About Ethos
Ethos is a leading life insurance technology company on a mission to protect families by democratizing access to life insurance and empowering agents at scale. With its robust three-sided technology platform, Ethos is transforming the life insurance experience for consumers, agents, and carriers alike. Ethos offers instant, accessible products and a seamless online process that requires no medical exams and just a few health questions; it eliminates traditional barriers, making it easier than ever for everyone to protect their families. Ethos is redefining how life insurance is bought, sold, and underwritten.
About The Role
As a member of Ethos Trust and Safety team, you'll be responsible for building various security services and performing technical security risk assessments to support the Ethos main product. You'll help architect and build our internal security standards and frameworks. This role will help build and deploy various security controls in line with foundational security principles like least privilege, defence in depth, segregation of duties and zero-trust architecture.
Duties And Responsibilities
- Design, develop, and deploy security mechanisms to protect against adversarial attacks, data breaches, and other security vulnerabilities
- Design and build robust threat detection, monitoring, investigation workflows response architectures and the components of the security analytics platform
- Monitor and evaluate operational/security alerts
- Conduct Threat Modeling, Design Reviews and Security Testing
- Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
- Partner with the DevOps team to orchestrate/automate security controls in the Ethos infrastructure/platform
- Lead the vulnerability management lifecycle at the infrastructure, platform, and application levels
- Participate in investigations, threat hunting, and incident response activities; build playbooks for specific incident response scenarios
- Assist with compliance activities, such as SOC2 control implementation and testing, vendor risk assessments, etc.
Qualifications And Skills
- 10+ years of full time core, relevant InfoSec experience
- Intimate familiarity with AWS cloud security, experience automating security processes in cloud environments
- Proficiency in threat modelling, design reviews and security testing of various types of applications, technologies and platforms
- Hands-on experience with CI/CD and DevOps tools
- Ability to write automation scripts, ideally in more than one language
- Experience in vulnerability/threat management activities at the infrastructure, platform, and application level
- Experience with penetration tests/red team exercises, ideally the type that involve manual verification, exploitation, lateral movement, etc.
- Expertise with event management/SIEM solutions, data modelling associated with building event detection and alerting capabilities
- Able to come into our San Francisco, CA office once a week
Don't meet every single requirement If you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. At Ethos we are dedicated to building a diverse, inclusive and authentic workplace.
We are an equal opportunity employer.. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Pursuant to the SF Fair Chance Ordinance, we will consider employment for qualified applicants with arrests and conviction records.
To learn more about what information we collect and how it may be used, please refer to our California Candidate Privacy Notice.
Recruitment Notice: Please be aware of recruitment scams. All legitimate communication from our team will only come from email addresses ending in @ethos.com or @getethos.com.
We will never ask for payment, banking details, or sensitive personal information during the hiring process. If you are contacted by someone claiming to represent us from a different email address, please treat it as fraudulent.
