Frame.io is changing the future of how videos are made by helping over 1 million creative professionals seamlessly collaborate from all over the world.
We’re backed by Accel, FirstMark, Insight Partners, SignalFire, Jared Leto, and a host of other amazing investors. Our market-leading product is used and loved by companies such as Turner, Disney, NASA, Snapchat, BBC, BuzzFeed, TED, Adobe, Udemy, and many more.
We’re in an exciting period of growth and are always seeking extremely talented and passionate individuals who share our vision for helping visual content creators produce their best work.
02About the Role
As a Senior member of the security team at Frame.io, you will have the opportunity to shape the security detection, operations and incident response processes. You will research and discover the latest threats on product, cloud infrastructure, workloads, containers and develop methods, queries and dashboard to detect and visualize events of interest. You will develop incident response playbooks to allow quick resolution of identified security events. Your mission will be to ensure that the attacks on Frame.io environment and customer content remain visible to the security team.
You'll work across many teams including infrastructure, engineering, product, and across multiple streams. We’re looking for someone that has deep technical expertise in threat detection, incident root cause analysis, querying and alerting using SIEM systems, automation, AWS cloud, and experience to join a fast-paced, growing team of security engineers tackling challenging problems at scale.
- Threat Detection: It's important to detect security incidents before they cause material damage to the business. You will detect attacks and prioritize, analyze and drive alerts to resolution. In the event an alert is identified as a security incident, you will kick off Incident Response. You will also participate in the security on-call rotation.
- Incident Response: You will rapidly scope, contain and eradicate threats, minimizing financial, legal, business and content losses. Services include but are not limited to root-cause analysis, memory and disk forensics, reverse engineering, network containment, threat eradication and postmortems. You will also develop and refine processes, plans and procedures and partner closely with Legal, Comms and other stakeholders across the business.
- Threat Intelligence: Instead of solely relying on a single data source or indicators (IP, Domain), you will correlate various data sources and publicly accessible information (open source threat intelligence feed) to create an end-to-end event chain. You will conduct research to keep up to date on threat actors and new TTPs.
- Extensive experience in detecting and responding to attacks
- Able to solve large, complex technical problems
- Excellent written and verbal communication skills; people are delighted when they read your blog posts, threat reports and/or postmortems
- Self-driven, autonomous and can contribute to the strategy and roadmap of the team
- Experience in one or more programming languages (Python, Node.js, Go) and automating threat detection and response activities
- Detecting and responding to evolving threats requires visibility into the system and infrastructure. You will collect, develop, refine and deploy threat detection and intelligence to products
- Knowledge of MITRE attacks and frameworks
- Experience in analyzing and correlating large security datasets in the cloud using ElasticSearch to detect attacks
- You will develop threat reports to inform stakeholders, projects and priorities
- Experience in developing incident response playbooks and automation
- Knowledge and experience in threat detection and incident response in AWS and its services
- Competitive salary and equity
- Paid parental leave for primary or secondary caregivers
- Unlimited PTO and designated Volunteering paid time off
- Yearly stipend for learning and development
- Medical, Dental, Vision Insurance and OneMedical membership
- Flexible Spending Account
- Monthly Work from Home Stipend
- 1 paid company-wide holiday for each month in the calendar year
- All-company week-long winter and summer breaks
Our philosophy is simple. At Frame.io, we believe that working with people of different backgrounds and perspectives allows us to elevate each other and helps us build a better product for our users.
We're proud to be an equal opportunity employer, and are committed to providing all employees with a work environment that celebrates individuality and remains free from any form of discrimination and harassment. We based our employment decisions on the needs of our business, job requirements and applicants' qualifications. In other words, we only care that you're the best person for the job.