Security & Privacy Engineer

About Kustomer

Kustomer is the industry leading conversational CRM platform perfecting every customer experience. Built with intelligent tools such as AI and Automation, no code-configuration and a connected data platform that unifies data from multiple sources through a single timeline, Kustomer empowers businesses to operate with greater efficiency and deliver more personalized service to customers across any channel, making every interaction more meaningful and memorable. Today, Kustomer is the core platform for some of the leading customer service brands like Ring, Glovo, Away Travel, Priceline and Sweetgreen.

Kustomer was founded in 2015 by serial entrepreneurs Brad Birnbaum and Jeremy Suriel and has raised over $200M in funding backed by leading VCs. Meta announced its intention to acquire Kustomer in 2020 and completed the transaction in 2022. Kustomer joined Meta’s Business Messaging Group to transform the way people and businesses communicate through modern messaging channels. In 2023, Kustomer spun out from Meta as a standalone company backed by original partners, Battery, Redpoint and Boldstart Ventures, who have invested $60M in capital, ensuring Kustomer’s growth and success for many years to come.

Our Krew is made up of passionate and collaborative people who really care about what they do and the people they help. We look for people who are passionate about enhancing the customer service experience for everyone involved, as it's the core of what we do. We're growing our business with no plans of slowing down. We actively seek individuals who want to learn and be challenged every day. We have also transitioned to a remote friendly company, with Krew members located throughout the U.S. coming together for Kamp Kustomer each year.

Role Overview:

At Kustomer, we're committed to delivering exceptional experiences to our customers, embodying our core values of innovation, collaboration, and continuous improvement. We're seeking a Security and Privacy Engineer who embodies these principles and is driven to protect our digital environment. This role requires a unique blend of technical expertise, strategic thinking, and leadership to oversee our security operations and ensure compliance with the highest standards.

Responsibilities:

• Security Tooling Oversight: Direct ongoing optimization of security tools, with a focus on Lacework, to enhance threat detection and prevention capabilities.
• Bug Bounty Program Management: Elevate the bug bounty program, pinpointing and mitigating vulnerabilities effectively.
• Compliance Mastery: Spearhead efforts to achieve and maintain compliance with critical standards (SOC2, ISO27001, GDPR, US Privacy, PCI DSS) using Vanta as the primary framework.
• GitHub Security Excellence: Commit to elevating GitHub security standards, ensuring continuous improvement and high-quality security practices.
• CI/CD Security Innovation: Drive enhancements in CI/CD pipeline security, integrating best practices and cutting-edge security measures.
• DLP Alerting Ownership: Manage the Data Loss Prevention (DLP) alerting process with a proactive approach to identifying and mitigating risks.
• Security Project Leadership: Guide and execute key security-related projects, providing expert direction and leveraging technical know-how to protect corporate assets.
• Application Security Program Development: Craft and oversee a comprehensive application security strategy to safeguard information integrity, confidentiality, and availability.
• Secure Coding and Development Practices: Foster secure coding standards, integrate security measures into the development lifecycle, and ensure thorough source code testing and remediation.
• Security Policy and Training Programs: Formulate and update security policies, standards, and guidelines; launch security awareness training programs for all relevant stakeholders.
• Privacy Management: Manage and enforce privacy policies compliant with GDPR, CCPA, HIPAA, and other frameworks, ensuring data protection and confidentiality.
• Risk Management Framework: Establish a structured approach for information security risk assessments, including treatment and oversight of remediation efforts.
• Incident Response Management: Handle security incidents with precision, minimizing impact on corporate IT assets and the company's reputation.
• Threat Intelligence and Advisory: Keep abreast of emerging threats, advising management on effective response strategies to mitigate risks.
• Technical Problem Solving: Execute creative security solutions and conduct thorough technical troubleshooting to address and mitigate security vulnerabilities.
• Security Evaluation and Testing: Lead efforts in vulnerability assessments, penetration testing, and threat modeling to identify risks and validate the effectiveness of security measures.
  
  

Requirements:

• 5+ years in security and privacy engineering with a proven track record in adhering to key compliance standards (SOC2, ISO27001, GDPR, HIPAA, US Privacy PCI DSS).
• Demonstrates deep knowledge in GitHub security and CI/CD pipeline enhancements.
• Proficient in Python, Java, Ruby, Node, and/or Go
• Demonstrates excellent problem-solving with a keen eye for detail, thriving under pressure.
• Strong in communication, bridges teams and leaders for collaborative solutions.
• Strategically enhances interdepartmental projects with minimal guidance, especially with TechOps, Legal, and Engineering; driving them forward
• Utilizes data effectively to set project milestones and influence positive outcomes.
• Mentors peers, fostering a culture of problem-solving and operational improvement.
• Innovatively addresses challenges, showing strong autonomy in decision-making and project leadership.
  
  

HIPAA Compliance

All roles at Kustomer may involve handling sensitive personal data.

Benefits

Kustomer offers an array of benefits including competitive salaries, stock options, 100% healthcare coverage, 401K, WiFi and Mobile reimbursement, and a generous vacation policy.

Diversity & Inclusion at Kustomer

Kustomer is committed to bringing together individuals from different backgrounds and perspectives.

We strive to create an inclusive environment where everyone can thrive, feel a sense of belonging, and do great work together.We are proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, Veteran status, or any other legally protected status.

Disclaimer: Kustomer only contacts candidates from company email addresses ending in kustomer.com and does not seek funds from candidates in any circumstances.