Senior Security Engineer Threat Modeling

About the role:

Were seeking a talented Senior Security Engineer with hands-on experience deploying managing leading and performing Threat Models In this role youll work alongside technical product managers and engineers across the company to maintain Samsaras security and de-risk software security concerns to better protect our customers.

We seek someone who is passionate about leveraging automation to enhance efficiency is enthusiastic about working with infrastructure-as-code and has a wealth of experience collaborating with teams to reduce software vulnerabilities. Your contributions will be critical to shaping our overall security and compliance strategy. At Samsara we value working backwards from winning as an operating principle. Your ability to define success and work with cross-functional stakeholders by working backwards to reach that success is pivotal.

This is a remote position open to candidates residing in Canada.

You should apply if:

• You want to impact the industries that run our world: Your efforts will result in real-world impacthelping to keep the lights on get food into grocery stores reduce emissions and most importantly ensure workers return home safely.
• You are the architect of your own career: If you put in the work this role wont be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development and countless opportunities to experiment and master your craft in a hyper-growth environment.
• Youre energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative ambitious ideas for our customers.
• You want to be with the best: At Samsara we win together celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best.

In this role you will:

• Lead and own ongoing operation and maintenance of Samsaras threat modeling program ensuring consistent execution of processes.
• Assist in detecting raising risks found within the Samsara ecosystem and recommending best next steps while balancing business needs.
• Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports.
• Collaborate with engineering teams to track and support the remediation of identified vulnerabilities providing guidance on best practices.
• Participate in security incident investigations related to high-profile vulnerabilities helping gather data and assess potential impact on Samsara infrastructure.
• Contribute to documentation and process improvements to streamline risk management workflows.
• Champion Samsaras cultural principles (Focus on Customer Success Build for the Long Term Adopt a Growth Mindset Be Inclusive Win as a Team) in daily work.
• Be regularly on call to support.

Minimum requirements for the role:

• 6 years of relevant experience with demonstrated impact for application or product security and threat modeling in an enterprise environment.
• Deep familiarity with OWASP Top Ten the STRIDE threat modeling framework (or equal such as PASTA or DREAD) MITRE ATT&CK.
• Defining and driving SDLC adoption with business focused engineers.
• Experience managing Bug Bounty programs such as Bug Crowd.
• Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business.
• Experience coding with Python or GoLang.

An ideal candidate also has:

• Security certifications such as CISSP AWS Certified Security Specialty or equal.
• Experience and knowledge of FedRAMP and other regulatory security requirements.
• Experience with Semgrep or Wiz.

Required Experience:

Senior IC