Senior Security Engineer - Seesaw

About Us:

Trusted and loved by 25 million educators, students, and families worldwide, Seesaw is the only elementary learning experience platform, offering a suite of award-winning tools, resources, and curriculum for teachers to deliver joyful, inclusive instruction. Through interactive lessons, digital portfolios, and two-way communication features, Seesaw keeps everyone in the learning loop by providing continuous visibility into the student's learning experience to support and celebrate their learning.

Our Mission:

Seesaw’s mission is to provide every elementary student with joyful and connected learning experiences that lay the foundation for success in life.

Your Team:

This Senior Security Engineer will join our Core Platform team, a back-end team functioning as the backbone of our organization, dedicated to crafting and maintaining the fundamental infrastructure and service libraries that drive Seesaw's success. By constructing the foundational layers and systems, they empower rapid and scalable development of exceptional user experiences from our product engineering teams. Additionally, the Core Platform team assumes ownership of critical operational aspects, including security, reliability, compliance, and cost-effectiveness to ensure the seamless operation of Seesaw's platform and cloud infrastructure. This is a force multiplier team with a wide breadth of exposure, and contributes directly to the success of the organization.

Your Role:

Seesaw is seeking an experienced Senior Security Engineer to join our Core Platform team. As we continue to grow our international footprint here at Seesaw, you will help lead the charge in achieving and maintaining international compliance certifications, like SOC 2 and ISO 27001, ensuring our security practices align with industry standards. You will collaborate closely with engineering and product teams to conduct threat modeling, code reviews, and vulnerability assessments, fostering a culture of security awareness throughout the organization. Your expertise in automating security processes and improving existing frameworks will be instrumental in enhancing our application and infrastructure security. If you are passionate about building secure systems and driving compliance initiatives, we invite you to make a significant impact on our team at Seesaw.

Your Responsibilities:

• Lead efforts to achieve and maintain internationally recognized compliance certifications such as SOC2 and ISO27001, including developing and implementing policies, procedures, and training programs to ensure organizational alignment with compliance requirements.
• Partner with engineering and product teams to perform threat modeling, design, and code reviews to assess security implications and requirements for the secure development of new systems and technologies and remediate vulnerabilities in existing ones.
• Design, build and deploy automation to scale application and infrastructure vulnerability discovery efforts across repositories, systems, and microservices.
• Develop automated security testing to validate secure coding best practices.
• Support our external researchers through our bug bounty program, and coordinate our annual security exercises.
• Proactively improve our security frameworks, documentation, tools, processes, and methodologies.

Your Requirements:

• Bachelor's or Master's degree in Computer Science, Information Systems/Technology, Cybersecurity, or a related field, or equivalent practical experience.
• 5+ years of experience specifically in security engineering / application security, and 8+ years of total professional experience in a technical role.
• Proven experience in leading and managing the achievement of international compliance certifications, like SOC2 and ISO27001, with a strong understanding of the associated frameworks and requirements.
• Experience identifying security issues in applications through code review, threat modeling, penetration testing, manually and with tools.
• Experience improving platform security practices within an AWS infrastructure stack and containerized environments.
• Experience partnering with cross-functional product/engineering teams, and advising these teams on how to address a broad set of security and privacy challenges.
• Strong knowledge and experience in at least one of the following: Python, JavaScript/TypeScript or other similar languages.

Nice to Have:

• Experience designing, implementing, and deploying production-quality systems.
• Strong understanding and experience with security controls, and common security libraries in languages like Python and Javascript.
• Experience with CI/CD pipelines, and other general SRE skills.
• Experience with secure code review, penetration testing, and common security tools.

Compensation & Benefits:

Our salary ranges are based on paying competitively for our size and industry. Salary is just one part of our total compensation package that includes equity, perks & benefits, and development opportunities at Seesaw. Individual pay decisions are based on several factors, including qualifications for the role, experience level, skillset, geography, and balancing internal equity relative to other Seesawers. It is our expectation that the majority of candidates who are offered roles at Seesaw will land well within our salary ranges based on these factors.

The annual base salary range for this position is: $165,000 - $195,000 + RSUs.

This is an exempt position.

Benefits include: Medical/Dental + Orthodontics/Vision Coverage, 401k Match, Flexible Paid Time Off, Mindfulness First Fridays, Monthly Technology Stipend, Home Office Setup Stipend, Professional Development Stipend, Paid Parental Leave, Charitable Donation Matching, Volunteer Days.

Seesaw cares about building a diverse and inclusive team to better advocate for the needs of our incredibly diverse K-12 users.

We prioritize work-life balance and actually walk the walk — we care a lot about our work, but care more about our employee's well-being. We encourage everyone to work at a sustainable pace and have a flexible vacation policy that people actually use.

Seesaw provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, religious creed, color, sex, sex stereotype, gender, gender identity/gender expression/transgender, national origin, ancestry, physical or mental disability, medical condition, genetic information/characteristics, marital status/registered domestic partner status, age, sexual orientation, or military or veteran status. In addition to federal law requirements, Seesaw complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Seesaw is committed to protecting your personal data. Learn more about the personal information we collect, how we use it, and how to exercise your rights here: U.S. Privacy Notice.