Security Engineer

FIGS is looking for a Security Engineer to join the Cyber Security team. As a member of the Cyber Security team, you will have the opportunity to create as well as to operate. We believe that security is everyone's responsibility so you will influence and learn from as many of the people around you as you can. We also believe in transparency and the sharing of knowledge so everything we do should be defensible and documented. We are looking for someone with an established hands-on cyber security background in at least 2-3 environments and has seen a few good ways and a few bad ways to deploy cyber security. Our ideal candidate is a critical thinker, a continuous learner, a communicator and a collaborator. You must be proficient in endpoint management and security standards and tools such as EDR/XDR, MDM, and DLP. In this role, you will report directly to the Director of Cyber Security.

What you'll do:

• Work daily on MDM configurations in Intune and Kandji, SAML/SSO with Okta, Netskope DLP, Crowdstrike Falcon understand but also write regex expressions
• Set guidance on hardening standards and patch management
• Work with Cloud Identity Providers, SCIM, SIEM, SOAR, and EDR Deployments and Integrations
• Maintain Google Workspace administration including DMARC, SPF, DKIM records, eliminate duplicate functions (GDrive, Box, Dropbox, etc.)
• Run phishing campaigns, perform or coordinate pentesting with third-parties
• Coordinate with Developers to build software BOM, DAST then SAST in CI/CD
• Coordinate with SREs to set AWS account, logging, standards, monitor for non-compliance
• Configure alerts and coordinate with other teams to respond to alerts from all of the above
• Cyber security incident handler

About you:

• 8-10 years of experience within cyber security
• Working knowledge of the broader threat landscape
• Experience working with Public cloud environments (AWS, Azure and GCP)
• Experience administering centralized logging infrastructure (including SIEM and SOAR) and writing alerts for security events
• Strong security skills that would include hands-on experience with Bluecoat, Symantec, McAfee, Checkpoint, Cisco, Juniper
• Prior knowledge of and experience with MITRE ATT&CK and NIST 800-61 is advantageous
• Prior experience with other Cloud Security solutions is advantageous (Netskope, Zscaler, Forcepoint, McAfee, Symantec)
• Previous experience with AWS well architected framework
• Any security-focused certifications (e.g. CISSP, GSEC, CCSK, CCSP, CCSE, GCFW, PCNSE, JNCIS-SEC/JNCIP-ENT, GCIH, CISM, CISA, etc) are a benefit but not required
• Previous hands-on experience as a Google Workspace Administrator is a huge plus
• Bonus points if you can calculate risk
• Can be fully remote

What you'll bring:

• Proven work ethic and integrity
• Positive attitude and willingness to teach others how they like to be taught
• Desire to excel, learn, and grow with FIGS
• Aspiration to create change and make an immediate impact
• Entrepreneurial spirit and egoless nature

FIGS Compensation and Benefits

Pay Range

• At FIGS, your base salary is one part of your total compensation package. This role's base salary range is between $112,000 and $160,000. Actual base salary is determined based on a number of factors, including but not limited to your relevant skills, qualifications, and years of experience.

Additional Compensation and Benefits

• Equity: All FIGS employees have the opportunity to own shares of FIGS stock through our new-hire equity program. Additionally, FIGS provides a discount when purchasing FIGS stock voluntarily through our FIGS Employee Stock Purchase Plan
• Annual bonus: This position is eligible to participate in the FIGS annual bonus program

• Other compensation and benefits offered include:
• Comprehensive benefits and perks package focused on your well-being, including premium medical, dental and vision coverage, and full access to wellness services through Ginger, Headspace, and Gympass. 100% FIGS-sponsored life insurance and disability insurance
• Amazing 401(k) program, with a company match up to the first 6% of your contribution
• Generous paid time off - We have 11 company holidays. For salaried team members, we offer flexible vacation. For our hourly team members, we offer up to 3 weeks of accrued vacation
• Meaningful time away for baby bonding, including parental leave, new parent care meals, and a transition back to work for primary caregivers
• FIGS Friends and Family 25% off Discount for FIGS apparel
• Access to FIGS Vet, Discounted Pet Daycare, and so much more...

*Benefits eligibility is determined by hour requirements and length of service

A little bit about us...

FIGS, Inc. is a founder-led, direct-to-consumer healthcare apparel and lifestyle brand that seeks to celebrate, empower and serve current and future generations of healthcare professionals. We redefine what scrubs are by creating technically advanced apparel and products that feature an unmatched combination of comfort, durability, function and style, all at an affordable price. With the largest DTC platform in healthcare apparel, we sell our products to a rapidly growing community of loyal customers. Through these customer relationships, FIGS has built a community and lifestyle around a profession, revolutionizing the large and fragmented healthcare apparel market and becoming the industry's category-defining healthcare apparel and lifestyle brand.

Our Threads for Threads initiative is integral to our mission to improve the lives of healthcare professionals on a global scale. Founded alongside FIGS in 2013, Threads for Threads donates scrubs to healthcare professionals working in resource-poor countries around the world.