Senior SecOps Engineer

Company Overview: 

PandaDoc empowers more than 27,000 growing organizations to thrive by taking the work out of document workflow. PandaDoc provides an all-in-one document workflow automation platform that helps fast scaling teams accelerate the ability to create, manage, and sign digital documents including proposals, quotes, contracts, and more. For more information, please visit www.pandadoc.com

Company Culture: 

We're known for our work-life balance, kind co-workers, & kick-ass Christmas parties. Although some of our Pandas are located across the globe, we stay connected with the help of technology and ensure that everyone on our team feels, well, like a team. 

Pandas work best when they're happy. Happiness doesn't come from a ping-pong table or free snacks. We retain our talent by upholding our values of integrity & transparency, and selling a product that changes the lives of our customers. 

Check out our LinkedIn to learn more.

We are looking for people that believe in the PandaDoc culture and are ready to develop secure, reliable, and scalable product solutions within our fast-growing business.

Are you adaptable, driven, and friendly? Do you thrive in a fast-paced work environment where collaboration is the norm? If the answer is yes, then you’re a Panda and we want you to join our team.

PandaDoc is looking for talented Security Engineers focused on Security Operations activities to join the Security team. SecOps engineers focused on enabling Product teams in streamlining incident management and vulnerability management processes.

As a SecOps Engineer, you will:

• Monitor and test information systems to identify vulnerabilities
• Execute or manage mitigation remediation of identified vulnerabilities
• Respond to security incidents and performs root cause analysis
• Assess and understand PandaDoc’s current security framework and future architecture, providing recommendations for risk reduction
• Design and evangelize automated security capabilities
• Serve as a security expert in application development and microservice design
• Analyze and monitor relevant security threats and prevention measures based on industry trends and standards with reference to business specifics

Our stack:

• Service-oriented architecture
• Two main stacks: Java and Python
• Python services are mostly written using AsyncIO frameworks and libraries, but we also have Django-based services with Celery workers under the hood
• Message queues: NATS, Kafka, and RabbitMQ
• Amazon Web Services: EKS, RDS, ElastiCache, etc.
• Prometheus stack for monitoring and alerting

About you:

• 3+ years’ experience with security management tools, including IDS/IPS, WAF, SIEM, vulnerability scanning, and penetration testing
• 2+ years’ experience with cloud provider ecosystems (Amazon Web Services, Microsoft Azure, etc) with reference to security aspects and best practices
• Practical experience in web application security testing methodologies and remediation approaches (OWASP, SANS, NIST, etc)
• Understanding Access Control and Identity Access Management principles (SAML 2.0, OAuth, JWT, etc) 
• Understanding DevSecOps methodology
• Solid interpersonal, written and verbal communication skills
• Intermediate English level (B1+)

Benefits:

• An honest, open culture that emphasizes feedback and promotes professional and personal development
• An opportunity to work from anywhere — our team is distributed worldwide, from Minsk to Manila, from Florida to California
• An annual personal budget for educational classes, conferences, etc. — anything to further your professional knowledge
• A competitive salary
• And much more!