Security Engineer

EvenUp is a venture-backed generative AI startup that ensures injury victims are awarded the full value of their claims, expanding the $100B+ in awards granted to injury victims every year. Every year, the legal system has made it difficult for millions of ordinary people to seek justice, especially for folks without means or who come from underrepresented backgrounds. Our vision is to help these injury victims get the justice they deserve, irrespective of their income, demographics, or the quality of their legal representation.

EvenUp operates across all types of injury cases, from police brutality and child abuse to California wildfires and motor vehicle accidents. Our ML-driven software empowers attorneys to accurately assess the value of these cases by doing a core part of their workflow (legal drafting), enabling them to secure larger settlements in record time. As EvenUp evaluates more cases, our proprietary data grows, enhancing the precision of our predictions and delivering more value to both attorneys and victims alike.

As one of the fastest growing startups ($0 to $10M in ARR in <2 years), we raised $65M in investment from some of the best investors in the world (Bessemer, Bain Capital, Signalfire, DCM, NFX, Tribe Capital), seasoned tech executives (i.e. founder of Quora, SVP at Google, former CPO at Uber), and public figures that care about our social mission (Nas, Jared Leto, Byron Jones). Our team comes from top tech, legal, and investing backgrounds including Waymo, Google, Amazon, Uber, Quora, Blizzard, Norton Rose, Warburg Pincus, Bain, and McKinsey.

The role:

Today, our engineering team is roughly ~60 people, but by the end of 2024 we’ll be roughly ~100. With our growth, we’re looking for a strong Security Engineer to work cross-functional and manage our security within our infrastructure team. We need a hands-on Security Engineer to lead our Security efforts and drive our growth. You’ll help us evaluate building vs buying security solutions.

What you'll do:

• Security Architecture Design: Due to the technical depth required, this task fits well with someone specializing in security infrastructure, both for cloud and on-premise environments

• Security Automation: Automating security processes requires a strong technical background, making it suitable for this role

• Access Control and Identity Management: This is a technical role that involves implementing systems and protocols to manage access rights, fitting for a specialist

• Encryption and Data Protection: Handling data encryption techniques and ensuring data protection compliance are technical tasks that require in-depth knowledge of security protocols and standards

• Cloud Security & Endpoint Security: Specializing in securing cloud-based environments and managing endpoint security are tasks that demand a solid understanding of various platforms and devices

• Network Security: Implementing and managing network security solutions like firewalls and IDS/IPS/DLP systems requires technical expertise

• Vulnerability Management: Scanning and mitigating vulnerabilities is a technical operation that involves understanding the intricacies of software and hardware assets

• Application Security: Ensuring the security of in-house developed applications through secure development practices requires a blend of programming and security skills

You may be a fit for this role if you have:

• 8+ years of implementation experience in a security-focused role with an emphasis on hands-on secure technical architecture and implementation work, and oversight in a team setting (e.g., conducting solution security reviews)

• In-depth knowledge and implementation experience of information security principles, policy enforcement, operating systems, web application security, and a high-level of familiarity with malicious code uses, OWASP Top 10, and common techniques used by hackers

• Strong fluency in at least one programming or scripting language: Python, Ruby, Istio, NodeJs, Go

• Experience with container security and supply chain security

• Familiarity with the SOC2, HIPAA standards and how to monitor and remediate deficiencies

• Has experience working with Terraform; and has implemented automation and orchestration to enhance the DevSecOps pipeline

• Provide secure code reviews & identify security anti-patterns for product and infrastructure engineering team

• Up-to-date knowledge and regular monitoring of the evolution of technologies and vulnerabilities to identify the solutions and measures necessary to secure cloud computing applications and ecosystems

• Hands-on experience with design and implementation of security architectures in GCP or AWS or Kubernetes

Nice to haves:

• Fluency with at least one infrastructure-as-code or configuration management language

• Experience in the design and implementation of security controls

• Experience with design and enforcement of security best practices for the development

• Experience with planning and execution of security web and infrastructure pen testing

• Experience with DLP (data loss prevention)

• Experience with risk modeling for AI/ML data protection

• Experience with Istio or other Service Mesh technologies

• Cybersecurity certification (e.g. CISSP, CISA, CCNA, CCNP, Kubernetes Certified Administrator or Certified Kubernetes Application Developer or other relevant certification)

Benefits & Perks:

We seek to empower all of our team members to fulfill our mission of making the world a more just place, regardless of our team’s function, geography, or experience level. To that end, we offer:

- Fully remote setup - work from wherever you feel is best (Plus a stipend to upgrade your home office!)

- Flexible working hours to match your style

- Offsites - get to meet your coworkers on a fully-expensed trip every 6-12 months!

- Choice of great medical, dental, and vision insurance plan options

- Flexible paid time off

- A variety of virtual team events such as game nights & happy hours

EvenUp is an equal-opportunity employer. We are committed to diversity and inclusion in our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.