A bit about us
Arlo is an award-winning global business with our HQ in Wellington, New Zealand, and offices in the UK and Canada.
This role is primarily based in our brand new water-front office in Petone, Wellington – coffee with ocean views is incomparable – with flexibility to choose where you work from 2 days a week.
We believe that human interaction is still at the heart of effective learning. Blending that philosophy with the latest e-learning tech, Arlo is fast becoming the preferred solution of choice for commercial training providers globally.
Arlo has been developed as the definitive tool to run a training operation, helping our clients save time, grow sales and transform how their training is delivered. With customers in over 70 countries and processing over $1B since conception, Arlo is the realization of that vision.
While our customers are as critical to our success as we are to theirs, our people are the heart and soul of Arlo. We aren’t just a group of people who work together. We connect and care about each other. We have fun and we work through the challenges together. We are committed to providing an excellent working environment supporting a balance between work, family, and personal life while driving productivity and connection.
What you’ll do
As the Lead Security Engineer, you will lead the implementation and operation of security tools and processes to support Arlo’s product and platform security. . Driving the way forward for Security at Arlo, we have a passion for problem-solving and educating our developers in building modern and adaptable security services. You are both an individual contributor and team player who will get to work with a small tight-knit group of outstanding engineers in our waterfront office.
You will be responsible for:
- Work with the CISO/Security Owner on the direction and delivery of the information security strategy and roadmap.
- Establish and influence the uptake of best information security practices across all teams.
- Lead the development of good application and platform security practices, help raise awareness and train the teams.
- Lead Arlo’s Security Operations (SecOps), including the security incident management and response
- Coach and mentor security engineers to drive career progression within the company
- Assess technical compliance of the Arlo platform (Arlo policies, PCI DSS, GDPR, ISO 27001…)
- Participate in our rotating 24/7 on-call roster.
- Raise awareness and help the development team with security best practices and automation of security throughout the SDLC.
- Help develop software security guidance including best practices (e.g. OWASP), secure coding checklists, and reusable code patterns.
- Define and maintain high-level security architecture principles for the Arlo Platform.
- Work within platform teams to ensure we follow secure practices for infrastructure and solution design, patching, backup, logging, monitoring, etc.
- Ensure we have good Identity and Access Management (IAM) practices for Azure, AWS, and the platform.
- Define and maintain identity controls (password, MFA, SSO, conditional access, etc).
Security Operations, incident monitoring, and response
- Monitor the security of Arlo’s production environments, and respond to security incidents.
- Triage vulnerabilities discovered by our scans, pentests, and disclosures from security researchers, and help remediate them on a timely basis.
- Help resolve issues and problems with the customer, product, and platform teams, coordinating incident responses, performing root cause analysis, and implementing mitigating actions.
- Securely manage keys, secrets, and certificates (SSL, etc.).
Security assurance and compliance
- Work with the CISO to help define and implement the Security and Privacy Continuous Improvement Plan for the Arlo platform.
- Work with the CISO/Security Owner to ensure Arlo follows good security and privacy practices for its products and platforms, in line with our policies and different legal and contractual obligations (ISO/IEC 27001, PCI DSS…).
- Stay on top of industry best practices and trends, as well as changes to compliance requirements.
What you’ll bring
- At least 5 years of security experience
- Experience working in an AWS environment, using Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
- Experience working with security and compliance processes and monitoring tools, including application security testing, code package dependency, and OSS scanning tools.
- Experience working with a Microsoft deployment stack, including .NET, Windows Server, IIS, and SQL Server.
- Results-driven mentality, self-motivated, enthusiastic, and with a “can do” attitude.
- Microsoft deployment stack, including .NET, Windows Server, IIS, and SQL Server.
- Scripting and cross-platform integrations, cloud APIs, service, and webhooks.
- Strong analytical skills, with the ability to translate data into insights.
- Strong communication and interpersonal skills with the ability to effectively listen and communicate information clearly and concisely.
Nice to have (but not essential) experience with:
- One or more security-related professional certifications (eg. CISSP, CCSP, CEH, CISM).
- Experience implementing controls against various frameworks such as NIST CSF, CIS, ISO/IEC 27001 and SOC2 .
- Hands-on knowledge of Microsoft Sentinel, Datadog, Azure Application Insights, PagerDuty.
Please apply now with your CV and a cover letter letting us know a bit about you and what you would bring to the role. We are reviewing applications as we go, so apply today