Sorry. This page is not yet translated.
Glossier

Glossier Inc. is building the future beauty company in collaboration with its customers.

Senior Cloud Security Engineer
New York City, NY, US
Job Description / Skills Required

Glossier's mission is to give voice through beauty. We are a direct-to-consumer company that leverages the power of personal narrative to own the beauty conversation on the internet. We do this by building products, growing our community, and making decisions in inclusive, customer-devoted, curious, courageous, and discerning ways.

We're looking for a Senior Cloud Security Engineer to build a robust and secure-by-design cloud environment. You’d join our Technology team, working closely with Engineering and broader technology organizations to ensure safety of Glossier’s customer’s data and trust.

You will focus on building the security controls that protect our public cloud environment and creating tooling that enables our engineers safely use the Cloud. You’d continuously improve our engineering practices and tooling to help us deliver a secure and reliable e-commerce experience for our customers. If this is something that excites you, please reach out!

Six Month Expectations 

  • Establish and implement cloud security standards for Engineering
  • Audit and drive remediation of Security control gaps in CIS AWS Foundations Benchmark v1.2.0 
  • Provide vulnerability remediation guidance and mentoring to developers
  • Operationalize process for Continuous Security Monitoring and Anomaly Detection for Cloud

Twelve+ Month Expectations

  • Build cloud governance tooling to automatically monitor and enforce our AWS security policies
  • Enforce key security controls via infrastructure-as-code (IAC)
  • Partner with Engineering to drive Zero-Trust Cloud Architecture for Glossier Services 
  • Develop Cloud Security training module for Engineers

Qualifications

  • Strong knowledge of AWS services and security controls
  • Proficiency with at least one of the following languages: Python, Go, JavaScript.
  • Must be able to explain vulnerabilities referencing to OWASP Top 10, WASC, and/or CWE 25 to any audience, and discuss effective defensive techniques
  • Has implemented frameworks and tooling to continuously monitor for security vulnerabilities
  • Can appropriately align security goals with business value and make effective tradeoffs
  • Strong written and verbal communication skills

About Glossier 

Glossier is a beauty company that lives in NYC, is sold on the internet, and promotes a skincare first philosophy that celebrates beauty in real life.

We are an Equal Employment Opportunity (“EEO”) Employer. It has been and will continue to be a fundamental policy of Glossier not to discriminate on the basis of race, color, creed, religion, gender, gender identity, pregnancy, marital status, partnership status, domestic violence victim status, sexual orientation, age, national origin, alienage or citizenship status, veteran or military status, disability, medical condition, genetic information, caregiver status, unemployment status or any other characteristic prohibited by federal, state and/or local laws. This policy applies to all aspects of employment, including hiring, promotion, demotion, compensation, training, working conditions, transfer, job assignment, benefits, layoff, and termination.