Gusto
Join to apply for the
Senior Security Operations Engineer
role at
Gusto .
Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 400,000 businesses nationwide.
The Security Operations team fortifies Gusto and our customers against threats, including phishing, insider risk, data loss, and emerging techniques. Our distributed team in Eastern and Pacific time zones strategically designs, implements, and optimizes monitoring and response capabilities to ensure proactive threat detection and mitigation across the organization.
We are seeking a highly experienced Security Engineer with 8+ years of demonstrated experience to lead and contribute to advanced security operations and vulnerability management initiatives. You will drive strategic enhancements within our Vulnerability Management Program, spearhead security operations efforts, and mentor other engineers. Deep expertise in AWS cloud environments, incident response leadership, and strong Python scripting will be essential as you collaborate across multiple areas of the company.
What you’ll do day-to-day
Security Monitoring & Detection Engineering: Lead the strategy and execution of real-time security monitoring. Architect, build, and fine-tune high-fidelity detections, focusing on our AWS environment. Develop and implement improvements to group-level incident response processes, practices, and tools.
AWS Security Configuration & Automation: Drive continuous improvement and hardening of AWS security posture. Architect, deploy, and continuously enhance advanced security tools such as SIEM, EDR, DLP, and SOAR platforms, influencing their adoption and effectiveness beyond the immediate team. Model and configure AWS services (e.g., GuardDuty, Security Hub, AWS WAF) to align with best practices.
Security Operations Tooling & Automation: Design, develop, and implement robust automation frameworks and tools using Python and SOAR to significantly improve security operations efficiency, response times, and overall security posture. Create automated responses to common alerts and integrate various security signals into a cohesive view.
Incident Response & Threat Hunting: Drive critical security incident response efforts, including complex root cause analysis and proactive remediation across multiple teams. Proactively hunt for threats by developing hypotheses from threat intelligence and analyzing logs from diverse sources.
Cross-functional Security Leadership: Act as a principal security advisor to internal users and engineering teams, strengthening and evangelizing Gusto’s security culture and secure coding practices. Provide expert guidance on secure AWS architecture and lead the implementation of security controls within CI/CD pipelines.
On-call Rotation
Participate in the on-call roster and be responsible for after-hours critical alert responses.
Leverage insights from on-call duties to proactively identify and suggest improvements to the codebase, system architecture, or team processes to reduce future incidents and improve the organization’s security posture.
Use on-call experiences to mentor other team members, share knowledge, and improve the team's overall incident response capabilities.
Minimum Requirements
8+ years of progressive experience in security operations, with a significant lead or senior technical role.
Demonstrated expertise in leading and optimizing security monitoring, incident response, and vulnerability management programs, including architecting detections, conducting complex investigations with root cause analysis, and establishing proactive threat intelligence strategies. Ability to define and enforce documentation standards that enhance organizational security posture.
Deep expertise in network security, firewall configurations, and advanced security protocols.
Strong operational proficiency with Linux environments, containerization technologies, and Kubernetes (K8s) security best practices.
A demonstrated track record of continuous learning and an innovative, proactive approach to evolving security challenges.
Extensive architectural understanding and hands-on experience in security within large-scale AWS cloud environments, including compliance.
Expertise in managing Identity and Access Management (IAM) permissions at scale using Infrastructure as Code (e.g., Terraform), including least privilege across diverse systems.
Advanced proficiency in Python for automation, tooling, and security engineering tasks.
In-depth expertise with enterprise-grade security tools including SIEM, EDR, SOAR, DLP, and vulnerability management platforms, including deployment, tuning, and optimization for organizational effectiveness.
Exceptional analytical and problem-solving skills with the ability to communicate findings and recommendations to both technical and non-technical stakeholders.
Preferred Qualifications
Extensive experience leading complex log analysis and digital forensics investigations in cloud and on-premise environments.
Proven experience leading and coordinating major security incident response efforts involving multiple teams and high-impact scenarios.
Deep understanding of vulnerability classes, exploitation techniques, and effective remediation strategies at scale.
Experience implementing and optimizing automated security tooling in CI/CD pipelines, including static analysis, dynamic analysis, and dependency scanning solutions like GitHub Dependabot.
Expertise in applying industry-standard security frameworks (e.g., NIST, ISO 27001, SOC 2) and benchmarks to improve organizational security posture and achieve compliance objectives.
Demonstrated ability to design and develop custom security tools and automation solutions to address unique organizational challenges.
Advanced security certifications (e.g., CISSP, CISM, GCIH, CCSP, AWS Certified Security - Specialty) are highly desirable.
Proven ability to anticipate emerging threats and proactively adapt security strategies based on evolving threat landscape and industry trends.
Compensation and Location Our cash compensation is targeted at $168,000-$188,000 in Denver, $204,000-$228,000 in New York, Seattle, and San Francisco Bay Area, and $136,000-$152,000 CAD in Toronto. Stock equity is additional. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.
Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale. The San Francisco office expectations encompass both the San Francisco and San Jose metro areas. When approved to work from a location other than a Gusto office, a secure, reliable internet connection is required.
Equal Opportunity and Accessibility Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other legally protected characteristics. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you require a medical or religious accommodation at any time throughout your candidate journey, please fill out this form and a member of our team will get in touch with you.
Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer and our Applicant Privacy Notice.
Data and Role Details Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: Software Development
#J-18808-Ljbffr
Senior Security Operations Engineer
role at
Gusto .
Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 400,000 businesses nationwide.
The Security Operations team fortifies Gusto and our customers against threats, including phishing, insider risk, data loss, and emerging techniques. Our distributed team in Eastern and Pacific time zones strategically designs, implements, and optimizes monitoring and response capabilities to ensure proactive threat detection and mitigation across the organization.
We are seeking a highly experienced Security Engineer with 8+ years of demonstrated experience to lead and contribute to advanced security operations and vulnerability management initiatives. You will drive strategic enhancements within our Vulnerability Management Program, spearhead security operations efforts, and mentor other engineers. Deep expertise in AWS cloud environments, incident response leadership, and strong Python scripting will be essential as you collaborate across multiple areas of the company.
What you’ll do day-to-day
Security Monitoring & Detection Engineering: Lead the strategy and execution of real-time security monitoring. Architect, build, and fine-tune high-fidelity detections, focusing on our AWS environment. Develop and implement improvements to group-level incident response processes, practices, and tools.
AWS Security Configuration & Automation: Drive continuous improvement and hardening of AWS security posture. Architect, deploy, and continuously enhance advanced security tools such as SIEM, EDR, DLP, and SOAR platforms, influencing their adoption and effectiveness beyond the immediate team. Model and configure AWS services (e.g., GuardDuty, Security Hub, AWS WAF) to align with best practices.
Security Operations Tooling & Automation: Design, develop, and implement robust automation frameworks and tools using Python and SOAR to significantly improve security operations efficiency, response times, and overall security posture. Create automated responses to common alerts and integrate various security signals into a cohesive view.
Incident Response & Threat Hunting: Drive critical security incident response efforts, including complex root cause analysis and proactive remediation across multiple teams. Proactively hunt for threats by developing hypotheses from threat intelligence and analyzing logs from diverse sources.
Cross-functional Security Leadership: Act as a principal security advisor to internal users and engineering teams, strengthening and evangelizing Gusto’s security culture and secure coding practices. Provide expert guidance on secure AWS architecture and lead the implementation of security controls within CI/CD pipelines.
On-call Rotation
Participate in the on-call roster and be responsible for after-hours critical alert responses.
Leverage insights from on-call duties to proactively identify and suggest improvements to the codebase, system architecture, or team processes to reduce future incidents and improve the organization’s security posture.
Use on-call experiences to mentor other team members, share knowledge, and improve the team's overall incident response capabilities.
Minimum Requirements
8+ years of progressive experience in security operations, with a significant lead or senior technical role.
Demonstrated expertise in leading and optimizing security monitoring, incident response, and vulnerability management programs, including architecting detections, conducting complex investigations with root cause analysis, and establishing proactive threat intelligence strategies. Ability to define and enforce documentation standards that enhance organizational security posture.
Deep expertise in network security, firewall configurations, and advanced security protocols.
Strong operational proficiency with Linux environments, containerization technologies, and Kubernetes (K8s) security best practices.
A demonstrated track record of continuous learning and an innovative, proactive approach to evolving security challenges.
Extensive architectural understanding and hands-on experience in security within large-scale AWS cloud environments, including compliance.
Expertise in managing Identity and Access Management (IAM) permissions at scale using Infrastructure as Code (e.g., Terraform), including least privilege across diverse systems.
Advanced proficiency in Python for automation, tooling, and security engineering tasks.
In-depth expertise with enterprise-grade security tools including SIEM, EDR, SOAR, DLP, and vulnerability management platforms, including deployment, tuning, and optimization for organizational effectiveness.
Exceptional analytical and problem-solving skills with the ability to communicate findings and recommendations to both technical and non-technical stakeholders.
Preferred Qualifications
Extensive experience leading complex log analysis and digital forensics investigations in cloud and on-premise environments.
Proven experience leading and coordinating major security incident response efforts involving multiple teams and high-impact scenarios.
Deep understanding of vulnerability classes, exploitation techniques, and effective remediation strategies at scale.
Experience implementing and optimizing automated security tooling in CI/CD pipelines, including static analysis, dynamic analysis, and dependency scanning solutions like GitHub Dependabot.
Expertise in applying industry-standard security frameworks (e.g., NIST, ISO 27001, SOC 2) and benchmarks to improve organizational security posture and achieve compliance objectives.
Demonstrated ability to design and develop custom security tools and automation solutions to address unique organizational challenges.
Advanced security certifications (e.g., CISSP, CISM, GCIH, CCSP, AWS Certified Security - Specialty) are highly desirable.
Proven ability to anticipate emerging threats and proactively adapt security strategies based on evolving threat landscape and industry trends.
Compensation and Location Our cash compensation is targeted at $168,000-$188,000 in Denver, $204,000-$228,000 in New York, Seattle, and San Francisco Bay Area, and $136,000-$152,000 CAD in Toronto. Stock equity is additional. Final offer amounts are determined by multiple factors including candidate experience and expertise and may vary from the amounts listed above.
Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale. The San Francisco office expectations encompass both the San Francisco and San Jose metro areas. When approved to work from a location other than a Gusto office, a secure, reliable internet connection is required.
Equal Opportunity and Accessibility Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other legally protected characteristics. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you require a medical or religious accommodation at any time throughout your candidate journey, please fill out this form and a member of our team will get in touch with you.
Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer and our Applicant Privacy Notice.
Data and Role Details Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: Software Development
#J-18808-Ljbffr