Principal Engineer, Security Operations

1 Day ago • 4 Years +

Job Summary

Job Description

As a Principal Engineer, Security Operations at Vimeo, you will lead and implement security strategies to protect over 300 million users and their content. This includes identifying vulnerabilities, implementing security best practices, and automating security processes. You will also participate in incident response, conduct investigations, and collaborate with various teams. The ideal candidate should possess strong security knowledge, problem-solving skills, and excellent communication abilities. This remote role requires overlap with US (EST) business hours.
Must have:
  • 4+ years of experience in a security or operations role.
  • 2+ years experience with container and container orchestration systems
  • Strong knowledge of security best practices and industry standards.
  • Excellent problem-solving and communication skills.
Good to have:
  • Familiarity with common security tools and technologies.
  • Experience implementing zero trust network access.
  • Experience implementing identity lifecycle.
  • Experience with Crowdstrike and Wiz.
  • Experience with system security hardening guidelines and SDLC principles.

Job Details

Principal Engineer, Security Operations

The Principal Engineer, Security Operations at Vimeo will play a pivotal role in leading and implementing security strategies and initiatives designed to protect our vast user base of over 300 million users and their valuable content. This role requires close collaboration with multiple teams across the organization, including Development, DevOps, Infrastructure Security, Compliance, IT, and Product, to ensure a holistic and effective security posture.

You will be at the forefront of safeguarding sensitive user data and critical systems from a constantly evolving threat landscape. This includes proactively identifying and addressing vulnerabilities, implementing industry-standard security best practices, and driving the automation of security processes to enhance efficiency and scalability. Additionally, you will participate in incident response activities, conducting thorough investigations and implementing corrective actions to minimize the impact of security breaches.

The ideal candidate for this position is a highly motivated and skilled security professional with a proven ability to solve complex problems and work effectively in a team environment. You should have a strong understanding of security principles and technologies, as well as a passion for staying ahead of emerging threats. Excellent communication and interpersonal skills are also essential, as you will need to clearly articulate security risks and recommendations to both technical and non-technical stakeholders.

This role is remote and should be expected to overlap with US (EST) Business hours.. 

What you'll do: 

Incident Response

  • Act as the primary point of contact for security incidents detected by the MDR solution.
  • Analyze and triage alerts generated by the MDR platform, prioritizing based on severity and potential impact.
  • Coordinate and manage the incident response process, working closely with the MDR provider and internal teams.
  • Escalate incidents to appropriate internal teams or external parties as needed, following established procedures.
  • Develop and maintain incident response playbooks specific to MDR-related incidents.
  • Track and report on incident response metrics, including detection time, containment time, and resolution time.
  • Collaborate with the MDR provider to optimize detection rules and improve the overall effectiveness of the solution.

Security Engineering 

  • Conduct security assessments of our systems and infrastructure to identify vulnerabilities and risks, identify risk owners and implement mitigating controls. 
  • Implement and maintain security controls, including access controls, Zero trust network access (ZTNA), network segmentation, and security monitoring tools. 
  • Design and operate identity management, lifecycle, governance and SSO.
  • Implement and operate cloud security hardening and cloud security posture management across Google cloud and AWS. 
  • Develop and maintain security policies and procedures, and ensure compliance with industry and regulatory standards. 
  • Collaborate with SRE, AppSec and Information technology around vulnerability management, endpoint hardening, detection and response. 
  • Participate in incident response activities, including investigating security incidents and responding to security alerts. 
  • Collaborate with development and DevOps teams to implement security best practices throughout the software development and infrastructure lifecycle. 
  • Automate security processes using scripting and other automation tools.
  • Stay up-to-date with the latest security threats, vulnerabilities, and technologies. 
  • Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards 
  • Process improvements — help strengthen our own internal processes and procedures.

Skills and knowledge you should possess: 

  • 4+ years of experience in a security or operations role, preferably in a cloud-based Linux environment. 
  • 2+ years experience with container and container orchestration systems
  • Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience. 
  • Strong knowledge of security best practices and industry standards, such as NIST, CIS, and ISO. 
  • Relevant certifications such as CISSP, CCSP, GCP, or AWS Certified Security Specialty are a plus. 
  • Experience with security tools such as IDS/IPS, SIEM, vulnerability scanners, and endpoint protection. 
  • Experience with automation tools such as Terraform, Ansible, or Chef. 
  • Strong scripting skills using Python, shell, or other scripting languages. 
  • Excellent problem-solving skills and the ability to work well under pressure. 
  • Good communication and interpersonal skills.Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment. Confident with common SDLC components, like git, Jira, Jenkins, etc ● At least an upper-intermediate level of English 

Bonus points (nice skills to have, but not needed): 

  • Familiarity with common security tools and technologies, such as SIEM, EDR, and threat intelligence platforms.

Experience implementing zero trust network access such as Z-Scaler, Warp, Google beyondCorp etc. Experience implementing identity lifecycle including provisioning, quarterly access reviews, role management and deprovisioning. Understanding of FIDO2 and machine certificate authentication flowsExperience with Crowdstrike and WizExperience with system security hardening guidelines and SDLC principlesExperience with implementing Fedramp and/or HIPAA.

 
 

 

About Us:

Vimeo (NASDAQ: VMEO) is the world's most innovative video experience platform. We enable anyone to create high-quality video experiences to better connect and bring ideas to life. We proudly serve our community of millions of users – from creative storytellers to globally distributed teams at the world's largest companies – whose videos receive billions of views each month. Learn more at www.vimeo.com.
 
Vimeo is headquartered in New York City with offices around the world. At Vimeo, we believe our impact is greatest when our workforce of passionate, dedicated people, represents our diverse and global community. We’re proud to be an equal opportunity employer where diversity, equity, and inclusion is championed in how we build our products, develop our leaders, and strengthen our culture.

Similar Jobs

Google - Strategic Security Consultant

Google

Toronto, Ontario, Canada (On-Site)
2 Weeks ago
People Can Fly - Live Operations Technician

People Can Fly

Yonkers, New York, United States (Remote)
1 Month ago
DraftKings - Manager, System DBA Operations

DraftKings

Sofia, Sofia City Province, Bulgaria (On-Site)
5 Months ago
Palo Alto Networks - Principal Consultant, Incident Preparedness (Unit 42)

Palo Alto Networks

Saudi Arabia (On-Site)
1 Week ago
ByteDance - Incident Response Manager - Infrastructure Engineering

ByteDance

Singapore (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

The Workshop - Technical Operations Centre Manager

The Workshop

Tocancipá, Cundinamarca, Colombia (On-Site)
1 Month ago
NVIDIA - Senior Site Reliability Engineer - AI Research Clusters

NVIDIA

Pune, Maharashtra, India (On-Site)
2 Weeks ago
ION - Markets Governance, Risk and Controls Manager

ION

India (On-Site)
6 Months ago
techholding - Senior DevOps Engineer Azure

techholding

Ahmedabad, Gujarat, India (On-Site)
1 Day ago
Google - Red Teaming and Threat Emulation Consultant

Google

New South Wales, Australia (On-Site)
2 Weeks ago
People Can Fly - Live Operations Technician

People Can Fly

New York, United States (On-Site)
1 Month ago
Cirrus Logic - Senior Information Security Analyst (ASM/VM)

Cirrus Logic

Austin, Texas, United States (Hybrid)
3 Weeks ago
Tide - Offensive Security Engineer

Tide

Delhi, India (Hybrid)
1 Day ago
Survay Monkey - Fraud & Abuse Analyst

Survay Monkey

Ottawa, Ontario, Canada (Hybrid)
9 Hours ago
InfoStretch Corporation - Analyst II

InfoStretch Corporation

Sacramento, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in Worldwide

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Category Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

London, England, United Kingdom (On-Site)

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)

Bengaluru, Karnataka, India (On-Site)

London, England, United Kingdom (On-Site)

Singapore (On-Site)

Sydney, New South Wales, Australia (On-Site)

New York, New York, United States (On-Site)

Tokyo, Japan (On-Site)

Toronto, Ontario, Canada (On-Site)

View All Jobs

Get notified when new jobs are added by Vimeo

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug