Company Overview
About Rocketlane:
We are Rocketlane, a high-octane, dynamic SaaS company that has quickly grown to become a global leader in customer onboarding and professional services automation. Our mission is to deliver chaos-free, consistent, and accelerated B2B customer onboarding and client project delivery across industries.
The Team
We’re a mighty group of ~100 passionate individuals excited about building a product that professional services and customer onboarding teams and leaders love. We have raised $21M (and we rapped about it!) in funding led by 8VC, Matrix Partners and Nexus Venture Partners.
Role Overview
As a Senior Security Engineer, you will safeguard our systems, data, and infrastructure. You’ll work closely with product, engineering, and compliance teams to design, implement, and maintain robust security practices. Your primary responsibility is to ensure the security of the Rocketlane platform and protect our client’s sensitive information. You’ll also be able to influence strategic security decisions, lead incident response, and continuously enhance our security posture.
Rocketlane complies with SOC 1, SOC 2, ISO 27001, HIPAA, GDPR, and CSA Star Level 1 certifications. You will work closely with the engineering team to ensure continued compliance.
Key Responsibilities
Code Security and Vulnerability Management
• SAST Scanning: Manage a Static Application Security Testing (SAST) scanner to identify and assess vulnerabilities within the codebase. Lead remediation efforts with development teams to ensure vulnerabilities are efficiently addressed.
• DAST Scanning: Maintain a Dynamic Application Security Testing (DAST) scanner, focusing on detecting runtime vulnerabilities. Drive remediation actions to minimize exposure to threats in live environments.
• Repository Management: Regularly monitor project repositories to identify and remediate Dependabot-reported vulnerabilities, ensuring up-to-date and secure dependencies.
Application Security Testing and Vulnerability Reporting
• Conduct rigorous application security testing to uncover potential security gaps within Rocketlane. Document and report findings, providing actionable insights to developers and product teams.
•Facilitate a feedback loop with engineering teams, enabling prompt vulnerability remediation and enhancing the overall security posture of our applications.
Data Center and Cloud Security
• Monitor, maintain, and continuously enhance AWS security practices, adhering to the AWS CIS Security Foundations Benchmark.
• Perform regular audits and assessments of AWS configurations to detect deviations from best practices
• Provide proactive recommendations for improving cloud security settings
Qualifications
• Experience: 5+ years in information security, focusing on cloud-based SaaS environments.
• Technical Skills: Deep knowledge of cloud security (AWS) and web application security, as well as familiarity with security tools like SIEM, IDS/IPS, vulnerability scanners, and PEN testing suites like BURP Suite.
• Programming Skills: Proficiency in one or more languages (e.g., Python, Go, or JavaScript) to support automation and scripting needs.
• Soft Skills: Excellent communication skills, with the ability to translate complex security concepts into practical guidance for cross-functional teams.
• Mindset: A proactive, problem-solving attitude with a strong commitment to staying current with security trends and threats.