Security Development Engineer
Much of our work focuses on optimizing existing systems, building secure cloud infrastructure, and eliminating work through automation. As Security Development Engineers are responsible for the broader picture of how our various SaaS and PaaS products relate to each other, we use a breadth of tools and approaches to solve a broad spectrum of problems. Post-mortem and proactive identification of potential issues factor into iterative improvement.
Security Development Engineering’s culture of diversity, intellectual curiosity, problem solving, and openness is key to its success. Our organization brings together people with a wide variety of backgrounds, experiences, and perspectives. We encourage teams to collaborate, think big and take risks in a blame-free environment. We promote self-direction to work on meaningful projects, while also creating an environment that provides support and mentorship to learn and grow.
Behind everything our customers see, the systems built by the Security Development Engineering team keep it running and keep their data safe.
We’re always trying to keep our services up and running while also ensuring our customers have the best and safest possible experience.
Engage in and improve the complete lifecycle of services security, through deployment, operation, and continuous refinement.
Work closely with our Security and Operations teams to maintain compliance above required standards.
Maintain services that are live by helping to measure and monitor availability, security, and overall system health.
Scale systems sustainably through mechanisms like automation and evolve systems by pushing for changes in reliability, security, and velocity. Practice sustainable incident response and blameless postmortems.
Bachelor’s degree in Computer Science or equivalent practical experience.
Experience with one or more of the following:
C, C ++, Java, Python, Go, Perl, Ruby, or shell scripting.
Experience with Unix / Linux operating system internals and administration (e.g., filesystems, inodes, system calls, hardening) and networking (e.g., TCP / IP, routing, DNS, network topologies, SDN).
Experience with best practice identification and response to operating system and web application vulnerabilities, such as patching or otherwise mitigating known security issues.
Ability to communicate complex security vulnerabilities to various audiences ranging in technical knowledge.
Ability to manually test and validate web application vulnerabilities.
Understanding and practice with security frameworks such as
NIST 800-53, NIST 800-171, SOC 1 or SOC 2, or PCI.
Exposure to information security standards such as DISA STIGs or CIS.
Previous work with immutable image deployments/architecture.
Experience leading efforts across multiple groups and security boundaries toward common goals.
Ability to debug and optimize code and automate routine tasks.
Exposure to participating in Capture the Flag events or Blue, Red, or Purple teams
Systematic problem-solving approach coupled with strong communication skills and a sense of ownership and drive.
US Citizens with no dual citizenship