Security Engineer, Corporate Security Fitbit
San Francisco, CA

Job Description

At Fitbit, our mission is to help people lead healthier, more active lives by empowering them with data, inspiration and guidance to reach their goals.

We started our journey in 2007-as a team of two with one big idea. Since then, we've grown to over 1,500 employees, sold over 60mm devices, and built a health and fitness community across the globe. In fact, the Fitbit Community has taken enough steps to walk from the Sun to Pluto! Offering award-winning products, a top-rated mobile app and an easy-to-use online dashboard, Fitbit provides personalized experiences that help our users reach their goals. With a reenergized focus on innovative devices, interactive experiences, and enterprise health we are transforming the way consumers and businesses see health & fitness.

From your first steps as a Fitbitter, you will be at the forefront of developing new products. Our culture combines the spirit of startup with the perks of being public. We offer a competitive benefits package and amazing perks like unlimited snacks, Friday happy hours, onsite workout classes, and a strong focus on a healthy work-life balance. As part of our team, you'll have the opportunity to grow your career, contribute your ideas to life-changing products and services, and-above all-have fun doing it.

Fitbit's HQ campus is located in the heart of San Francisco with office locations in Boston, San Diego and around the world. Think you've found your fit?

We are looking for Corporate Security Engineer who can be a strong security partner for our corporate teams, as well as help protect and improve a broad slice of our operations.

The Team

We have assembled a team of dedicated security professionals who are passionate about protecting Fitbit and growing themselves. We value:

* Collaboration over competition
* Improvement over perfection
* Pragmatism
* Direct feedback
* Continuous improvement

We also pride ourselves on our team sense of humor and on maintaining a work/life balance.

The Role

* Security assessment
* Master our corporate and manufacturing infrastructure
* Perform security assessments of corporate and manufacturing services
* Oversee the vulnerability management, covering production, corporate and manufacturing
* Assist with Product Security's infrastructure assessment efforts
* Visibility, monitoring and automation
* Design and oversee log collection infrastructure
* Work with partners in IT and Engineering to improve log coverage and quality
* Assist with Incident Response's security detection and response automation efforts
* Assist with Product Security's infrastructure monitoring efforts
* Mitigation and control engineering
* Design and help implement security controls across corporate endpoints, infrastructure and applications
* Collaborate with IT, Security and Manufacturing to improve security critical infrastructure in corporate and manufacturing environments
* Provide security guidance on core infrastructure projects and projects
* Provide security domain expertise on protective controls, including system, network, encryption, and authentication services

Technical Requirements

To be successful at this role it will require a broad understanding of how companies like Fitbit use technology. Our tooling is focused not only on our corporate environment but also on Fitbit's customer-facing infrastructure.

We expect experience and familiarity with:

* Modern security tooling
* Security Information and Event Managers (SIEMs; e.g. Splunk, ELK)
* Endpoint Detection and Response (e.g. CarbonBlack, Crowdstrike, OSQuery)
* Email security technologies and platforms
* Cross-platform infrastructure security
* Corporate endpoints (e.g. MacOS, Windows, Linux)
* Cloud services (e.g. GCP, AWS)
* Container and VM environments (e.g. Mesos, vSphere, Docker)
* Enterprise security infrastructure
* Identity providers (e.g. Active Directory, SSOs, SAML)
* Patching and policy (e.g. JAMF, SCCM, WSUS)
* Secret stores (e.g. Windows CA, HSMs, Hashicorp Vault)
* Vulnerability management (e.g. Tenable.sc)
* Security-focused scripting and automation
* PowerShell
* Python, Ruby, or Golang

Fitbit is proud to be an equal opportunity employer. We recruit, hire, train, promote, pay, and administer all personnel actions without regard to race, color, ancestry, national origin, citizenship, religion, age, sex (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), sex stereotyping (including assumptions about a person's appearance or behavior, gender roles, gender expression, or gender identity), sexual orientation, gender, gender identity, gender expression, marital status, medical condition, mental or physical disability, military or veteran status, genetic information or other statuses protected by law. We interpret these protected statuses broadly to include both the actual status and any perceptions and assumptions made regarding these statuses.

San Francisco applicants: Pursuant to the San Francisco Fair Chance Ordinance Fitbit will consider for employment qualified applicants with arrest and conviction records.