Gusto
Join to apply for the
Senior Security Operations Engineer
role at
Gusto About Gusto
At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff—like payroll, health insurance, 401(k)s, and HR—so owners can focus on their craft and customers. With teams in Denver, San Francisco, and New York, we’re proud to support more than 400,000 small businesses across the country, and we’re building a workplace that represents and celebrates the customers we serve. Learn more about our Total Rewards philosophy. The Security Operations team at Gusto plays a critical leadership role in fortifying Gusto and our customers against the most sophisticated threats, encompassing phishing attacks, insider risks, data loss, and emerging attack techniques. Our distributed team across Eastern and Pacific time zones strategically designs, implements, and optimizes our monitoring and response capabilities, ensuring proactive and impactful threat detection and mitigation across the organization. We are seeking a highly experienced and influential Security Engineer with 6+ years of demonstrable experience to lead and significantly contribute to advanced security operations and comprehensive vulnerability management initiatives. In this pivotal role, you will drive strategic enhancements within our Vulnerability Management Program and spearhead critical security operations efforts. Your deep expertise in AWS cloud environments, proven ability to lead incident response investigations, and strong proficiency in Python scripting will be essential as you collaborate and influence multiple areas of the company. This is an exceptional opportunity to shape Gusto's security posture and mentor other engineers in a dynamic and high-impact setting. Here’s What You’ll Do Day-to-day
Security Monitoring & Detection Engineering: Lead the strategy and execution of our real-time security monitoring capabilities. Architect, build, and fine-tune high-fidelity detections, with a strong focus on our AWS environment. Develop and implement improvements to group-level incident response processes, practices, and tools. AWS Security Configuration & Automation: Drive the continuous improvement and hardening of our AWS security posture. Architect, deploy, and continuously enhance advanced security tools such as SIEM, EDR, DLP, and security orchestration and automation platforms, influencing their adoption and effectiveness beyond the immediate team. Actively model and configure AWS services (e.g., GuardDuty, Security Hub, AWS WAF) to align with best practices. Security Operations Tooling & Automation: Design, develop, and implement robust automation frameworks and tools using Python and SOAR tools to significantly improve security operations efficiency, response times, and overall security posture across the organization. This includes creating automated responses to common alerts and integrating various security signals into a cohesive view. Incident Response & Threat Hunting: Drive critical security incident response efforts, including complex root cause analysis and proactive remediation planning across multiple teams. Proactively hunt for threats within our AWS and corporate environments by developing hypotheses based on threat intelligence and analyzing logs from various sources. Cross-functional Security Leadership: Act as a principal security advisor to internal users and engineering teams, proactively strengthening and evangelizing Gusto’s security culture and secure coding practices. Provide expert guidance on secure AWS architecture and lead the implementation of security controls within CI/CD pipelines. Participate In The On-call Rotation
As a key member of the team, you will participate in the on-call roster and be responsible for any after-hours critical alert responses. Leverage insights from on-call duties to proactively identify and suggest improvements to the codebase, system architecture, or team processes to reduce future incidents and improve the organization’s security posture. Use on-call experiences to mentor other team members, share knowledge, and improve the team's overall incident response capabilities. Minimum Requirements
6+ years of progressive experience in security operations, with a significant portion in a lead or senior technical role. Demonstrated expertise in leading and optimizing security monitoring, incident response, and vulnerability management programs. Deep expertise in network security, firewall configurations, and advanced security protocols Strong operational proficiency with complex Linux environments, containerization technologies, and Kubernetes (K8s) security best practices. A demonstrated track record of continuous learning and an innovative, proactive approach to identifying and addressing evolving security challenges across the industry. Extensive architectural understanding and hands-on experience in security within a large-scale AWS cloud environment, including best practices and compliance. Expertise in managing complex Identity and Access Management (IAM) permissions at scale using Infrastructure as Code (e.g., Terraform), including defining and implementing least privilege principles across diverse systems. Advanced proficiency in Python for automation, tool development, and security engineering tasks. In-depth expertise with enterprise-grade security tools including SIEM, EDR, SOAR, DLP, and advanced vulnerability management platforms, with experience in their deployment, tuning, and optimization for organizational effectiveness. Exceptional analytical and problem-solving skills for complex security challenges, with a proven ability to articulate findings, technical solutions, and strategic recommendations to both technical and non-technical stakeholders across the organization. Preferred Qualifications
Extensive experience leading complex log analysis and digital forensics investigations in cloud and on-premise environments Proven experience leading and coordinating major security incident response efforts involving multiple teams and high-impact scenarios. Deep understanding of vulnerability classes, exploitation techniques, and effective remediation strategies at scale. Experience implementing and optimizing automated security tooling in CI/CD pipelines, including static analysis, dynamic analysis, and dependency scanning solutions like GitHub Dependabot. Expertise in applying and tailoring industry-standard security frameworks (e.g., NIST, ISO 27001, SOC 2) and benchmarks to improve organizational security posture and achieve compliance objectives. Demonstrated ability to design and develop custom security tools and automation solutions to address unique organizational challenges. Advanced security certifications (e.g., CISSP, CISM, GCIH, CCSP, AWS Certified Security - Specialty) are highly desirable. Proven ability to anticipate emerging threats and proactively adapt security strategies based on the evolving threat landscape and industry trends. Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures.
#J-18808-Ljbffr
Senior Security Operations Engineer
role at
Gusto About Gusto
At Gusto, we're on a mission to grow the small business economy. We handle the hard stuff—like payroll, health insurance, 401(k)s, and HR—so owners can focus on their craft and customers. With teams in Denver, San Francisco, and New York, we’re proud to support more than 400,000 small businesses across the country, and we’re building a workplace that represents and celebrates the customers we serve. Learn more about our Total Rewards philosophy. The Security Operations team at Gusto plays a critical leadership role in fortifying Gusto and our customers against the most sophisticated threats, encompassing phishing attacks, insider risks, data loss, and emerging attack techniques. Our distributed team across Eastern and Pacific time zones strategically designs, implements, and optimizes our monitoring and response capabilities, ensuring proactive and impactful threat detection and mitigation across the organization. We are seeking a highly experienced and influential Security Engineer with 6+ years of demonstrable experience to lead and significantly contribute to advanced security operations and comprehensive vulnerability management initiatives. In this pivotal role, you will drive strategic enhancements within our Vulnerability Management Program and spearhead critical security operations efforts. Your deep expertise in AWS cloud environments, proven ability to lead incident response investigations, and strong proficiency in Python scripting will be essential as you collaborate and influence multiple areas of the company. This is an exceptional opportunity to shape Gusto's security posture and mentor other engineers in a dynamic and high-impact setting. Here’s What You’ll Do Day-to-day
Security Monitoring & Detection Engineering: Lead the strategy and execution of our real-time security monitoring capabilities. Architect, build, and fine-tune high-fidelity detections, with a strong focus on our AWS environment. Develop and implement improvements to group-level incident response processes, practices, and tools. AWS Security Configuration & Automation: Drive the continuous improvement and hardening of our AWS security posture. Architect, deploy, and continuously enhance advanced security tools such as SIEM, EDR, DLP, and security orchestration and automation platforms, influencing their adoption and effectiveness beyond the immediate team. Actively model and configure AWS services (e.g., GuardDuty, Security Hub, AWS WAF) to align with best practices. Security Operations Tooling & Automation: Design, develop, and implement robust automation frameworks and tools using Python and SOAR tools to significantly improve security operations efficiency, response times, and overall security posture across the organization. This includes creating automated responses to common alerts and integrating various security signals into a cohesive view. Incident Response & Threat Hunting: Drive critical security incident response efforts, including complex root cause analysis and proactive remediation planning across multiple teams. Proactively hunt for threats within our AWS and corporate environments by developing hypotheses based on threat intelligence and analyzing logs from various sources. Cross-functional Security Leadership: Act as a principal security advisor to internal users and engineering teams, proactively strengthening and evangelizing Gusto’s security culture and secure coding practices. Provide expert guidance on secure AWS architecture and lead the implementation of security controls within CI/CD pipelines. Participate In The On-call Rotation
As a key member of the team, you will participate in the on-call roster and be responsible for any after-hours critical alert responses. Leverage insights from on-call duties to proactively identify and suggest improvements to the codebase, system architecture, or team processes to reduce future incidents and improve the organization’s security posture. Use on-call experiences to mentor other team members, share knowledge, and improve the team's overall incident response capabilities. Minimum Requirements
6+ years of progressive experience in security operations, with a significant portion in a lead or senior technical role. Demonstrated expertise in leading and optimizing security monitoring, incident response, and vulnerability management programs. Deep expertise in network security, firewall configurations, and advanced security protocols Strong operational proficiency with complex Linux environments, containerization technologies, and Kubernetes (K8s) security best practices. A demonstrated track record of continuous learning and an innovative, proactive approach to identifying and addressing evolving security challenges across the industry. Extensive architectural understanding and hands-on experience in security within a large-scale AWS cloud environment, including best practices and compliance. Expertise in managing complex Identity and Access Management (IAM) permissions at scale using Infrastructure as Code (e.g., Terraform), including defining and implementing least privilege principles across diverse systems. Advanced proficiency in Python for automation, tool development, and security engineering tasks. In-depth expertise with enterprise-grade security tools including SIEM, EDR, SOAR, DLP, and advanced vulnerability management platforms, with experience in their deployment, tuning, and optimization for organizational effectiveness. Exceptional analytical and problem-solving skills for complex security challenges, with a proven ability to articulate findings, technical solutions, and strategic recommendations to both technical and non-technical stakeholders across the organization. Preferred Qualifications
Extensive experience leading complex log analysis and digital forensics investigations in cloud and on-premise environments Proven experience leading and coordinating major security incident response efforts involving multiple teams and high-impact scenarios. Deep understanding of vulnerability classes, exploitation techniques, and effective remediation strategies at scale. Experience implementing and optimizing automated security tooling in CI/CD pipelines, including static analysis, dynamic analysis, and dependency scanning solutions like GitHub Dependabot. Expertise in applying and tailoring industry-standard security frameworks (e.g., NIST, ISO 27001, SOC 2) and benchmarks to improve organizational security posture and achieve compliance objectives. Demonstrated ability to design and develop custom security tools and automation solutions to address unique organizational challenges. Advanced security certifications (e.g., CISSP, CISM, GCIH, CCSP, AWS Certified Security - Specialty) are highly desirable. Proven ability to anticipate emerging threats and proactively adapt security strategies based on the evolving threat landscape and industry trends. Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures.
#J-18808-Ljbffr