Do the best work of your life
Gusto is fundamentally changing how the world works by empowering everyone to put people first. Gusto reimagines payroll, benefits, and HR by automating the most complicated, impersonal business tasks and making them simple and delightful.
Gusto processes billions of dollars in payroll for hundreds of thousands of employees. Additionally, our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI), including customers’ SSNs, EINs, salaries, home addresses, and health related information. Our business is largely built on trust. As a result, protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.
Here’s what you’ll do day-to-day:
- Be hands-on in executing our security strategy at Gusto, which encompasses the security of endpoints, networks, servers, clouds, data, applications and people.
- Help implement and tune our security tools, such as endpoint protection and response, SIEM, vulnerability assessment, cloud security monitoring, application code analysis tools, etc.
- Take lead on threat hunting, IOC analysis, incident response and fine-tune/improve the security tools and policies/processes.
- Organize and run our external bug-bounty program.
- Coordinate regular external penetration testing.
- Automate and enforce security policies across the entire Gusto organization.
- Ensure proper management of keys.
- Work closely with our product engineering teams to put in place the right processes and tools to develop code with minimal security vulnerabilities.
- Develop and lead training across our San Francisco and Denver offices on common security pitfalls, like phishing, social engineering, and unsecured wireless access points.
Here’s what we’re looking for:
- A hands-on engineer who cares deeply about both the technological and social aspects of building a secure organization.
- Ability to partner closely with cross-functional stakeholders, like engineering, IT, DevOps, compliance, and legal teams.
- Always thinking about attack vectors in which PII and PHI can be compromised.
- Familiarity with AWS
- Familiarity with dynamic languages and modern web development frameworks like Ruby on Rails.
- 2+ years of industry work experience in an engineering function at a technology company.
- Background in security engineering preferred, but not required.
Gusto’s mission is to create a world where work empowers a better life. By making complicated, impersonal business tasks simple and personal, Gusto is reimagining HR, payroll, and benefits for over 40,000 companies nationwide. Gusto has offices in San Francisco and Denver and the company’s investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, as well as the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.
Gusto has offices in San Francisco and Denver and its investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, and the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.
payroll, saas, compliance, software
Company Type: Privately Held
Company Size: 201-500