Senior Security Engineer

As a Grove Senior Security Engineer, you’ll be part of our nationwide team tasked with building, maintaining, and securing the IT infrastructure and information systems that power Grove's day-to-day operations. You own securing all things hardware and software that help facilitate Grove’s daily business operations. We rely on numerous cloud technologies (AWS, Google Workplace, Jumpcloud, VMware Workspace One, Datadog, Pagerduty, and Github to name a few) to minimize our footprint, utilize automation wherever possible to minimize manual recurring activities, and practice continuous improvement techniques to build upon infrastructure and systems. 

We’re looking for action-oriented technologists who thrive in fast-paced high-growth environments, and who are looking to further develop their technology skills working with our existing nationwide team. Flexibility to support regions outside of your home office, including occasional travel, is required.

YOUR IMPACT & RESPONSIBILITIES:

• You’ll architect, design, implement, and improve our overall information and systems cybersecurity posture (networks, endpoints, clouds, applications, etc.).
• You’ll analyze and develop information security governance and compliance (ISO 27001, SOX, PCI, GDPR, etc.) policies, procedures, standards, baselines, and guidelines with respect to information security and use and operation of information systems.
• You’ll build processes that enforce compliance with authentication and access control protocols, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets.
• You’ll perform vulnerability and penetration tests, risk and compliance self-assessments, coordinate third-party risk and compliance assessments, and lead remediation and continuous improvement efforts.
• You are expected to maintain a proactive approach to identifying security risks/ threats by reviewing continuously evolving cybersecurity/industry trends. 
• You’ll build a security and event monitoring and alerting infrastructure, develop countermeasure processes, and manage recovery, investigation, and reporting of security incidents.
• You’ll design and implement methods for securing multi-region private and public AWS clouds and all of the associated infrastructure assets in an infrastructure as code environment.
• You’ll review and provide guidance on secure programming practices in a CI/CD environment using technologies such as CircleCI, Github, Jira, etc. 
• You’ll be expected to have hands-on experience on some of the industry-standard security technologies such as Vulnerability & Application Security, SIEM, DLP, Public Cloud Security, CASB, etc.
• You’ll analyze and recommend security controls and procedures in the acquisition, development, and change management lifecycle of 1st and 3rd party information systems.
• You’ll support the CISO and management during security incident response investigations.

ABOUT YOU:

• 5+ years experience as a System Security Engineer, Information Security Engineer, or other relevant position
• Proven experience in implementing security controls across public cloud environments based on some of the security/regulatory frameworks such as SOX, PCI DSS, NIST CSF.
• Relevant industry certifications must have at least one of CISSP or CCSP and additional preferred (OSCP, GRCP, GSEC, CGEIT, etc.)

BENEFITS:

• Core Benefits: Stock options, Medical, Dental, Vision, Pre-tax and Roth 401k options, Short term and Long Term Disability and Life Insurance, Employer contribution toward Health Savings Account (HSA)
• Perks: Employee Assistance Program (EAP), Perkspot discount platform, Quarterly peer recognition awards, Class Pass discount, Free VIP Membership + 25% off every Grove order
• Work/Life: WFH stipend + internet reimbursement, Flexible Paid Time Off, 16 week Paid Parental Leave + discounts on fertility services

ABOUT GROVE COLLABORATIVE:

Launched in 2016 as a Certified B Corp, Grove Collaborative creates innovative natural products and offers a curated selection of healthy home essentials like cleaning supplies and personal care products. With a flexible, monthly delivery model and a personal Grove Guide assigned to each customer, Grove’s platform makes it easy for people to switch to healthier, more sustainable routines. Every item Grove offers, both from their flagship Grove Collaborative brand and from exceptional third party brands, has been thoroughly vetted against strict standards for sustainability, efficacy and supply chain practices. On a mission to move Beyond Plastic, Grove is the first and only plastic neutral retailer in the world and is committed to becoming 100% plastic-free by 2025. For more information, please visit www.grove.co/plastic.

Let’s do this

We're building a diverse and inclusive work environment where we learn from each other. We welcome people of diverse backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a fun place to work. Come join the community at Grove. It's a heck of a lot of fun, and we'd love to tell you more about it.

If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to [email protected].

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.