Founded by ex-Apple Product and Engineering leaders, Level is redefining the smart home with technology that is simple, intuitive, useful, and invisible. We recently raised $100M in funding, and we’re looking to build an internal Security function.

At Level, we take a unique approach to designing products – one that shifts focus from what we make to how we make it and who we make it for. It’s an approach that results in elegant and unique solutions, raising the bar for the entire smart home ecosystem.

It’s also an approach that has led to our partnerships with Apple, Amazon (including Ring integration), Walmart, and other industry leaders – assuring that our products provide solutions that align with the technology choices and preferences of our customers.

We are seeking a DevSecOps Architect, and/or hands-on Security Manager to build and maintain a prioritized security roadmap to address security gaps and improve security practices.

 

Responsibilities:

• Take ownership of security tools to build tracking and reporting capabilities to mitigate or eliminate risks
• Build Threat Models and analyze security weaknesses in infrastructure deployments, pipelines and tech stack
• Review vulnerability reports, deployments, misconfigurations and tool findings for compliance against ISO/SOC 2
• Analyze security incidents from MDR/IDS/IPS  to identify root causes, trends, and patterns and propose improvements or mitigating measures based on findings
• Define and maintain a security reference architecture that provides best practices and design guidance, roadmaps, and key security considerations for all major domains (i.e., IAM, privacy, cloud platforms, infrastructure, applications, database, etc.)
• Help define and maintain security guidelines and corporate standards
• Manage projects related to security tasks and issues on a day to day basis
• Work with DevOps and Engineering teams to build and improve security posture
• Work with Legal and Audit teams to define technical and regulatory requirements for security tools
• Provide guidance and training to diverse groups and senior leaders within the organization and evangelize DevSecOps and shift left philosophy

 

Required qualifications:

• Experience working in production environments or environments closely associated with production or devops teams.
• Working knowledge of common and industry-standard cloud-native/cloud-friendly authentication mechanisms (OAuth, IDP, Okta etc)
• Experience implementing strong security in cloud native technologies (Kubernetes, APIs, Microservices), using Infrastructure-as-Code and Compliance-as-Code
• Hands on experience in rolling our MDR, SIEM, vulnerability scanning and data loss prevention tools
• Experience writing IaC (Infrastructure as code) as part of a DevOps or DevSecOps in a multi-cloud environment
• Hands on experience in monitoring and securing cloud services (AWS, GCP) and APIs
• Working knowledge of compliance requirements and regulations and managing audit vendors
• Familiarity with setting up security incident response centers (SOC)
• Experience implementing, optimizing and troubleshooting the following tools/ecosystems:
  • Terraform, Hashicorp Vault
  • AWS SSO or Okta
  • AWS GuardDuty, WAF
  • Nessus /Tenable, Crowdstrike
  • Alertlogic / McAfee / MDR solutions
  • VPN / Palo Alto / Prisma/ ZScaler
  • SumoLogic or Splunk
  • Checkmarx / Veracode/ Sonarqube
  • Datadog / New Relic
  • Prometheus, Open Telemetry
  • SOC 2 / ISO2700x

 

 It would be great if you also possess:

• CISSP and/or CISM certifications