• Location
    • United States
  • Date Posted
  • Sep. 28, 2021
  • Function
  • IT
  • Sector
  • Fintech

About Us

On the off chance you’ve thought about insurance, it’s likely because you’ve insured something you love, not because you loved your insurance company. Metromile is out to change that. As an insurtech powered by data science and customer-centric design, we’re building a community of drivers who come for the savings and stay for the experience.

With technology at its core, Metromile is reimagining insurance to make it fairer and actually delightful. We’re obsessed with savings, service, and features -- street sweeping alerts, monthly mileage summaries, fuel trackers and more -- that engage a customer all along their journey.  We’re on the forefront of disrupting a $250 billion auto insurance category that has gone unchanged for over 80 years.

Metromile’s diverse team combines the best of Silicon Valley technologists with veterans from Fortune 500 insurers and financial services giants. This management structure ensures that the business is focused on growth, customer experience and technology innovation while also balancing unit economics and profitability. Our team is growing quickly across the country. We have offices in SF, Tempe and Boston and welcome remote workers across the country. Our customer experience, claims, and sales teams are all based in-house in the US.

Thanks to what makes us different -- our people and our technology -- we’ve been honored with a slew of awards. A few recent ones include: named a Benzinga “Best Insurtech” finalist, a Top Company to Work For, one of the Healthiest Employers in Phoenix, and a Best Place to Work. And, our CEO was recognized as a 2020 40 under 40.

About the role

At Metromile we believe in being Outcome Oriented - we take pride in the outcomes and the value they provide for our customers. We challenge ourselves to build systems that are secure by design. You will be a growing team that will partner with business stakeholders to secure our data and platform.

You Will

  • Establish vision for the Security Architecture and Engineering Organization
  • Engage in Metromile’s Software Development Life Cycle to collaboratively ensure new products, platforms, and technologies meet or exceed security engineering requirements.
  • Identify strategic investments and initiatives that lower the transactional cost of designing and implementing secure platform solutions and reduce the likelihood of potential cyber security attacks.
  • Expertise on common web and network vulnerability attacks including OWASP Top 10 and SANS Top 25 and respective mitigation strategies.
  • Understanding of cryptographic concepts and applied cryptography (SSL, AES etc.)
  • Monitor ongoing projects to verify that security components are built and deployed as originally designed.
  • Integrate security practices into the CI/CD Pipeline
  • Collaborate and advise engineering teams to build authentication, authorization, encryption, and other security implementations
  • Implement application security automation by integrating SCA, SAST, and DAST tools into the CI/CD pipeline

About You:

  • 7+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code.
  • 7+ years of experience working with product security teams to drive engineering remediations to externally identified threats and vulnerabilities.
  • 7+ years of experience with creating threat models and working with teams to identify and remediate potential security gaps related to authentication, authorization, network segmentation, encryption, container configuration, bastion host setup, etc.
  • Broad security-related domain knowledge with authentication and authorization, identity and access management, data protection, OAuth/Open ID connect, Web security.
  • Proficiency in one or more of the following coding or scripting languagestools: Java, JavaScript, Angular, PHP, Python.
  • In-depth experience identifying and protecting against web application and web service security
  • Experience with attacks and mitigation methods, with experience coordinating and executing Penetration Tests, Bug Bounty Programs, Threat Modeling, and Static/Dynamic Analysis
  • Proficient with security tools such as Burp Suite, OWASP ZAP, Snyk, MetaSploit, App Spider etc.
  • In depth knowledge of automation and CI/CD best practices.
  • Experience with iOS and Android Mobile Application Security concepts

Nice to Haves

  • Working knowledge of cloud platforms such as AWS and GCP
  • Professional certifications preferred (e.g., CISSP, CEH, CCSP, etc.)
  • Familiarity with regulatory and legal requirements (e.g., SOX, PCI)
  • Excellence in communicating business risk from cybersecurity issues
  • Excellence at creating clarity and alignment for technical initiatives

What’s in it for you

  • Competitive salary
  • Restricted stock units for all employees
  • Excellent benefits package (health, dental, vision, 401K with match)
  • Well-being reimbursement, includes home office equipment
  • Flexible paid vacation program
  • Flexible scheduling/hours
  • Remote work options
  • 13 paid holidays - 2 of which are flex
  • 12 paid weeks of leave for child birth/adoption
  • Annual anniversary gifts (5 yr. - 6 week paid sabbatical)

If you got to this point, we hope you’re feeling excited about the role. Even if you don’t feel that you meet every single requirement, we still encourage you to apply. We’re eager to meet people that believe in Metromile’s mission and can contribute to our team in a variety of ways – not just candidates who check all the boxes.

Metromile is committed to building a diverse, inclusive and equitable culture at all levels. We nurture a sense of community by investing in one another’s unique backgrounds and experiences to drive business success and positively influence our services and products.

Metromile is proud to be an equal opportunity employer. We will not discriminate against any applicant or employee on the basis of age, race, color, ethnicity, national origin, citizenship, religion, creed, sex, sexual orientation, gender, gender identity, or expression (including against any individual that is transitioning, has transitioned, or is perceived to be transitioning), marital status or civil partnership/union status, physical or mental disability, medical condition, pregnancy, childbirth, genetic information, military, and veteran status, or any other basis prohibited by applicable federal, state or local law.

If you are offered a position with Metromile, Inc. you will be required to successfully complete a background check. Metromile reserves the right to seek clarification of any alerts regarding your background check in order to confirm eligibility for employment.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.