Senior Security Engineer

Life at Plume

At Plume, we believe that technology isn't about moving faster, it's about making life's moments better. Which is why we've built the world's first, and only, open and hardware-independent service delivery platform for smart homes, small businesses, enterprises, and beyond. Our SaaS platform uses WiFi, advanced AI, and machine learning to create the future of connected spaces—and human experiences—at massive scale.

We now deliver services to over 60 million locations globally and have managed over 3 billion devices on our platform. We're expanding rapidly, pioneering a new category, and we achieved our Series F funding in just four years. Our customers include many of the world's largest Internet Service Providers (ISPs) who look to Plume to help them evolve their smart home offerings while gleaning insights from their own data. 

With a bias for action and a love for being trailblazers, the team at Plume embodies a combination of relentless curiosity and imaginative innovation. We challenge ourselves to think in ways that other companies don't, work to do what should be done (rather than what can), and if we can't do it exceptionally well, we don't do it. It's how we've assembled a team of world-class builders, thinkers, and doers. And it's how we're reinventing what's possible every day.

Plume develops and deploys cloud based control planes with scale to manage tens of millions of customer homes through some of the world's largest Internet Service Providers. Our cloud applications include WiFi network management and optimization, device access control, network provisioning, IoT security, and end customer user interaction through mobile apps. 

The Opportunity:

Plume is hiring a security engineer to join the security team to help protect and drive the Plume mission. As a highly visible and dynamic organization, we must value and guard against damage to our internal information, our platforms, and our reputation and brand. Finally, it is paramount that we defend against loss of control or confidence in our systems, to guarantee the highest probability of success.

As a Sr. Security Vulnerability Engineer, you will focus on the technologies that ensure our networks and systems are up to industry and Plume security standards. This role will partner with various engineering, IT and stakeholder groups across Plume to ensure that the technologies and systems we build in-house or purchase are protected in a secure way that minimizes risk.

What you will do:

1. Establish a process to detect, track, prioritize, and report vulnerabilities on organizational information systems
2. Own End to End Vulnerability program, move the area into SOAR as needed.
3. Coordinate with SOC/MSSP on vulnerability triage and detection rules/alerts, coordinate mitigation efforts, and report progress
4. Identify critical flaws in applications and systems that cyber attackers could exploit
5. Conduct vulnerability assessments for networks, applications and operating systems
6. Conduct network security audits and scanning on a predetermined basis
7. Use Crowdstrike, DAST, SAST, Rapid7 to pinpoint vulnerabilities and reduce time-consuming tasks
8. Use refinement techniques to gain understanding to reduce false positives.
9. Compile and track vulnerabilities over time for metrics purposes
10. Serve as advisor to engineering and dev teams in security best practices and design.
11. Work with security and IT teams to identify threats and problem areas and create stronger and safer software and application deployments across Plume, measuring decreased risk and prevalence of issues.

Who you are: 

• Must be a Senior level person and have HANDS-ON experience as the person responsible for overseeing vulnerability Programs
• Bachelor's degree in Information Security, Computer Science or related field or equivalent work experience
• 5+ years of professional experience in vulnerability management with an education in security or other STEM discipline; 
• Experience with either Crowdstrike, Rapid7, other EDR , MDM, XDR or SIEM
• Experience with scripting in Python, Shell, Go, Javascript and ability to read APIs
• Expertise with Mac and Linux operating systems
• Understand AWS and GCP cloud resource vulnerabilities.
• Strong communication, written, presentation and interpersonal skills
• Proven ability to work unsupervised, exercise leadership, and influence change.
• You operate effectively across teams and disciplines even in highly ambiguous situations with a rack record of getting things done quickly and with quality

About Plume

As the creator of the only open, hardware-independent, cloud-controlled experience platform for ISPs and their subscribers, Plume partners with over 400 ISP customers, including some of the world's largest such as Comcast, Charter, Liberty Global, and J:COM. 

Using OpenSync, the most widely supported open-source, silicon-to-cloud framework for smart spaces, Plume's software-defined network allows ISPs to decouple their service offerings from hardware and rapidly curate and deliver new services over a multi-vendor, open-platform architecture.  

Plume is an equal opportunity workplace that maintains a continuing policy of nondiscrimination in all employment practices and decisions, ensuring equal employment opportunities for all qualified individuals without regard to race, color, creed, religion, sex, national origin, age, physical or mental disability, sexual orientation, gender identity, marital status, pregnancy, childbirth or related individual conditions, medical conditions (as defined by state law), military or veteran status, or any other characteristic protected by federal, state or local law.