Security Engineer
Interested in defining how AI shapes the future of work? Cresta is on a mission to make every knowledge worker 100x as effective, 10x faster and 10x better. Cresta is focused on using AI to help the workforce, not replace them. Cresta uses our patented Expertise AI to uncover expert insights from every conversation and put those insights into action with real-time coaching during customer conversations. We’re growing fast! Spun out of the Stanford AI lab and chaired by Google-X founder Sebastian Thrun, Cresta launched in 2020. Since then, we’ve grown revenue and our team by 300%! We’ve assembled a world-class team of AI and ML experts, go-to-market leaders, and top-tier investors and advisors including Andreessen Horowitz, Greylock Partners, Sequoia, and former AT&T CEO John Donovan. Our valued customers include brands like Intuit, Porsche, Adobe, and Dropbox and we have been recognized as a startup to watch by Business Insider, Forbes, and Gartner to name a few. We have huge ambitions and are looking for stellar candidates who have an entrepreneurial mindset and are excited to use cutting-edge AI to solve real-world business problems.
Cresta is seeking a passionate individual with solid security engineering experience to support the security & compliance team and enable growing global data protection and cybersecurity efforts.
What you'll do:
- Detect, defend, and respond to threats to Cresta and its customers
- Support SOC 2 Type II, ISO 27001 & 27701, PCI-DSS, TISAX and HIPAA audit processes with technical controls and evidence
- Perform security audits of Cresta’s products and cloud infrastructure and drive remediation of security risks
- Improve and monitor Cresta’s vulnerability management program to ensure we’re monitoring and mitigating known vulnerabilities
- Influence Cresta’s product security roadmap to further secure our customers
What we look for:
- Ambitious, passionate and results-oriented, with excellent interpersonal and communication skills
- 4+ years of experience in application security engineering and cloud security (AWS/GCP)
- Security domain knowledge across many cyber security disciplines
- Experience in static code analysis and remediation
- Experience in security operations (SOC) and incident response
- Experience in manual penetration testing of web applications & APIs is a plus