Security Engineer- Incident Response

Fitbit, US - San Francisco

Stay motivated and improve your health by tracking your activity, exercise, food, weight and sleep

At Fitbit, our mission is to help people lead healthier, more active lives by empowering them with data, inspiration and guidance to reach their goals.

We started our journey in 2007—as a team of two with one big idea. Since then, we’ve grown to over 1,500 employees, sold over 60mm devices, and built a health and fitness community across the globe.  In fact, the Fitbit Community has taken enough steps to walk from the Sun to Pluto!  Offering award-winning products, a top-rated mobile app and an easy-to-use online dashboard, Fitbit provides personalized experiences that help our users reach their goals. With a reenergized focus on innovative devices, interactive experiences, and enterprise health we are transforming the way consumers and businesses see health & fitness.

From your first steps as a Fitbitter, you will be at the forefront of developing new products. Our culture combines the spirit of startup with the perks of being public. We offer a competitive benefits package and amazing perks like unlimited snacks, Friday happy hours, onsite workout classes, and a strong focus on a healthy work-life balance. As part of our team, you’ll have the opportunity to grow your career, contribute your ideas to life-changing products and services, and—above all—have fun doing it.


Fitbit’s HQ campus is located in the heart of San Francisco with office locations in Boston, San Diego and around the world. Think you’ve found your fit?


What you’ll do:

The information security team exists to create a culture of information security within Fitbit to ensure that our data and our customer's data remain safe.  

We aim to achieve this by looking for innovative solutions that allow the business to deliver at scale and velocity.  

Main Responsibilities:

Own Our Incident Response Processes

  • Take control of incident response at Fitbit and be the key contact person in the event of a major incident
  • Improve our incident response processes and procedures
  • Mentor and develop the team members on our incident response team

Detect Incidents

  • Monitor output from anti-malware tooling
  • Understand and monitor our applications for signs of compromise
  • Develop tooling to help facilitate ongoing low false-positive monitoring
  • Integrate into our change management processes to detect unauthorized change
  • Understand and monitor our production and corporate infrastructure for signs of compromise
  • Triage and escalate alerts

Respond to Incidents

  • Assist with investigations into suspected incidents
  • Create processes and tooling to increase the efficiency of the response process

Identify Opportunities for Improvement

  • Assist the information security team to identify better ways of achieving their mission
  • Assist with the development and integration of incident detection and response tools
  • Assist with the development and integration of security incident prevention tools

Skills, experience and knowledge that this team will rely on

  • Operating system and systems administration skills
  • Malware analysis
  • Log file analysis
  • Understanding of how web applications operate
  • Understanding of how databases operate
  • Understanding of the way that agile development shops operate
  • Core network protocols such as TCP, UDP, DNS, HTTP, TLS
  • Java and Python software development
  • Linux process and system monitoring facilities
  • Windows and OSX administration

Interactions with other teams

The incident response team is responsible for all of the day-to-day tasks that keep our security monitoring infrastructure alive and well.  They run our monitoring tools and deal with the output from those tools.  They will mainly interface with other members of the information security team.  Depending on the issue they are trying to solve they may also need to work with the Corporate IT and Infrastructure Engineering teams.


Fitbit is proud to be an equal opportunity employer. We recruit, hire, train, promote, pay, and administer all personnel actions without regard to race, color, ancestry, national origin, citizenship, religion, age, sex (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), sex stereotyping (including assumptions about a person’s appearance or behavior, gender roles, gender expression, or gender identity), sexual orientation, gender, gender identity, gender expression, marital status, medical condition, mental or physical disability, military or veteran status, genetic information or other statuses protected by law. We interpret these protected statuses broadly to include both the actual status and any perceptions and assumptions made regarding these statuses.

San Francisco applicants:  Pursuant to the San Francisco Fair Chance Ordinance Fitbit will consider for employment qualified applicants with arrest and conviction records.

About Fitbit

We're a passionate team dedicated to health and fitness who are building products that help transform people's lives. While health can be serious business, we feel it doesn't have to be. We believe you're more likely to reach your goals if you're encouraged to have fun, smile, and feel empowered along the way.

Want to learn more about Fitbit? Visit Fitbit's website.