Senior Product Security Engineer

About Monte Carlo

As businesses increasingly rely on data to power digital products and drive better decision-making, it’s mission-critical that this data is accurate and reliable. Monte Carlo, the data reliability company, is the creator of the industry's first end-to-end Data Observability platform. Named an Inc. Best Workplace for 2024, a DBTA Readers Choice for Best Data Observability Solution for 2024, a G2 Best Product for 2023, and the "New Relic for data" by Forbes, we've raised $236M from Accel, ICONIQ Growth, GGV Capital, Redpoint Ventures, IVP, and Salesforce Ventures. Monte Carlo works with data-driven companies like Fox, Pepsico, Amazon, American Airlines, and other leading enterprises to help them achieve trust in data.

About the Role:

Monte Carlo is seeking an exceptional Product Security Engineer to lead our security engineering efforts in a cloud-first environment. Your role will be central to maintaining and enhancing our vulnerability management program, developing security automation, and managing security alerting/reporting. You will also actively participate in new features and code reviews to support our Engineering team. This position demands a comprehensive understanding of AWS security, proficiency in secure Python development, and expertise in security automation.

Here’s what you’ll be doing:

• Spearheading security engineering in a cloud-first environment.
• Enhancing and maintaining our vulnerability management program.
• Developing and maintaining security automation.
• Managing security alerting and reporting systems.
• Contributing to Engineering efforts via code reviews and security assessments.
  
  

• In-depth knowledge of AWS security.
• A documented background in secure Python development and security automation.
• Experience with SIEM tools such as Splunk, Panther, or Datadog.
• A sense of urgency, an ownership mindset, self-starter qualities, and a strong customer focus.
• Excellent written and verbal communication skills.
• An ability to work autonomously, think strategically, and make decisions with conviction.
  
  

• Security experience in GCP/Azure.
• Experience in operating/maintaining a Vulnerability Management program.
• Familiarity with SCA tooling (Github Advanced Security, Orca, Wiz, etc).
• Basic understanding of SOC 2, ISO 27001, and/or NIST 800-53.
• Red/Blue/Purple team experience for aiding in 3rd party pentest scoping.
  
  

• Developing customer-facing features (frontend or backend) within the product.
• Running internal red/purple team activities.