Senior Security Engineer

Collectors is the leading creator of innovative technology that provides value-added services for collectors worldwide. We grade, authenticate, vault and sell millions of record-setting collectibles, all while modernizing and digitalizing the process to further our mission of helping collectors pursue their passions. We’re always on the lookout for talented people to join our growing team. Our services span collectible coins, trading cards, Funko Pops!, video games, event tickets, autographs, and memorabilia. Our subsidiaries include PSA, PCGS, WATA, Card Ladder, Goldin, and the Long Beach Expo collectibles trade show.Since our founding in 1986, we have graded and authenticated millions of items. We employ more than 1,700 people across our headquarters in Santa Ana and offices in Jersey City, Seattle, Hong Kong, Paris, Shanghai, and Tokyo. 

We’re transforming the collecting experience with technology that brings authentication, grading, and trading into the modern era. Our products are equalizing the playing field by providing tools that make complex research analytics — including pricing, scarcity reports, and historic sales data — accessible to every collector, old or new. Our engineering mission is to democratize technology while promoting innovation, collaboration, and continuous learning throughout the organization. We're seeking engineers to utilize advanced technology in agile settings, with a focus on improving the customer experience for every collector. Collectors Cybersecurity team is committed to utilize cybersecurity, risk and privacy best practices on our platforms, leveraging signal intelligence and observability at scale to protect our customers, employees and our brand.

As a “hands-on” Security Operations Engineer, you will be responsible for ensuring the security of our organization's systems, networks, and data by implementing and maintaining security measures, monitoring for security incidents, and responding to security breaches. The ideal candidate will have a strong background in information security, hands-on experience with security technologies, and a proactive approach to identifying and mitigating security risks.

What You’ll Do

• Implement and maintain security technologies and tools such as SIEM, IDS/IPS, firewalls, EDR, threat management, monitoring, etc. 
• Develop and implement security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Monitor security logs and alerts to identify potential security incidents and respond to them promptly.
• Investigate security incidents to determine the root cause, scope, and impact, and develop remediation plans to address them.
• Conduct security assessments to identify vulnerabilities and weaknesses in systems and networks.
• Develop and maintain incident response plans, procedures, and playbooks to ensure an effective and coordinated response to security incidents.
• Contributing to the development of best practices including IAM policies, networking, cloud, auditing, monitoring and logging standards.
• Develop automation and advanced alerts/reports to meet stakeholder requirements
• Work closely with teams across the organization, particularly Information Technology (IT) and applications to  implement proactive security measures.
• Develop correlations, enrichments, dashboards, reports and alerts that appropriately characterize attacks and mitigation mechanisms.
• Regularly audit public cloud infrastructure utilizing cloud security best practices, identifying findings, and tracking efforts to remediation.
• Working closely with the leadership to deliver on requirements, projects, and report on progress.

Who You Are

• 5+ years of experience, with focus on security operations. 
• Hands-on experience with security tools and technologies, and the ability to analyze and respond to security events effectively.
• Experience working with or implementing endpoint, network, devops and cloud security solutions and controls (preferably in AWS).
• Ability to thrive in a high-growth, fast-paced, and dynamic environment.
• Experience applying risk-based approach to decision making
• Experience with DevSecOps and enhancing and securing infrastructure as code (Ansible, Terraform, Docker, Kubernetes, etc.)
• Experience with observability, telemetry, monitoring, logging platforms.
• Hands-on technical expertise - scripting and/or programming languages, databases, etc. 
• Capable of leveraging Python/Bash/Go to solve practical day-to-day security challenges.
• Excellent understanding of OWASP risks, vulnerabilities, mitigation mechanisms, WAF, and system exploits.
• Thorough understanding of networking and web protocols.
• Experience with security frameworks such as ISO, NIST, SOX, and PCI.

The salary range for this position is $150,000-$210,000. Actual compensation varies based on a variety of non-discriminatory factors, including location, job level, experience, and skill set.

Reasons To Join Us

• Health Insurance: All full-time employees are eligible to enroll in Medical, Dental, and Vision 
• 401(K) Matching Plan: We are proud to offer a competitive 401k matching plan to our employees to support their future financial goals 
• Vacation: All full-time employees are eligible for a flexible paid vacation 
• Holiday Pay: All regular, full-time employees are eligible for nine company paid holidays  Employee Discounts: Employees receive discounts on select grading services for approved submissions 
• Flexible Hours: Many of our teams offer flexible schedules with varying shifts and will work with you to accommodate your needs 
• Fun Working Environment: Our team members are invited to participate in celebrations, holiday events, and team building activities
• Additional Benefits: Full-time employees are eligible for fertility, commuter, and educational assistance benefits

Candidates must be authorized to work in the United States.