life balance – We value and support each individual team member.
- Fun perks like snacks, catered lunches, happy hours, wellness programs, and SpotHero swag.
- Annual parking stipend (duh – we're a parking company!).
- The opportunity to collaborate with fun, innovative, and passionate people in a casual, yet highly productive atmosphere.
- A workplace recognized by Time Magazine as one of the Top 50 Most Genius Companies of 2018, ranked on Built In Chicago’s 100 Best Places To Work In Chicago in 2020 & 50 Companies With The Best Benefits In Chicago In 2020 , plus our Diversity & Inclusion initiatives!
- This position is ineligible for visa sponsorship. To be considered for this role, you must be legally authorized to work in the US and not require sponsorship for employment now or in the future.