About the role
The Security Engineering team builds tools for development teams, improves system security and integrity, and adds monitoring to services in a regulated environment. They use Ruby, JavaScript, Java, Python, AWS, Kubernetes (EKS), Helm, Terraform, Datadog, CircleCI, and Splunk. This role delivers secure products, tools, and systems.
A day in the life
- Lead and collaborate on product security initiatives strengthening our engineering practices
- Write and review customer facing code to resolve security concerns alongside product development engineers
- Conduct threat modeling exercises, architecture reviews, and offensive security engagements with product teams
- Innovate with modern cloud technologies to secure systems such as CI/CD, sensitive data storage, mobile design, front end web services, and more
- Provide mentorship and education for security and software engineering excellence
What we’re looking for
- 5+ years of experience building software
- Deep experience and understanding of securing modern web apps (OWASP top 10, CWEs, and language specific application security issues)
- Experience working in a product setting where the needs of the business and users must be weighed against security requirements
- Experience with exploiting common security vulnerabilities and fixing them
- Experience building high-availability distributed systems and services with any Object Oriented Programming language
- Experience with the Linux command line interface
- Experience with securing AWS cloud infrastructure (EC2, RDS, S3, VPCs)
- Experience with any of these technologies is a plus: GraphQL, React, CircleCI, Kubernetes, Terraform, Postgres
Compensation (New York City)
$205,000 - $215,000 base salary, plus competitive equity, health benefits, 401(k) match, flexible PTO, and potential bonus.