Senior Security Engineer

Company Description
Reverb is the largest online marketplace dedicated to buying and selling new, used, and vintage musical instruments. Since launching in 2013, Reverb has grown into a vibrant community of buyers and sellers all over the world. By focusing on inspiring content, price transparency, musician-focused e-commerce tools, a music-savvy customer service team, and more, Reverb has created an online destination where the global music community can connect over the perfect piece of music gear.
We love working at Reverb because we're making the world more musical-through our marketplace and through Reverb Gives, which provides musical instruments to youth music education programs. We were named a "Best Place to Work" by Built in Chicago and a "Top Workplace'' by the Chicago Tribune.
Salary Range:
$136,000.00 - $176,000.00
We are looking for a seasoned security professional to join our enthusiastic team of security engineers. We are a quickly growing team who value collaboration, authenticity, feedback, creative problem-solving, humility, and trust. Our team works with multiple security domains including application, cloud, and corporate security. Engineers on our team get the opportunity to explore multiple different security areas and grow themselves into areas they may not have worked in before. By taking a broad approach to security, our team ensures that every aspect of Reverb's business is safeguarded against potential breaches and vulnerabilities.
As a member of our team, you will play a pivotal role in safeguarding our systems, code, networks, and customers from potential security threats. Your expertise in crafting, implementing, and managing security solutions will be essential in maintaining the integrity and availability of our services. You will work with teams across Reverb to build thoughtful solutions that balance our operational needs, customer experience and security requirements. We care deeply about encouraging an environment that promotes fulfilling and impactful work. You'll play an active role in selecting the projects and initiatives that are both exciting to you as well as meaningful to our company security posture. This is a full-time, hybrid position located in Chicago, reporting to the Security Engineering Manager.
Responsibilities

• Lead the design, implementation, and maintenance of comprehensive security strategies and solutions to protect our networks, systems, and applications.
• Conduct detailed security assessments to identify vulnerabilities and weaknesses in our infrastructure and applications.
• Develop and enforce security policies and standards across the organization.
• Collaborate with development and operations teams to integrate security practices into the software development lifecycle (SDLC).
• Keep up with emerging security threats, vulnerabilities, and industry trends to ensure proactive defense mechanisms.
• Lead incident response efforts, conduct post-incident analysis, and implement corrective actions to prevent future occurrences.
• Mentor and provide guidance to junior security team members, fostering their professional growth and skills development.
• Engage peer teams in collaboration efforts to address security concerns and provide recommendations for risk reduction.
• Evaluate and select security technologies and tools to enhance the organization's security posture.

Qualifications

• Extensive experience in any relevant security domain and deep knowledge of at least one of the following area:
  
  • Cloud Security
  • Application Security
  • DevSecOps
  • Corporate Security
• Familiarity with frameworks such as OWASP top 10, CIS Controls, and NIST CSF
• Hands-on experience with security tools; such as EDR/XDR, WAF, SIEM, SAST/DAST, DLP, PAM, IDS/IPS, etc.
• Proficiency in scripting and programming languages (e.g., Python, Java, Bash, Ruby, Node) to automate security tasks.
• Excellent problem-solving skills and the ability to think critically under pressure.
• Strong communication skills to effectively collaborate with technical and non-technical partners.
• Proven track record of leading security initiatives and driving projects to successful completion.

Nice to Have

• Development experience in Ruby, Ruby on Rails, or Node
• Experience working with and implementing Terraform
• Familiarity with WAF or CDN technologies, including Cloudflare
• Hands on knowledge of AWS Security including: IAM, SecurityHub, GuardDuty, Inspector, Detector, Config, etc
• Understanding of Kubernetes

Additional Information
Remote-eligible roles (as indicated in the location header of each job description) are available in all U.S. states except Alaska and Hawaii. Remote roles are currently only available within the U.S. unless otherwise specified in the specific job description.
Reverb offers compensation packages that include base, bonus, and equity in the form of Etsy restricted stock units. Some of our key benefits include but are not limited to the following:• 100% paid premiums for medical, dental, and vision coverage for the employee, spouse or domestic partner, and all eligible dependents. Medical coverage includes gender affirming care.• Life, AD&D, and supplemental long-and short-term disability insurance• A matching 401(k)• A generous PTO policy that includes vacation, sick/mental health days plus 11 paid holidays and two floating holidays• Professional development and continued learning opportunities through access to mentoring, 1:1 coaching, and platforms like Skillsoft, LinkedIn Learning and Codecademy• 18 weeks of gender-neutral parental leave for the birth or adoption of a child• Up to $25,000 reimbursement of adoption and/or surrogacy related expenses• Paid sabbatical program• $1,000 annual work/life stipend• Access to free supplemental online mental health services and meditation apps• Ways to give back to your community through a charitable contribution match and volunteer time off
At Reverb, we believe that a diverse, equitable and inclusive workplace makes us a more relevant and resilient company. We welcome people from all backgrounds, ethnicities, cultures, and experiences. Reverb is an equal opportunity employer. We do not discriminate on the basis of race, color, ancestry, religion, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender identity or expression, veteran status, or any other legally protected status. We will ensure that individuals with disabilities are provided a reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. If, due to a disability, you need an accommodation during any part of the interview process, please let your recruiter know.
We know that the impostor syndrome and confidence gap are real. Please do not hesitate to apply!