Open Startup
RSS
API
Remote HealthPost a job

find a remote job
work from anywhere

Get a  email of all new Remote Engineer + InfoSec Jobs

Subscribe
×

👉 Hiring for a Remote Engineer + InfoSec position?

Post a job
on the 🏆 #1 Remote Jobs board

Remote Health by SafetyWing


Global health insurance for freelancers & remote workers

Remote Health by SafetyWing


Global health insurance for freelancers & remote workers

PayPay Corporation


Product Security Engineer


PayPay Corporation


product manager

 

product manager

 

exec


PayPay Corporation is hiring a Remote Product Security Engineer

\nPayPay is looking for a Product Security Engineer to work on our payment system to deliver the best payment experience for our customers.\n\n\n\n\n* Security architecture reviews of existing and upcoming projects.\n\n* Acting as both a builder and a breaker by creating tools to help engineers write more secure code and performing penetration tests of public and internal applications.\n\n* Working in a fast paced environment where projects and prioritization may change frequently, security will always remain.\n\n* Participate in setting up a Bug Bounty program, writing proof of concepts, assessing risk, communication with external reporters.\n\n* Implementing and maintaining technologies for security, such as vulnerability testing, logging, monitoring and incident responses.\n\n\n\n\nTech Stack We select the best combination of tech at times. \n| Python, Golang\n| MySQL/AuoraDB, DynamoDB, ELK, Kafka, Redis, TiDB\n| AWS, GCP, TCP Networking, SSL/TLS, Key Management Systems, Certificate Authorities\n|Snyk, SonarQube, Dome9\n|PlantUML, miro.com\n|Slack, Zoom\n\nQualifications\n\n\n* 3+ years of experience as a Security Engineer.\n\n* Experience with Linux internals and hardening\n\n* Must have experience in programming languages and frameworks such as Python and Bash\n\n* Comfortable with identifying and advising on remediation for Application Security vulnerabilities\n\n* Up to date with the latest developments in security\n\n* Development of Proof of Concept exploits\n\n\n\n\nPreferred Qualifications\n\n\n* CVE Contributions\n\n* Open Source tools contributions\n\n* Published papers / blogs / articles\n\n\n\n\nHiring Process\n\n* Application Review (1-2 weeks)\n\n\n\n* HR and Team will review your resume\n\n\n\n* Code challenge (online)\n\n\n\n* Coding Test will be sent via Hirevue system\n\n* It takes 3-4 hours (max) to complete\n\n* If you need to extend the due date, please contact HR\n\n\n\n* Interviews (online)\n\n\n\n* 2-3 rounds of online interview(s)\n\n* Live Coding could be requested\n\n* Please make sure the reason you applied to PayPay (Why Fintech? Why Startup? Why PayPay?)\n\n\n\n* Job Offer\n\n\n\n*Relocation to Japan\n\n\n* Due to the current COVID-19 situation, we cannot sponsor working VISA to Japan. However as a temporary solution, you may be able to start working with us as an individual contractor. Please discuss with your recruiter about this opportunity.\n\n* Once the COVID-19's over, we will ask all employees in overseas to relocate to Japan. We will fully support your relocation.\n\n\n\n\nOther Information\n\n[Corporate Blog] https://about.paypay.ne.jp/corporate-blog\n\n[Product Blog] https://blog.paypay.ne.jp\n\n[LinkedIn] https://www.linkedin.com/company/paypay-corp/


See more jobs at PayPay Corporation

Previous Remote Engineer + InfoSec Jobs

Rumble


This position is a Remote OK original posting verified closed
🇺🇸 US-only

Senior Front End Engineer


Rumble

🇺🇸 US-onlyOriginally posted on Remote OK

software

 

golang

 

full stack

 

software

 

golang

 

full stack

 

networking

This job post is closed and the position is probably filled. Please do not apply.
## Why Rumble? \n\nRumble brings together the best of IT, security and networking technology to deliver amazing network discovery and asset inventory capabilities for modern enterprises.\n\nAn accurate network inventory is a fundamental building block of all security programs, yet most inventory products do a poor job of network-based discovery because they only see it as a stepping stone to the “real” product features. Legacy products work by sending sensitive credentials to every asset on the network and fail to handle today’s hybrid environments. Without a solid inventory, most companies struggle with attack surface reduction, network management, and incident response. \n\nRumble Network Discovery is a product of Rumble, Inc. We are a fully virtual, high-growth startup based in the United States. Our founders each have over 20 years of experience growing companies in the information security industry, including Rapid7, Veracode, BreakingPoint Systems, and PGP. \n\nRumble has already proven its market fit. Rumble appeals to companies of all shapes and sizes; we have customers that range from museums to Fortune 500 technology companies. We serve the low-end of the market through eCommerce and the mid-market and enterprise segment through inside sales. \n\n## The Opportunity\n\nWe're building the engineering team to lead Rumble into the future. Our work is a mix of Go development, low-level protocol research, standard web technologies, PostgreSQL, and a mix of cloud technologies and integrations. Our platform is cloud-agnostic, can be self-hosted, and builds from a single repository. We ship daily and focus on incremental delivery with fast turnaround for customer requests and bug fixes. We bootstrapped to product market fit and recently raised a $5m venture capital round to accelerate our growth. The company was cash-flow positive in 2020.\n\nWe’re looking for senior engineers that are excited about research-driven product development and want to help build a company focused on happy customers and product-led growth.\n\nWe're a fully remote company but you need to be located in the US, with US citizenship or permanent residency for healthcare, payroll, and legal reasons.\n\n\n## Position Summary\n\nWe're searching for a senior front-end engineer to grow our team! You will contribute to all stages of development, deployment, support, operations, and product planning. This position reports directly to the CEO today and will split into functional teams once the team expands. This is a growth opportunity for future engineering leadership as well as long-term individual contributors. \n\n## What Success Looks Like\n\n* Contribute your skills and knowledge to building, supporting, and operating an amazing product experience for our customers.\n\n* Self-task and coordinate with the rest of the engineering team to move the product forward and solve customer challenges.\n\n* Work with customers to identify bugs, understand gaps in product functionality, and flag opportunities for improvement.\n\n* Work closely and communicate effectively with functional teams across the company to keep our customer experience aligned with product and sales operations.\n\n\n## To be successful in this role, you ideally have\n\n* A strong track record of building products that customers love. \n\n* 5+ years of experience in programming-heavy front-end engineering roles with a demonstrated ability to ship quality results, frequently.\n\n* Extensive experience with web development (HTML, CSS, plain JS) and a solid understanding of the HTTP protocol and the web browser security model.\n\n* Extensive experience with design tools, either as a designer yourself, or working with designers through platforms like Figma.\n\n* A solid understanding of standard development tools and processes, including Git and issue-management systems.\n\n\n## Rumble’s Benefits \n\nWe offer an extensive set of benefits including: \n\n* Competitive salaries and a stock option plan.\n\n* Top of the line medical, dental, vision, life and disability coverages with Rumble paying for 99% of the premium. \n\n* A flexible vacation policy.\n\n* 401(k) match program. \n\n## Applying\n\nTo apply for this role, please send your resume and information about the products you have worked on to [email protected] \n\n**We encourage under-represented applicants to apply, even if you don't think you fit 100% of the criteria (nobody ever does)!** \n\n#Salary and compensation\n$70,000 — $160,000/year\n\n\n#Location\n🇺🇸 US-only


See more jobs at Rumble

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
This job post is closed and the position is probably filled. Please do not apply.
WP White Security is a young development company that develops high-quality WordPress security and management plugins. Our plugins are installed on more than 150,000 websites and are used by world renowned businesses such as Disney, Amazon, and Intel!\n\nJoin our growing distributed team and develop plugins that help thousands of WordPress websites administrators from all-over the world! We are looking for a senior PHP / JavaScript / WordPress developer that can work during European time zone hours. If you love writing code, a good challenge, and are fond of the WordPress and open-source communities, we want to hear from you.\n\nEven though we have a very large customer base, we are still a small team. So there is a lot of room to grow within the company.\n\n## What will your job be?\n\nYou will work on the development of our WordPress plugins portfolio. Your tasks will span from designing new features (with the team), writing code and bug fixing, expecting that new and changed code is thoroughly tested and well documented. You will also help the other developers, conduct code reviews of their code, test their code, help our support team solve customer issues, and interact with the rest of the team for knowledge sharing and product work.\n\n## Who are we looking for?\n\n* Excellent verbal and written English\n* Organized, methodological and can work with very little or no supervision\n* 5+ years experience working as a PHP / WordPress plugin developer (mostly back end development)\n* Hands on experience with testing automation and writing testable code (unit testing) etc\n* Strong background in scalable database usage with MySQL\n* Good understanding of Linux, Apache, MySQL and PHP (LAMP) environments\n* Hard working and passionate – we are a young start-up\n* [BONUS] Good skills in react.js and jQuery\n* [BONUS] good understanding of both WordPress and application security\n\n## Benefits of working for us\n\n* Work from anywhere (during European time zone hours)\n* Job security and competitive salary\n* Work in a flat, small, and friendly organization\n* Paid educational materials (including but not limited to online courses and books)\n* Opportunities for paid travel to attend WordCamps\n* Long term engagement – we are looking for a committed candidate who within a few years can become a team lead and a source of knowledge\n\n**Compensation**\nThe salary for this position depends on your experience and technical skills. This is something we will discuss during the application process.


See more jobs at WP White Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
This job post is closed and the position is probably filled. Please do not apply.
Aha! engineering is a mid-sized, fully remote team that is highly productive. We are centered around North American time zones so we can collaborate during the workday.\n\n**Our team**\n*  **We utilize [The Responsive Method](https://www.aha.io/company/the-responsive-method)**: The eight principles drive how we operate Aha! and serve customers and employees.\n*  **We move quickly**: We ship code multiple times a day. We believe in getting new features in front of customers and iteratively improving as we learn what works and what does not.\n*  **We collaborate:** We each bring unique experiences and skills to the table. Working together to share that knowledge benefits the entire team and helps us produce the best results for our customers.\n*  **We value product over process:** We want the team to have the time and focus to solve complex challenges. We aim to minimize the overhead introduced by heavyweight processes and excessive meetings.\n*  **We are happy:** it is important to us that you love your job and are happy at work. Learn more about our company [values](https://www.aha.io/company/culture). Check out our generous [benefits](https://www.aha.io/company/careers/benefits).\n\n**Our technology**\n\nOur sole product is the Aha! web application. It is a single-instance, multi-tenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), and memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.\n\nWe use React for rich client-side experiences on the front end. Some of the features we have built with React include:\n\n* Our fully collaborative [text editor](https://www.aha.io/blog/collaborative-writing): Supports multiple cursors and simultaneous editing by any number of users. We also published a [blog post](https://www.aha.io/engineering/articles/how-to-build-collaborative-text-editor-rails) explaining the underlying technology.\n* Our [presentation editor](https://www.aha.io/blog/product-roadmap-presentation-editor): Allows users to create presentations with slide themes, shapes, text, and embedded Aha! reports (which update live so the presentation is always current).\n* Our [Gantt chart](https://www.aha.io/blog/roadmap-gantt-chart): Supports scaling and scrolling to change the timeline, drag-and-drop, and quick actions to create records or sort the bars.\n* We embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new library or platform brings. We solve the problems in front of us, rather than prematurely optimizing to address issues that may never materialize.\n* We do most of our collaboration and planning in Aha! itself, which we find especially rewarding. We also utilize GitHub, Slack, and GoToMeeting for video calls.\n\n**Your experience**\nWe believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. You have strong problem-solving skills and experience working on important functionality for a cloud-based product. You are humble, eager to learn, and always willing to help others learn as well. You want to work with people who enjoy picking up a problem and solving it, regardless of the technologies and techniques involved.\n\nThe Aha! security team is part of the engineering team and is product focused. As a Senior Security Engineer, you can expect to spend the majority of your time working with Ruby on Rails and JavaScript code for security reviews, investigations, updates, and implementing security features.\n\n**Your work at Aha!**\nWe maintain security controls and perform security reviews on a broad range of features across the full stack. Your work will include:\n\n* Security code reviews that go above and beyond what can be found through scanning tools (which we use too!)\n* Cloud and network security reviews of Amazon Web Services infrastructure that is implemented via infrastructure as code\n* Monitoring third-party dependency vulnerability reports and applying fixes and mitigations\n* Sharing security findings and new developments internally for ongoing education\n* Participating in security monitoring, incident response, and investigations\n\nIf this sounds appealing, we would love to hear from you. A real human reviews every application. \n\n#Salary and compensation\n$110,000 — $160,000/year\n\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!

 This job is getting a relatively high amount of applications currently (15% of viewers clicked Apply)

This position is a Remote OK original posting closed
North America

Sr Security Engineer — Ruby on Rails  This job is getting a relatively high amount of applications currently (15% of viewers clicked Apply)


Aha!

North AmericaOriginally posted on Remote OK

security

 

ruby on rails

 

code review

 

security

 

ruby on rails

 

code review

 
This job post is closed and the position is probably filled. Please do not apply.
Aha! engineering is a mid-sized, fully remote team. We are centered around North American time zones so we can collaborate during the workday.\n\n# Our core values\n# \n* [The Responsive Method](https://www.aha.io/company/the-responsive-method): These 8 principles drive how we operate Aha! and serve customers and employees.\n* Moving quickly: We ship code multiple times a day. We believe in getting new features in front of customers and iteratively improving as we learn what works and what does not.\n* Product over process: We want our engineers to have the time and focus to solve complex challenges. We aim to minimize the overhead introduced by heavyweight processes and excessive meetings.\n* Collaboration: We each bring unique experiences and skills to the table. Working together to share that knowledge benefits the entire team and helps us produce the best results for our customers.\n# Who we're looking for\n# \nWe believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. We look for strong problem-solving skills and experience working on important functionality for a cloud-based product. We need people who are humble, eager to learn, and always willing to help others learn as well. We want to work with people who enjoy picking up a problem and solving it, regardless of the technologies and techniques involved.\n\nThe Aha! security team is part of the engineering team and is product focused. As a Senior Security Engineer, you can expect to spend the majority of your time working with Ruby on Rails and JavaScript code for security reviews, investigations, updates, and implementing security features.\n\n# Our technology\n# \nOur sole product is the Aha! web application. It is a single-instance, multi-tenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), and memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.\n\nWe use React for rich client-side experiences on the front end. Some of the features we have built with React include:\n\n* Our fully [collaborative text editor](https://www.aha.io/blog/collaborative-writing): Supports multiple cursors and simultaneous editing by any number of users. We also published a blog post explaining the underlying technology.\n* Our [presentation editor](https://www.aha.io/blog/product-roadmap-presentation-editor): Allows users to create presentations with slide themes, shapes, text, and embedded Aha! reports (which update live so the presentation is always current).\n* Our [Gantt chart](https://www.aha.io/blog/roadmap-gantt-chart): Supports scaling and scrolling to change the timeline, drag-and-drop, and quick actions to create records or sort the bars.\n\nWe embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new library or platform brings. We solve the problems in front of us, rather than prematurely optimizing to address issues that may never materialize.\n\nWe do most of our collaboration and planning in Aha! itself, which we find especially rewarding. We also utilize GitHub, Slack, and GoToMeeting for video calls.\n\n# What you’ll be doing\n# \nWe maintain security controls and perform security reviews on a broad range of features across the full stack. Your work will include:\n\n* Security code reviews that go above and beyond what can be found through scanning tools (which we use too!)\n* Cloud and network security reviews of Amazon Web Services infrastructure that is implemented via infrastructure as code\n* Monitoring third-party dependency vulnerability reports and applying fixes and mitigations\n* Sharing security findings and new developments internally for ongoing education\n* Participating in security monitoring, incident response, and investigations\n\nIf this sounds appealing, we would love to hear from you. A real human reviews every application, so please use the form to help us learn more about you.\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Doximity


This position is a Remote OK original posting verified closed
North America

Software Engineer Security


Doximity

North AmericaOriginally posted on Remote OK

software engineer

 

security

 

health tech

 

software engineer

 

security

 

health tech

 

hackerone

This job post is closed and the position is probably filled. Please do not apply.
Doximity is transforming the health care industry. Our mission is to help clinicians be more productive, informed, and connected. As a software engineer, you'll work within cross-functional delivery teams alongside other engineers, designers, and product managers in building software to help improve health care.  \n\nOur [team](https://www.doximity.com/about/company#theteam) brings a diverse set of technical and cultural backgrounds and we like to think pragmatically in choosing the tools most appropriate for the job at hand.\n\n**Here's How You Will Make an Impact**\n\n* Help maintain our private security bug bounty program hosted on [hackerone](https://www.hackerone.com/): this involves engaging security researchers, validating security finds, determining impact/risk, awarding bounties, and fixing or coordinating remediation efforts.\n* Help set good security posture; this includes finding bad security habits in applications and encapsulating good secure defaults into libraries/modules, creating training materials for application developers, etc.\n* Work side-by-side with the rest of the infrastructure, application, and data teams to empower all of engineering to move quickly while meeting security requirements.\n* Design and implement secure and easy-to-use tooling and abstractions for other teams to leverage.\n* Active involvement in the design, implementation, and maintenance of the development, staging, and production infrastructure.\n* Participate in an on-call rotation for the services owned by your team.\n* Help ensure the stability and uptime of services within the organization.\n* Create concise post-mortems in the event of an outage.\n* Write and maintain run-books for other engineers to leverage.\n* Ensure proper security, monitoring, alerting, and reporting.\n\n**What we’re looking for**\n\n* You’re a software engineer with more than 4 years of experience and a deep understanding of software engineering practices.\n* You either have experience with security or really want to dive in headfirst and learn.\n* You don’t shy away from:\n* Reading, reviewing, and implementing our implementation of the [oauth spec](https://tools.ietf.org/html/rfc6749).\n* Getting dirty with CORS, CSRF, XSS, etc\n* Our web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and a bit of Golang\n* You have experience working with Terraform and Chef (or similar tooling).\n* You are proficient with Linux/Unix, AWS, and Git.\n* You are able to maintain a minimum of 5 hours overlap with 9:30 to 5:30 PM Pacific time.\n* You can dedicate about two weeks per year for travel to company events.\n\n**Benefits & Perks**\n\n* Generous time off policy\n* Comprehensive benefits including medical, vision, dental, Life/ADD, 401k, flex spending accounts, commuter benefits, equipment budget, educational resources and conference access\n* Family support and planning benefits\n* Pre-IPO stock incentives\n* .. and much more! For a full list, see our [career page](https://work.doximity.com/)\n\n**About Doximity**\n\n* Here are [some of the ways we bring value to doctors](https://drive.google.com/file/d/1qimYh0mG3i1nTJe6jDCDepJt2i4o8MEB/view)\n* Our web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and Golang\n* Our data engineering stack run on Python, MySQL, Spark, and Airflow\n* Our production application stack is hosted on AWS and we deploy to production on average 50 times per day\n* We have over 350 private repositories in Github containing our applications, forks of gems, our own internal gems, and [open-source projects](https://github.com/doximity)\n* We have worked as a distributed team for a long time; we're currently about [65% distributed](https://blog.brunomiranda.com/building-a-distributed-engineering-team-85d281b9b1c)\n* Find out more information on the [Doximity engineering blog](https://technology.doximity.com/)\n* Our company [core values](https://work.doximity.com/)\n* Our [recruiting process](https://technology.doximity.com/articles/engineering-recruitment-process-doximity)\n* Our [product development cycle](https://technology.doximity.com/articles/mofo-driven-product-development)\n* Our [on-boarding & mentorship process](https://technology.doximity.com/articles/software-engineering-on-boarding-at-doximity)\n\nWe’re thrilled to be named the Fastest Growing Company in the Bay Area, and one of Fast Company’s Most Innovative Companies. Joining Doximity means being part of an incredibly talented and humble team. We work on amazing products that over 70% of US doctors (and over one million healthcare professionals) use to make their busy lives a little easier. We’re driven by the goal of improving inefficiencies in our $3.5 trillion U.S. healthcare system and love creating technology that has a real, meaningful impact on people’s lives. To learn more about our team, culture, and users, check out our careers page, company blog, and engineering blog. We’re growing fast, and there’s plenty of opportunities for you to make an impact—join us!\n\n*Doximity is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.*\n\n#Location\nNorth America


See more jobs at Doximity

# How do you apply?\n\n This job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.

Doximity


This position is a Remote OK original posting verified closed
North America

Software Engineer Security


Doximity

North AmericaOriginally posted on Remote OK

security

 

devops

 

health care

 

security

 

devops

 

health care

 

hackerone

This job post is closed and the position is probably filled. Please do not apply.
Doximity is transforming the healthcare industry. Our mission is to help doctors be more productive, informed, and connected. As a software engineer, you'll work within cross-functional delivery teams alongside other engineers, designers, and product managers in building software to help improve healthcare.  \n\nOur team brings a diverse set of technical and cultural backgrounds and we like to think pragmatically in choosing the tools most appropriate for the job at hand.\n\n**Here's How You Will Make an Impact**\n\nHelp maintain our private security bug bounty program hosted on [hackerone](https://www.hackerone.com/): this involves engaging security researchers, validating security finds, determining impact/risk, awarding bounties, and fixing or coordinating remediation efforts.\nHelp set good security posture; this includes finding bad security habits in applications and encapsulating good secure defaults into libraries/modules, creating training materials for application developers, etc.\nWork side-by-side with the rest of the infrastructure, application, and data teams to empower all of engineering to move quickly while meeting security requirements.\nDesign and implement secure and easy-to-use tooling and abstractions for other teams to leverage.\nActive involvement in the design, implementation, and maintenance of the development, staging, and production infrastructure.\nParticipate in an on-call rotation for the services owned by your team.\nHelp ensure the stability and uptime of services within the organization.\nCreate concise post-mortems in the event of an outage.\nWrite and maintain run-books for other engineers to leverage.\nEnsure proper security, monitoring, alerting, and reporting.\n\n**What we’re looking for**\n\nYou’re a software engineer with years of experience and a deep understanding of software engineering practices.\nYou either have experience with security or really want to dive in headfirst and learn.\nYou are not afraid of:\nReading, reviewing, and implementing our implementation of the oauth spec.\nGetting dirty with CORS, CSRF, XSS, etc\nYou’re proficient in:\nRuby, Python, or Golang. Not afraid to learn the rest.\nJavascript\nYou have experience working with Terraform and Chef (or similar tooling).\nYou are proficient with Linux/Unix, AWS, and Git.\nYou are self-motivated and able to manage yourself and your own queue.\nYou are a problem solver with a passion for simple, clean, and maintainable solutions.\nYou agree that concise and effective written and verbal communication is a must for a successful team.\nYou are able to maintain a minimum of 5 hours overlap with 9:30 to 5:30 PM Pacific time.\nYou can dedicate about two weeks per year for travel to company events.\n\n**Benefits & Perks**\n\nGenerous time off policy\nComprehensive benefits including medical, vision, dental, Life/ADD, 401k, flex spending accounts, commuter benefits, equipment budget, and continuous education budget\nPre-IPO stock incentives\n.. and much more! For a full list, see our career page\n\n**About Doximity**\n\nHere are some of the ways[ we bring value to doctors](https://drive.google.com/file/d/1qimYh0mG3i1nTJe6jDCDepJt2i4o8MEB/view)\nOur web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and Golang\nOur data engineering stack run on Python, MySQL, Spark, and Airflow\nOur production application stack is hosted on AWS and we deploy to production on average 50 times per day\nWe have over 350 private repositories in Github containing our applications, forks of gems, our own internal gems, and [open-source projects](https://github.com/doximity)\nWe have worked as a distributed team for a long time; we're currently [about 65% distributed](https://blog.brunomiranda.com/building-a-distributed-engineering-team-85d281b9b1c)\nFind out more information on the [Doximity engineering blog](https://technology.doximity.com/)\nOur [company core values](https://work.doximity.com/)\nOur [recruiting process](https://technology.doximity.com/articles/engineering-recruitment-process-doximity)\nOur [product development cycle](https://technology.doximity.com/articles/mofo-driven-product-development)\nOur [on-boarding & mentorship process](https://technology.doximity.com/articles/software-engineering-on-boarding-at-doximity)\n\nWe’re thrilled to be named the Fastest Growing Company in the Bay Area, and one of Fast Company’s Most Innovative Companies. Joining Doximity means being part of an incredibly talented and humble team. We work on amazing products that over 70% of US doctors (and over one million healthcare professionals) use to make their busy lives a little easier. We’re driven by the goal of improving inefficiencies in our $3.5 trillion U.S. healthcare system and love creating technology that has a real, meaningful impact on people’s lives. To learn more about our team, culture, and users, check out our careers page, company blog, and engineering blog. We’re growing fast, and there’s plenty of opportunities for you to make an impact—join us!\n\n*Doximity is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.*\n\n \n\n \n\n#Location\nNorth America


See more jobs at Doximity

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

PrintWithMe, Inc.


This position is a Remote OK original posting closed
🇺🇸 US-only

Software Engineer


PrintWithMe, Inc.

🇺🇸 US-onlyOriginally posted on Remote OK

python

 

aws

 

rails

 

python

 

aws

 

rails

 

tdd

This job post is closed and the position is probably filled. Please do not apply.
Are you looking for a flexible work environment where you can take real ownership of a product? Do you approach software development from a test-driven and security-minded point of view? If so, we have an exciting career opportunity for you!\n\n# Responsibilities\n * Develop software using TDD and Agile methodologies.\n* Pair (virtually) with our Lead Engineer regularly to solve interesting problems.\n* Help architect the infrastructure that runs our software using Infrastructure as Code and DevOps best practices.\n* Scale systems to meet increasing demand.\n* Improve the availability and resilience of existing systems.\n* Collaborate with our diverse team to solve problems across all departments in our company.\n* Interact directly with CEO during product road-mapping. Have a real voice and seat at the table. \n\n# Requirements\n*** Minimum of 3 years full-time software engineering experience. Required.**\n* While this position is Remote (U.S.), you must reside in the United States and be authorized to work.\n* You must be passionate about building high-quality software with user security and privacy in mind.\n* You have a learning mentality, constantly reading about and testing out new technologies.\n* You have proficiency in multiple programming languages and you have a pragmatic approach about choosing the correct language for the job.\n* Python is our primary language and experience with it is a plus.\n* You have experience managing AWS services in production environments, including ECS, RDS, EC2, and S3.\n* You are fluent in English.\n* We demonstrate high integrity in everything you do.\n* You must be available for certain meetings and pairing sessions weekly, but other than that, **scheduling your time to code is generally flexible. We are a very trusting environment.** \n\n#Salary and compensation\n$90,000/year\n\n\n#Location\n🇺🇸 US-only


See more jobs at PrintWithMe, Inc.

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!


This position is a Remote OK original posting closed
North America

Security Engineerruby on Rails


Aha!

North AmericaOriginally posted on Remote OK

security

 

ruby on rails

 

security

 

ruby on rails

 

ruby

This job post is closed and the position is probably filled. Please do not apply.
Are you a Security Engineer who is passionate about finding and fixing security vulnerabilities in a sophisticated SaaS platform? Do you want to work with cutting-edge visualization, collaboration, and social ideation technologies at the same time?\n\nAs a Senior Security Engineer at Aha!, you will have an excellent opportunity to join a self-funded and profitable company that is growing fast. Aha! was founded by a proven team of experts. More than 300,000 users worldwide trust our roadmap software to build products customers love.\n\n# Responsibilities\n **We are looking for someone who:**\n* Finds joy in breaking (and then fixing) software\n* Has experience with Ruby on Rails and Javascript based applications\n* Has experience with AWS\n* Has worked on compliance projects and security policy development\n* Has driven security initiatives or delivered security training\n* Wants to be great and work in a fast-moving, online environment where the end-user is key \n\n# Requirements\n**We are committed to being great, and we want someone who:**\n* Can work at a fast-paced company where the feedback cycle is measured in hours rather than weeks\n* Has a background of delivering superb work again and again\n* Is seeking a career-defining opportunity and a proven, results-oriented team that has sold multiple software companies\n* Is interested in collaborating with software engineers to grow their skills and career\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!


This position is a Remote OK original posting closed
North America

Security Engineer


Aha!

North AmericaOriginally posted on Remote OK

ruby on rails

 

application security

 

ruby on rails

 

application security

 

ruby

This job post is closed and the position is probably filled. Please do not apply.
Are you a Security Engineer who is passionate about finding and fixing security vulnerabilities in a sophisticated SaaS platform? Do you want to work with cutting-edge visualization, collaboration, and social ideation technologies at the same time?\n\nAs a Senior Security Engineer at Aha!, you will have an excellent opportunity to join a self-funded and profitable company that is growing fast. Aha! was founded by a proven team of experts. More than 300,000 users worldwide trust our roadmap software to build products customers love.\n\n# Responsibilities\n * Can work at a fast-paced company where the feedback cycle is measured in hours rather than weeks\n* Has a background of delivering superb work again and again\n* Is seeking a career-defining opportunity and a proven, results-oriented team that has sold multiple software companies\n* Is interested in collaborating with software engineers to grow their skills and career \n\n# Requirements\n* Finds joy in breaking (and then fixing) software\n* Has experience with Ruby on Rails and Javascript based applications\n* Has experience with AWS\n* Has worked on compliance projects and security policy development\n* Has driven security initiatives or delivered security training\n* Wants to be great and work in a fast-moving, online environment where the end-user is key \n\n#Salary and compensation\n$135,000/year\n\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Numbrs Personal Finance AG


This position is a Remote OK original posting closed
🌏 Worldwide

Security Engineer


Numbrs Personal Finance AG

🌏 WorldwideOriginally posted on Remote OK

aws

 

securitymgo

 

aws

 

securitymgo

 
This job post is closed and the position is probably filled. Please do not apply.
At Numbrs, our engineers don’t just develop things – we have an impact. We change the way how people are managing their finances by building the best products and services for our users. \n\nNumbrs engineers are innovators, problem-solvers, and hard-workers who are building solutions in big data, mobile technology and much more. We look for professional, highly skilled engineers who evolve, adapt to change and thrive in a fast-paced, value-driven environment.\n\nJoin our dedicated technology team that builds massively scalable systems, designs low latency architecture solutions and leverages machine learning technology to turn financial data into action. Want to push the limit of personal finance management? Join Numbrs.\n\n**Job Description**\n\nYou are responsible for planning, developing, and monitoring all information security aspects of the organisation and our large scale micro-service based distributed systems. From establishing security policies, implementing active defense-in-depth strategies, to conducting reviews of software and infrastructure, you are leading a security-first organisation without compromise. You enjoy learning new things and keep yourself up to date on the latest security threats and defenses. You are a great teammate who thrives in a dynamic environment with rapidly changing priorities.\n\n**All candidates will have**\n\n* a Bachelor's or higher degree in a technical field of study or equivalent work experience\n* experience in establishing organisation wide security policies and procedures in a regulated environment\n* experience in security auditing of back-end distributed systems and infrastructure\n* experience with encryption standards, and securing sensitive data in flight and at rest\n* good knowledge of at least one modern programming language, such as Go, Java, C++, or Python\n* hands-on experience with performing code and design reviews\n* excellent troubleshooting and creative problem-solving abilities\n* excellent interpersonal skills, English written and oral communication\n\n**Ideally, candidates will also have**\n\n* experience with the management of personal data according to the GDPR\n* hands-on experience in securing and monitoring Amazon Web Services infrastructure\n* good understanding of modern authorization protocols like OAuth2 and OpenID Connect\n* good German written and oral communication skills\n\n#Location\n🌏 Worldwide


See more jobs at Numbrs Personal Finance AG

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Numbrs Personal Finance AG


This position is a Remote OK original posting closed
🌏 Worldwide

Security Engineer


Numbrs Personal Finance AG

🌏 WorldwideOriginally posted on Remote OK

security

 

aws

 

python

 

security

 

aws

 

python

 
This job post is closed and the position is probably filled. Please do not apply.
At Numbrs, our engineers don’t just develop things – we have an impact. We change the way how people are managing their finances by building the best products and services for our users. \n\nNumbrs engineers are innovators, problem-solvers, and hard-workers who are building solutions in big data, mobile technology and much more. We look for professional, highly skilled engineers who evolve, adapt to change and thrive in a fast-paced, value-driven environment.\n\nJoin our dedicated technology team that builds massively scalable systems, designs low latency architecture solutions and leverages machine learning technology to turn financial data into action. Want to push the limit of personal finance management? Join Numbrs.\n\n**Job Description**\n\nYou are responsible for planning, developing, and monitoring all information security aspects of the organisation and our large scale micro-service based distributed systems. From establishing security policies, implementing active defense-in-depth strategies, to conducting reviews of software and infrastructure, you are leading a security-first organisation without compromise. You enjoy learning new things and keep yourself up to date on the latest security threats and defenses. You are a great teammate who thrives in a dynamic environment with rapidly changing priorities.\n\n**All candidates will have**\n* a Bachelor's or higher degree in a technical field of study or equivalent work experience\n* experience in establishing organisation wide security policies and procedures in a regulated environment\n* experience in security auditing of back-end distributed systems and infrastructure\n* experience with encryption standards, and securing sensitive data in flight and at rest\n* good knowledge of at least one modern programming language, such as Go, Java, C++, or Python\n* hands-on experience with performing code and design reviews\n* excellent troubleshooting and creative problem-solving abilities\n* excellent interpersonal skills, English written and oral communication\n\n**Ideally, candidates will also have**\n* experience with the management of personal data according to the GDPR\n* hands-on experience in securing and monitoring Amazon Web Services infrastructure\n* good understanding of modern authorization protocols like OAuth2 and OpenID Connect\n\n#Location\n🌏 Worldwide


See more jobs at Numbrs Personal Finance AG

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Virtual Pediatric Systems, LLC


This position is a Remote OK original posting closed
Usa

DevOps Security Engineer


Virtual Pediatric Systems, LLC

UsaOriginally posted on Remote OK

devops

 

devsecops

 

security

 

devops

 

devsecops

 

security

 
This job post is closed and the position is probably filled. Please do not apply.
How would you like to have an integral role making a difference in thousands of children’s lives? Come join our established (since 2002) and innovative team in Healthcare working with cutting edge technology to support medical professionals who are changing the way children are cared for all over the world. \n\nWe are looking to hire a full time, self-motivated DevOps Security Engineer to help us build the security infrastructure that is used to drive quality improvement initiatives and research at hundreds of hospitals around the world. This job is open to 100% remote candidates residing within the USA. \n\nAbout us:\nVirtual Pediatric Systems, LLC (“VPS”, www.myvps.org) has grown from a small group of intensivists to a national organization with over 135 hospital units. The data base is the largest collaborative for quality improvement based on severity of illness adjusted comparisons of actual, detailed patient records in critical care. This is a unique achievement.\n\nBased on this achievement, VPS provides state of the art quality reports that are detailed, actionable and comprehensive for practitioners and hospital administrations. VPS has improved the quality of critical care, built the largest national research collaborative, supported the publication of 100+ papers and contributed to saving thousands of children’s lives.\n\nIn the future, VPS is ideally situated to expand from providing quality assessments to providing decision support, detailed outcomes tracking, discovery and prediction of adverse events and truly effective comparative research on hundreds of thousands of critically ill children. This will be achieved on top of VPS’s already successful and vibrant critical care network by adding automated data collection and sophisticated data analysis being pioneered by researchers working with VPS developing an advanced computational framework for decision support in critically ill children.\n\nEveryone on the VPS team is passionate and genuinely believes in and is proud to help VPS's mission to improve critical care quality and outcomes for all children and their families through collaborative high-quality data management and actionable comparative reports for clinicians and other health care leaders.\n\n\n# Responsibilities\n You will be responsible for:\n* Design and integration of cyber security toolsets to enable automated discovery, remediation, and alerting of system vulnerabilities. \n* Maintain compliance and security certifications. \n* Run vulnerability scans and remediate any vulnerabilities. \n* Collaboratively drive security incident response. \n* Manage our infrastructure, including Active Directory and AWS configurations. \n* Optimize AWS deployments for scalability, efficiency and security.\n* Continually research, evaluate, and apply emerging technologies to improve security and the products.\n* Willingness to take ownership of security issues in a 24/7 environment.\n* Help troubleshoot production issues and participate in on call rotation.\n \n\n# Requirements\nThe ideal candidate is:\n* A self-starter who leads by example, and is both disciplined and accountable for delivering accurate and timely results\n* Ability to communicate clearly and effectively \n* Expertise in implementing and maintaining compliance (HIPAA, SOC 2, HITRUST)\n* Skills & Requirements\n* Proficiency with Active Directory, networking, and group/policy administration\n* Proficiency with configuration management tools in both Windows and Linux environments\n* Must have proficiency with security and networking at an expert level\n* Proficiency with heavy system automation and scripting \n* Must have experience with AWS \n* Integrating security into a deployment pipeline\n* Experience and interest in healthcare \n\n\n#Location\nUsa


See more jobs at Virtual Pediatric Systems, LLC

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Stripe


This position is a Remote OK original posting verified closed
North America

Full Stack Engineer User Security


Stripe

North AmericaOriginally posted on Remote OK

full stack

 

full stack

 
This job post is closed and the position is probably filled. Please do not apply.
*User Security is responsible for user-facing authorization and authentication products\n*\nThe User Security team ensures that all of Stripe’s users and their Stripe accounts on the dashboard have access to a world-class security product experience. The engineering focus encompasses both authentication and authorization, including dashboard roles and permissioning, and enabling enterprises to do the previous at scale.\n\nWith the ever-growing adoption of Stripe, it’s even more important that our merchants trust us to secure their accounts. Our User Security team builds customer-facing products that increase the overall security for Stripe’s merchant accounts. The team makes strategic decisions by analyzing threats on the “deep web” & customer feedback. They are challenged daily with creating great user experiences on top of building enterprise-grade login security & access controls.\n\nWe’re looking for an experienced engineer to join this team in advancing the state-of-the-art and user experience in user security.\n\n\n\n# Responsibilities\n **You will:**\n* Work with a wide range of systems, processes and technologies to own and solve problems from end-to-end\n* Build new features for internal and external users\n* Uphold our high engineering standards and bring consistency to the many codebases and processes you will encounter\n* Collaborate with stakeholders across the organization such as experts product, design, infrastructure, and operations \n\n# Requirements\n**You may be fit for this role if you:**\n* Enjoy working across layers of the stack and doing and anything it takes to solve problems and delight users both internally and externally\n* Design, build, and maintain APIs, services, and systems across Stripe’s engineering teams.\n* Debug production issues across services and multiple levels of the stack.\n* Work with engineers across the company to build new features at large-scale.\n* Improve engineering standards, tooling, and processes.\n* Thrive in a collaborative environment involving different stakeholders and subject matter experts\n* Take pride in working on projects to successful completion involving a wide variety of technologies and systems\n* Uphold best practices in engineering, security, and design\n\n**You might work on:**\n* Adding new functionality to the Stripe dashboard to help users run their business\n* Build tools for exploring data from multiple sources in a single, easy to use, portal\n* Crafting and refining onboarding experiences to help users get to what they want faster while balancing regulatory, risk, and compliance requirements\n* Build new systems to securely store sensitive data.\n\n\n#Location\nNorth America


See more jobs at Stripe

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Cofense


This position is a Remote OK original posting closed

ROR Software Engineer IV


Cofense

Originally posted on Remote OK

cyber security

 

ror

 

aws

 

cyber security

 

ror

 

aws

 

docker

This job post is closed and the position is probably filled. Please do not apply.
***This is a full time position working directly for Cofense***\n\nReporting to the Manager of Software Engineering, the Software Engineer IV is responsible for supporting the implementation and maintenance of our products, working as part of a cross-functional team to build new features while maintaining the overall quality of our applications.\n\nAt Cofense, we're searching for amazing engineers to join our team. Our company provides end-to-end cyber-defense solutions that help protect organizations and their employees from the vast and growing threat posed by phishing-related attacks. We're expanding rapidly and looking for talented engineers, like you, that care about building great products that solve big problems.\n\n In this role, you will work as part of a cross-functional team to build new features while maintaining the overall quality of our applications. Working in an agile team environment, you will apply your knowledge and experience to establish standards, ensure code quality, and mentor others. Our approach to software delivery is ambitious, and asks for regular and active participation in defining the "what" and the "how".\n\n As a senior engineer, we'd like to see the following traits from you: technical capability, leadership, and community. For more insight into our thoughts on this topic, please see The Conjoined Triangles of Senior-Level Development [http://frontside.io/blog/2016/07/07/the-conjoined-triangles-of-senior-level-development.html].\n\n# Responsibilities\n * A continuous review of overall test quality, test coverage, and exception reports.\n* Implement new features that emphasize clarity, robustness, and maintainability.\n* Mentor others through pairing, code reviews, and regular knowledge sharing.\n* Establish coding standards, driving best patterns and practices.\n* Assist with planning efforts assessing technical feasibility of new product features.\n* An effective communicator, you will work collaboratively and constructively with others in the team and broader organization.\n* Work with the Principal Engineer to support proper architectural oversight of the product.\n* Rotating on-call duties with other team members.\n* Other duties as assigned. \n \n\nThe above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job. This job description is not a contract of employment, either express or implied. Employment with Cofense will be voluntarily entered into and your employment is considered at will. Cofense reserves the right to alter the job description at any time without notice.\n\n \n\n# Requirements\nKnowledge, Skills and Abilities Required:\n\n* Deep knowledge of Ruby and Ruby on Rails.\n* A test-centric approach to development, in order to build and deploy with confidence.\n* Comfortable at the command line, and with advanced git features.\n* Longstanding familiarity with the Ruby and Rails communities -- you stay on top of current news and changes to the language and framework landscape.\n* Good understanding of application security and common vulnerabilities as expressed by the OWASP Top 10.\n \n\nEducation and/or Additional Experience:\n\n* Production experience in another language beyond Ruby and JavaScript, perhaps Elixir or Go\n* At least 2+ years of recent production experience developing and deploying large-scale Rails applications.\n* Experience in front-end development with JavaScript, HTML, and CSS.\n* Experience with relational databases and SQL outside of ORMs like ActiveRecord.\n* At least 8+ years of professional experience in software engineering preferred.\n* Have participated in an organization using an Agile-based approach to software delivery\n* Experience in a multi-team organization and can articulate the strategies, tools, and methods in support of an SOA approach to software .\n* Bachelor’s degree preferred\n* Have taken part in building a software appliance or on-premise solution.


See more jobs at Cofense

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Marqeta


This position is a Remote OK original posting closed

Infrastructure Security Engineeroakland


Marqeta

Originally posted on Remote OK

java

 

javascript

 

java

 

javascript

 

python

This job post is closed and the position is probably filled. Please do not apply.
Are you looking to join an innovative organization powering payments for the next generation of fintech and commerce innovators? Marqeta has built the world’s first open API issuer processor platform from scratch, powering prepaid, debit, and credit cards for the most recognizable names in financial technology, alternative lending, on-demand services and e-commerce. Marqeta has become the leader in payment innovation. Our company is comprised of a team of industry experts, a dynamic approach to working on challenging problems, and an open environment and culture that is focused on ideas and innovation.\n\nNot only do we have an inspiring and innovative culture, but only Marqeta can offer you a chance to help redefine the payments industry. As a testament to the company we've collectively built, our world-class team voted Marqeta one of the Bay Area’s Best Places to Work.\n\nMarqeta is proud of its Oakland roots and strives to build a team as diverse as the cities in which we operate. Underrepresented populations are encouraged to apply. \n\nWe are not expecting any single candidate to have an expertise under all areas of our requirements section. Please apply if you meet some but not all of the requirements.\n\n**Position Summary**\n\nMarqeta is growing a fresh new Infrastructure Security Team with the goal of significantly improving industry standards in Secure Platform and Service Delivery in the Payments space.\n\nAs a member of Marqeta’s Infrastructure Security Team, you’re responsible for design, development and implementation of our core platform and network security controls. Your work protects our most critical environments, as well as meets or exceeds the various regulatory compliance standards required in the Payments Industry. This role interfaces directly with Marqeta’s Platform Engineering, SRE, and Network Engineering teams, and is vital to Marqeta’s Application Security Program.\n\nThe ideal candidate for this role has a strong desire to lead the organization in well considered Security Engineering methodologies, is seasoned in either AWS or GCP cloud-based services, has a strong passion for DevOps/SecDevOps/DevSecOps driven patterns, and an excellent ability to communicate across roles, teams and disciplines.\n\n# Responsibilities\n **Primary Responsibilities**\n* Build Self Service Tools for Infrastructure, Platform, and SRE Engineers\n* Maintain Security Controls in Platform and Infrastructure Services\n* Implement and Support End-to-End Transport Security and Proxy Layer Services\n* Lead Infrastructure and Platform Design Reviews\n* Implement and Maintain Security Patterns in Pre-Release and Post-Release Deployment\n* Triage, Respond to and Investigate Security Incidents affecting Platform and Infra Services\n* Implement and Maintain Platform and Infrastructure Threat Monitoring and Detection Tools\n* Manage and Deploy Services for Security Team\n* Mentor Marqeta App Sec, Infra, Platform and SRE Engineers\n* Support Quarterly PCI Efforts \n\n# Requirements\n**Requirements**\n* 3-5 yrs Demonstrable and Practical Experience in Systems and Infrastructure Engineering or Comparable Experience in a DevOps Role\n* You pride yourself in a holistic approach to your work\n* You have a sincere passion for Security Engineering as a discipline\n* You’re an excellent communicator\n* You employ strong collaboration patterns and enjoy creating positive team dynamics\n* You know how to own and support positive outcomes\n* You remain constructive under pressure, with a flexible working style\n* You have solid experience and consistency with remote work and engaging distributed teams\n* Demonstrated experience in some combination of the following disciplines: incident response, detection tooling, vulnerability management, security operations, cloud security, infrastructure security, network security, security tools development\n* Experience selecting and implementing tools for SIEM, IDS and vulnerability scanning\n* Experience with automating new and existing processes and tools\n* Experience with AWS, Java, Python, Ruby, and other modern open source languages and tools\n\n**Technical Skills**\n* Functional Development Experience and Proficiency in Python, Go or Ruby\n* Functional Experience with Ansible, Terraform and Packer\n* Experience with AWS Architecture and Service Deployment\n* Experience with Container Technology (Docker, ECS, Kubernetes/K8s)\n* Familiarity with Java and JVM based Application Stacks (e.g. Tomcat)\n* Strong Knowledge of TLS-based Service Architectures\n* Strong Experience with Linux Platforms (CentOS/Ubuntu/Debian/etc)\n* Experience with Secure Deployment Specification\n* Experience with Production Build Pipelines and CI/CD stacks (Ex. Jenkins, Nexus, Drone CI)\n* Strong Interest in Automation Practices\n \n\n**Bonus Qualifications**\n* Experience in Payments or Financial Services\n* Experience with Remote Work\n\n**Perks**\n\n* Be a member of an exceptional team - we’re growing and your career and opportunities with us will, too!\n* Rich suite of benefit plans - Employee premiums paid 100%\n* Generous Paid Time Off plan\n* Market-leading fully paid Parental Leave\n* Retirement savings - 401k plan with a Company match\n* Meaningful Equity\n* Bi-annual Hack Weeks to support and reward innovation\n* Beautiful downtown Oakland office in a great location, with stunning views of Lake Merritt\n* Conveniently located close to public transportation\n* Open, transparent culture that includes weekly All Hands meetings, Lunch-and-Learns, all-company offsite, etc.\n* Commuter and Parking monthly subsidy\n* Access to corporate gym membership rates and other discounts and employee perks!\n* Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays, and more!\n 


See more jobs at Marqeta

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Marqeta


This position is a Remote OK original posting closed

Application Security Engineeroakland


Marqeta

Originally posted on Remote OK

java

 

javascript

 

java

 

javascript

 

ruby

This job post is closed and the position is probably filled. Please do not apply.
Are you looking to join an innovative organization powering payments for the next generation of fintech and commerce innovators? Marqeta has built the world’s first open API issuer processor platform from scratch, powering prepaid, debit, and credit cards for the most recognizable names in financial technology, alternative lending, on-demand services and e-commerce. Marqeta has become the leader in payment innovation. Our company is comprised of a team of industry experts, a dynamic approach to working on challenging problems, and an open environment and culture that is focused on ideas and innovation.\n\nNot only do we have an inspiring and innovative culture, but only Marqeta can offer you a chance to help redefine the payments industry. As a testament to the company we've collectively built, our world-class team voted Marqeta one of the Bay Area’s Best Places to Work.\n\nMarqeta is proud of its Oakland roots and strives to build a team as diverse as the cities in which we operate. Underrepresented populations are encouraged to apply. \n\nWe are not expecting any single candidate to have an expertise under all areas of our requirements section. Please apply if you meet some but not all of the requirements.\n\n**Position Summary**\n\nMarqeta is growing a fresh Application Security Team with the goal of significantly improving industry standards in Secure Application Development in the Payments space.\n\nAs a member of the Application Security Engineer (ASE) Team, you serve as a key contributor to Marqeta’s open payments platform. This role supports the safety and security of our customer’s payments, ensuring the growth of an innovative platform that provides direct access to a strong suite of Payment Card Issuer/Processor APIs. Our long term goal is the development of a strong Product Security Program that protects the global development and deployment of payment and virtual cards as well as mobile authorization.\n\nOur ASEs define Security Engineering standards and practices around Secure Code, Continuous Delivery/Integration, Pre and Post Release S-SDLC, Verification/Validation models, Penetration Testing and innovative Security tooling designed around self-service and rich integration models.\n\nYou'll work closely with Marqeta’s Frontend and Backend Engineers, you'll contribute to critical design input for API development and service architectures, and you’ll assist the company in developing strong engineering practices in support of Product Security. Our goal is to both enhance the workflow of our engineers with security-centric tool sets and implement innovative methods of testing code in the pre-release phase.\n\nThe ideal candidate has a strong core skill set in two or more of the following areas - Automation, QE Testing, Security Engineering, REST API Design, and/or Strong Knowledge in Modern App Frameworks (esp ReactJS, Rails, or Tomcat). You’re knowledgeable and conversant in common vulnerabilities affecting modern web applications, familiar with modern cloud and datacenter based infrastructure, are looking to grow strong application security experience, and you intend to be an excellent communicator and collaborator. Our ASEs are particularly concerned with scaleable tooling strategies and strong process and practice management, which includes constant refinement in how we engage with our cross-functional team of engineers. \n\n# Responsibilities\n **Primary Responsibilities** \n* Build Self Service Tools for QE, Frontend and Backend Engineers\n* Assist with Definition, Implementation, and Maintenance of S-SDLC\n* Lead Application Security Assessments and Design Reviews\n* Execute Critical Validation/Verification Functions in Pre- and Post-Release\n* Implement SAST, DAST and Coherent Dependency Vuln Management into the Build Pipeline\n* Execute Greybox and Whitebox Application Security Assessments\n* Execute and Support HTTP/S Service-Layer Pen-Testing\n* Develop Security Training and Guidelines for Engineers\n* Build and Enhance S/W Testing Strategies with Specialized End-to-End Clients, RSpec, Puppeteer and Selenium-Based Test Cases\n* Lead Software Vulnerability Management and Risk Mitigation Practices\n* Offer Guidance and Leadership in PCI Compliance\n \n\n# Requirements\n**Requirements**\n* Demonstrable and Practical Experience in an Development or Security Engineering Role\n* You have a passion for Security and Engineering as a discipline\n* You’re an excellent communicator\n* You employ strong collaboration patterns and enjoy creating positive team dynamics\n* You know how to own and support positive outcomes\n* You remain constructive under pressure, with a flexible working style\n\n**Technical Skills**\n* Functional Development Experience in Python, Go, JS, Ruby, or Java\n* Functional Experience with Testing Frameworks and Modern Testing Paradigms (BDD, TDD, and similar)\n* Strong Knowledge of OWASP and Common Software Vulnerabilities\n* Solid Understanding of Secure Coding/Development Practices\n* Experience with Production Build Pipeline and CI/CD stacks (Ex. Jenkins, Nexus, Drone CI)\n* Demonstrable Experience with Python, Ruby, JS and/or Go Tool Development\n* Strong Interest in Automation Practices\n* Familiarity and Interest in Cloud Services and SAAS Platforms  (AWS, GCP)\n\n**Communication Skills**\n* Ability to Communicate Technical Details and Concepts Clearly\n* Strong Capacity to Speak and Act with Candor and Empathy\n\n**Nice to Have**\n* Familiarity with Java and JVM based Application Stacks (e.g. Tomcat)\n* Solid Knowledge of OAuth and SAML\n* Strong Knowledge of HTTP/S Service Architectures\n* Strong Knowledge of Transport Security, specifically TLS and CAs \n\n**Perks**\n\n* Be a member of an exceptional team - we’re growing and your career and opportunities with us will, too!\n* Rich suite of benefit plans - Employee premiums paid 100%\n* Generous Paid Time Off plan\n* Market-leading fully paid Parental Leave\n* Retirement savings - 401k plan with a Company match\n* Meaningful Equity\n* Bi-annual Hack Weeks to support and reward innovation\n* Beautiful downtown Oakland office in a great location, with stunning views of Lake Merritt\n* Conveniently located close to public transportation\n* Open, transparent culture that includes weekly All Hands meetings, Lunch-and-Learns, all-company offsite, etc.\n* Commuter and Parking monthly subsidy\n* Access to corporate gym membership rates and other discounts and employee perks!\n* Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays, and more!


See more jobs at Marqeta

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Marqeta


This position is a Remote OK original posting closed

Application Security Engineeroakland


Marqeta

Originally posted on Remote OK

python

 

go

 

javascript

 

python

 

go

 

javascript

 

ruby

This job post is closed and the position is probably filled. Please do not apply.
Are you looking to join an innovative organization powering payments for the next generation of fintech and commerce innovators? Marqeta has built the world’s first open API issuer processor platform from scratch, powering prepaid, debit, and credit cards for the most recognizable names in financial technology, alternative lending, on-demand services and e-commerce. Marqeta has become the leader in payment innovation. Our company is comprised of a team of industry experts, a dynamic approach to working on challenging problems, and an open environment and culture that is focused on ideas and innovation.\n\nNot only do we have an inspiring and innovative culture, but only Marqeta can offer you a chance to help redefine the payments industry. As a testament to the company we've collectively built, our world-class team voted Marqeta one of the Bay Area’s Best Places to Work.\n\nMarqeta is proud of its Oakland roots and strives to build a team as diverse as the cities in which we operate. Underrepresented populations are encouraged to apply. \n\nWe are not expecting any single candidate to have an expertise under all areas of our requirements section. Please apply if you meet some but not all of the requirements.\n\n**Position Summary**\n\nMarqeta is growing a fresh Application Security Team with the goal of significantly improving industry standards in Secure Application Development in the Payments space. We are based in Oakland, California but are open to remote engineers for this role!\n\nAs a member of the Application Security Engineer (ASE) Team, you serve as a key contributor to Marqeta’s open payments platform. This role supports the safety and security of our customer’s payments, ensuring the growth of an innovative platform that provides direct access to a strong suite of Payment Card Issuer/Processor APIs. Our long term goal is the development of a strong Product Security Program that protects the global development and deployment of payment and virtual cards as well as mobile authorization.\n\nOur ASEs define Security Engineering standards and practices around Secure Code, Continuous Delivery/Integration, Pre and Post Release S-SDLC, Verification/Validation models, Penetration Testing and innovative Security tooling designed around self-service and rich integration models.\n\nYou'll work closely with Marqeta’s Frontend and Backend Engineers, you'll contribute to critical design input for API development and service architectures, and you’ll assist the company in developing strong engineering practices in support of Product Security. Our goal is to both enhance the workflow of our engineers with security-centric tool sets and implement innovative methods of testing code in the pre-release phase.\n\nThe ideal candidate has a strong core skill set in two or more of the following areas - Automation, QE Testing, Security Engineering, REST API Design, and/or Strong Knowledge in Modern App Frameworks (esp ReactJS, Rails, or Tomcat). You’re knowledgeable and conversant in common vulnerabilities affecting modern web applications, familiar with modern cloud and datacenter based infrastructure, are looking to grow strong application security experience, and you intend to be an excellent communicator and collaborator. Our ASEs are particularly concerned with scaleable tooling strategies and strong process and practice management, which includes constant refinement in how we engage with our cross-functional team of engineers.\n\n\n# Responsibilities\n **Primary Responsibilities**\n* Build Self Service Tools for QE, Frontend and Backend Engineers\n* Assist with Definition, Implementation, and Maintenance of S-SDLC\n* Lead Application Security Assessments and Design Reviews\n* Execute Critical Validation/Verification Functions in Pre- and Post-Release\n* Implement SAST, DAST and Coherent Dependency Vuln Management into the Build Pipeline\n* Execute Greybox and Whitebox Application Security Assessments\n* Execute and Support HTTP/S Service-Layer Pen-Testing\n* Develop Security Training and Guidelines for Engineers\n* Build and Enhance S/W Testing Strategies with Specialized End-to-End Clients, RSpec, Puppeteer and Selenium-Based Test Cases\n* Lead Software Vulnerability Management and Risk Mitigation Practices\n* Offer Guidance and Leadership in PCI Complianc \n\n# Requirements\n**Requirements**\n* 3-5 yrs Demonstrable and Practical Experience in Application Security Engineering or Comparable Experience in a Security Engineering Role\n* You have a passion for Security Engineering as a discipline\n* You’re an excellent communicator\n* You employ strong collaboration patterns and enjoy creating positive team dynamics\n* You know how to own and support positive outcomes\n* You remain constructive under pressure, with a flexible working style\n* Functional Development Experience and Proficiency in Python, Go, JS, Ruby, or Java\n* Familiarity with Java and JVM based Application Stacks (e.g. Tomcat)\n* Functional Experience with Testing Frameworks and Modern Testing Paradigms (BDD, TDD, and similar)\n* Solid Knowledge of OAuth and SAML\n* Strong Knowledge of HTTP/S Service Architectures\n* Strong Knowledge of Transport Security, specifically TLS and CAs\n* Strong Knowledge of OWASP and Common Software Vulnerabilities\n* Solid Understanding of Secure Coding/Development Practices\n* Experience with Production Build Pipeline and CI/CD stacks (Ex. Jenkins, Nexus, Drone CI)\n* Familiarity with Container Technology (Ex. Docker, RKT)\n* Demonstrable Experience with Python, Ruby, JS and/or Go Tool Development\n* Strong Interest in Automation Practices\n* Familiarity and Interest in Cloud Services and SAAS Platforms  (AWS, GCP)\n* Familiarity with Terraform and Ansible Automation Stac\n\n**Perks**\n* Be a member of an exceptional team - we’re growing and your career and opportunities with us will, too!\n* Rich suite of benefit plans - Employee premiums paid 100%\n* Generous Paid Time Off plan\n* Market-leading fully paid Parental Leave\n* Retirement savings - 401k plan with a Company match\n* Meaningful Equity\n* Bi-annual Hack Weeks to support and reward innovation\n* Beautiful downtown Oakland office in a great location, with stunning views of Lake Merritt\n* Conveniently located close to public transportation\n* Open, transparent culture that includes weekly All Hands meetings, Lunch-and-Learns, all-company offsite, etc.\n* Commuter and Parking monthly subsidy\n* Access to corporate gym membership rates and other discounts and employee perks!\n* Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays, and more!


See more jobs at Marqeta

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Numbrs Personal Finance AG


This position is a Remote OK original posting closed

Security Engineer


Numbrs Personal Finance AG

Originally posted on Remote OK

securitiy

 

cryptography

 

go

 

securitiy

 

cryptography

 

go

 

python

This job post is closed and the position is probably filled. Please do not apply.
At Numbrs, our engineers don’t just develop things – we have an impact. We change the way how people are managing their finances by building the best products and services for our users. \n\nNumbrs engineers are innovators, problem-solvers, and hard-workers who are building solutions in big data, mobile technology and much more. We look for professional, highly skilled engineers who evolve, adapt to change and thrive in a fast-paced, value-driven environment.\n\nJoin our dedicated technology team that builds massively scalable systems, designs low latency architecture solutions and leverages machine learning technology to turn financial data into action. Want to push the limit of personal finance management? Join Numbrs.\n\n**Job Description**\nYou will be a part of a team that is responsible for developing, releasing, monitoring and troubleshooting large scale micro-service based distributed systems with high transaction volume. You enjoy learning new things and are passionate about developing custom security tools, reviewing designs, code, performing in-depth security assessments of mobile apps, distributed backend systems and internal IT infrastructure. You are a great teammate who thrives in a dynamic environment with rapidly changing priorities.\n\n# Responsibilities\n **All candidates will have**\n* a Bachelor's or higher degree in technical field of study\n* a minimum of 3 years security work experience\n* experience with performing application code reviews, design reviews and penetration testing\n* experience in penetration testing web-based apps, mobile apps and back-end infrastructure\n* experience implementing modern cryptosystems\n* excellent knowledge with at least one modern programming language, such as Go, Java, C++, Python and Scala\n* excellent troubleshooting and creative problem-solving abilities\n* excellent written and oral communication and interpersonal skills\n\n**Ideally, candidates will also have**\n* experience with systems for automating deployment, scaling, and management of containerised applications, such as Kubernetes or Mesos\n* experience working with large scale distributed systems


See more jobs at Numbrs Personal Finance AG

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Tigera


This position is a Remote OK original posting verified closed

Senior Software Engineer


Tigera

Originally posted on Remote OK

kubernetes

 

golang

 

go

 

kubernetes

 

golang

 

go

 

calico

This job post is closed and the position is probably filled. Please do not apply.
Tigera is looking for passionate and skilled Golang software engineers to join us in our mission to secure the next generation of cloud native applications. At the heart of our strategy is a set of open source networking and security projects (currently Calico, flannel, and Canal) that define the new gold standard for application connectivity within large scale cloud environments, such as Kubernetes, OpenShift, Docker, and related technologies. Building upon this open source foundation, we are working on complementary commercial offerings to help enterprises build and operate cloud native applications and infrastructures, securely and at scale.\n\nYou will be joining a team that is highly engineering-focused with a culture that values diversity, collaboration, agility and innovation, keeping us one step ahead in the exciting and fast moving cloud-native technology space. \n\n# Requirements\n**Must-Haves**\n\n2+ years of experience with the Golang programming language.\n\nA drive to get things done in a highly collaborative, agile development environment.\n\nExperience with one or more of the following areas and technologies: Networking, Security, Kubernetes, Docker, related or similar.\n\n**Nice-to-Haves**\n\nExperience developing, securing or operating cloud scale applications or infrastructure.\n\nExperience or familiarity with any of these technologies: Istio, Envoy, CNI, OpenShift, Docker\n\nExperience in an open source based company, with a focus on cloud, networking and/or security.\n


See more jobs at Tigera

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
This job post is closed and the position is probably filled. Please do not apply.
# Role Description\n\nTigera is looking for passionate and skilled Golang software engineers to join us in our mission to secure the next generation of cloud native applications. At the heart of our strategy is a set of open source networking and security projects (currently Calico, flannel, and Canal) that define the new gold standard for application connectivity within large scale cloud environments, such as Kubernetes, OpenShift, Docker, and related technologies. Building upon this open source foundation, we are working on complementary commercial offerings to help enterprises build and operate cloud native applications and infrastructures, securely and at scale.\n\n\n\nYou will be joining a team that is highly engineering-focused with a culture that values diversity, collaboration, agility and innovation, keeping us one step ahead in the exciting and fast moving cloud-native technology space. \n\n# Requirements\n## Must-Haves\n\n* 2+ years of experience with the Golang programming language.\n\n* A drive to get things done in a highly collaborative, agile development environment.\n\n* Experience with one or more of the following areas and technologies: Networking, Security, Kubernetes, Docker, related or similar.\n\n\n\n## Nice-to-Haves\n\n* Experience developing, securing or operating cloud scale applications or infrastructure.\n\n* Experience or familiarity with any of these technologies: Istio, Envoy, CNI, OpenShift, Docker\n\n* Experience in an open source based company, with a focus on cloud, networking and/or security.\n\n#Location\nUnited States & Canada


See more jobs at Tigera

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

GeoComm


This position is a Remote OK original posting verified closed

Senior Software Engineersecurity Video Integration


GeoComm

Originally posted on Remote OK

esri

 

gis

 

azure

 

esri

 

gis

 

azure

 

agile

This job post is closed and the position is probably filled. Please do not apply.
We are looking for a motivated and experienced senior software engineer to help enhance our development effort using a cutting-edge tech stack. Successful candidates will demonstrate a passion for high quality software, have strong engineering principles and methodical problem-solving skills. This is a unique opportunity to build products that truly make a difference. This position is exempt and reports directly to the Joint Operations General Manager. \nQualifications\nBS/MS in Computer Science or Software Engineering\n7+ years of experience developing software applications and web services\nProgramming experience in Python, C# / .NET, JavaScript or TypeScript\nWorking experience with video camera system SDKs and APIs\nWorking experience with frameworks such as Angular\nWorking experience with SQL databases\nWorking knowledge of Git version control\nHands on experience creating responsive web applications using modern frameworks\nExperience designing applications that operate on cloud environments such as AWS or Azure\nAbility to establish priorities and work independently on multiple tasks\nKnowledge of Agile software development methodologies and practices\nPreferred Experience\nExperience developing, maintaining, and innovating large scale, consumer facing applications\nFamiliar with the development challenges inherent with highly scalable and available web applications\nExperience with open source technologies\nExperience with various modern web frameworks\nExperience developing GIS applications using Esri technology\nExperience with Docker\nGeo-Comm is an equal opportunity employer and does not discriminate in hiring or employment on the basis of race, color, religion, sex, national origin, age, disability, marital status, familial status, sexual orientation, veteran status or any other status protected by applicable law.\nGeo-Comm Corporation provides a drug-free working environment and is an Equal Opportunity Employer.


See more jobs at GeoComm

Visit GeoComm's website

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Platform.sh


This position is a Remote OK original posting closed

Security & Compliance Engineer


Platform.sh

Originally posted on Remote OK

security

 

infrastructure

 

compliance

 

security

 

infrastructure

 

compliance

 
This job post is closed and the position is probably filled. Please do not apply.
To reinforce our commitment to customers’ privacy, we are looking to grow our compliance team. If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.\n\nFor its PaaS solution, https://platform.sh is looking for a Security & Compliance Engineer with a taste for Python and Go, great Linux system understanding, outstanding written English skills, experience working on PCI and/or SOC compliance, and a real hunger for the challenges of building compliant distributed systems.\n\nThis position is unique and well suited for engineers wanting to transition into a heavy security and compliance role. We are targeting developers/sysadmins that like writing documentation. Initially, this high-visibility position will be non-coding while we overcome a bubble of compliance activities. In the future this role may convert over to a SecOps engineering position depending upon the desire of the candidate. \n\nSecurity, privacy and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red-tape and constraints to a well-oiled machine where everything is automated, where every constraint becomes a feature making the product better.\n\nThe ideal candidate will work USA-friendly hours (and ideally resides in the Americas). \n\nAbout Platform.sh \n\nPlatform.sh is an idea-to-cloud application platform that simplifies cloud infrastructures.\n\nWe give developers the tools they need to experiment, innovate, get rapid feedback and deliver better-quality features with speed and confidence thanks to our unique rapid cloning technology.\n\nPlatform.sh serves thousands of customers worldwide including The Financial Times, Gap, Magento Commerce, Orange, Hachette, Ikea, Stanford University, Harvard University, The British Council, and Lufthansa.\n\nWe want people who are passionate, open, multicultural, friendly, humble and smart to join us and help this fast-growing, award-winning company to revolutionize the tech industry.\n\n\n\n# Responsibilities\n Directly reporting to our Security, Compliance and Data Protection Officer (VP), and in close interaction with our Chief Product Officer, CTO, VP of Infrastructure, and our Engineering and Customer Support teams, you will be responsible for:\n\n- acting as a technical liaison between our compliance department and our product, engineering, and operations staff\n- creating documentation and processes in English to help satisfy compliance requirements\n- evaluating, deploying, and possibly creating, systems and tools that will enhance our support and operations efficiency\n- supporting our data protection officer and compliance team with information requests, pen testing, disaster recovery, and related activities\n- executing our security incident management process\n- working with appropriate teams to deploy and operate security tools and solutions\n- ensuring all systems, security applications, and services in environment are securely configured and managed through operating system appropriate security platforms and tools\n- ensuring optimal operation of all security solutions and tools\n- automating all the above, so we can instead drink margaritas (or non-alcoholic beverages, of course) \n\n# Requirements\nThe ideal candidate must have:\n\n- works USA-friendly hours\n- has excellent written English skills (as in, you could have been a tech writer or commercial author in another life)\n- has proven experience with Linux (preferably Debian-based)\n- knows markdown\n- has experience implementing PCI, SOC, or related\n- can operate largely independently (go take that hill) with management support\n- has proven successful experience in an operations role\n- has had good exposure to cloud services (AWS in particular)\n- understands how an OS works, knows networking, how git works, and the constraints of a distributed system\n- is proficient in Python\n- has an understanding of\n .. Patch and Vulnerability Management process\n .. Principle of Least Privilege\n .. Incident response\n .. Identity and Access Management\n .. IPTABLES\n .. WAFs\n \n\nNice to have :\n\n- resides in the Americas\n- has experience with containerization technologies (LXC/LXD, Docker)\n- has experience with vendor management\n- has experience with Puppet\n- has demonstrated the ability to successfully manage cloud-based infrastructure for a fast growing organization\n- knowledge of Magento Ecommerce, Symfony, Drupal, eZ Platform, or Typo3\n- has experience with Golang\n- relational database skills\n- public speaking experience\n- ability to speak French or German a plus\n- ability to kick ass in Chess or beat Zork without using a map\nCISSP, CISM, Security+, GCED, GICSP, GCIH, SSCP, or CASP Certification or similar will get you moved to the top of the queue\n- CIPM/E, CIPP/E, CIPM/E certification or similar will get you moved to the top of the queue\n- can bravely take on new challenges like a Gryffindor, analyzes problems like Ravenclaw, protects our infrastructure and client data like a Slytherin, and talks with clients like a Hufflepuff.


See more jobs at Platform.sh

# How do you apply?\n\n This job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.
This job post is closed and the position is probably filled. Please do not apply.
Doximity is transforming the healthcare industry. Our mission is to help doctors save time so they can provide better care for patients.\n\nWe value diversity — in backgrounds and in experiences. Healthcare is a universal concern, and we need people from all backgrounds to help build the future of healthcare.\n\nThis position is for an experienced DevOps engineer to own Security efforts for our entire application stack and join our 8 person DevOps team. We’re looking for someone with a strong track record in building infrastructure, maintaining high level of uptime and optimal security. You will be supporting and building products alongside our 50+ person engineering team used by hundreds of thousands of people.\n\n**How you’ll make an impact:**\n\n* Develop, schedule, and execute automated security audits on infrastructure using industry standard security frameworks and tooling.\n* Write penetration tests for applications and services.\n* Periodically audit and rotate access credentials.\n* Document current and future security procedures and policies in the wiki.\n* Lead security/policy related audits such as SOC2 Type II (annual renewal).\n* Work with sales and client services teams to answer infrastructure related security questions and concerns that clients inquire about.\n* Remediate and write post-mortem reports on security-related issues.\n* Active involvement in design, implementation, and maintenance of the development, staging, and production infrastructure security.\n* Work on automating tasks using Jenkins.\n* Troubleshoot system issues (such as high-load, memory, CPU usage, etc.) and come up with temporary/long-term solutions based on the root cause.\n* Work with developers to deploy applications ready for production (Terraform, Consul, Vault, Upstart, NGINX, Sensu). We believe in infrastructure as code and follow it.\n* Write Chef cookbooks (using "Berkshelf Way") to automate configuration management.\n* Participate in a 1-week on 7-week off, 24/7 on-call rotation.\n* Hands-on maintenance on our Ruby on Rails and Go (Golang) applications.\n* Troubleshoot issues across the whole stack: hardware, software, and network.\n\n**What we’re looking for:**\n\n* Minimum of 5 years of Linux/UNIX systems engineer & administrator experience.\n* Minimum of 5 years of relevant web application security experience\n* Extensive AWS experience\n* Experience writing application security penetration tests with an open source framework.\n* Automation experience with configuration management tools such as Chef, Ansible, or Puppet.\n* Intermediate to advanced experience administering and securing an RDB (MySQL or Postgres a plus)\n* Proficient in bash shell scripting (sed + awk) and one of Ruby or Python.\n* Experience automating application deployments with Capistrano or Jenkins.\n* Ability to work in a proactive manner and manage your own queue.\n* Experience with Hashicorp tools, Neo4j, Elasticsearch, Kibana, Grafana is a big plus.\n\n**About Doximity**\n\nWe’re thrilled to be named the Fastest Growing Company in the Bay Area, and one of Fast Company’s Most Innovative Companies. Joining Doximity means being part of an incredibly talented and humble team. We work on amazing products that over 70% of US doctors (and over one million healthcare professionals) use to make their busy lives a little easier. We’re driven by the goal of improving inefficiencies in our $2.5 trillion U.S. healthcare system and love creating technology that has a real, meaningful impact on people’s lives. To learn more about our team, culture, and users, check out our careers page, company blog, and engineering blog. We’re growing fast, and there’s plenty of opportunity for you to make an impact—join us!\n\n*Doximity is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.* \n\n# Requirements\nUse apply button


See more jobs at Doximity

# How do you apply?\n\n This job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.

Numbrs Personal Finance AG


This position is a Remote OK original posting closed

Security Engineer


Numbrs Personal Finance AG

Originally posted on Remote OK

securitiy

 

cryptography

 

go

 

securitiy

 

cryptography

 

go

 

python

This job post is closed and the position is probably filled. Please do not apply.
Responsibilities include but are not limited to reviewing designs, code, performing in-depth security assessments of mobile apps, distributed backend systems and internal IT infrastructure; developing custom security tools; documenting the infrastructure, policies, and procedures. Applicants are also expected to participate in after-hours work.\n\n**All candidates will have**\n* a Bachelor's or higher degree in technical field of study\n* a minimum of two years security work experience\n* experience with performing application code reviews, design reviews and penetration testing\n* experience in penetration testing web-based apps, mobile apps and back-end infrastructure\n* experience implementing modern cryptosystems\n* excellent knowledge with at least one modern programming language, such as Go, Java, C++, Python and Scala\n* excellent troubleshooting and creative problem-solving abilities\n* excellent written and oral communication and interpersonal skills\n\n**Ideally, candidates will also have**\n* experience with systems for automating deployment, scaling, and management of containerised applications, such as Kubernetes or Mesos\n* experience working with large scale distributed systems\n*


See more jobs at Numbrs Personal Finance AG

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Numbrs Personal Finance AG


This position is a Remote OK original posting closed

Security Engineer


Numbrs Personal Finance AG

Originally posted on Remote OK

penetration testing

 

golang

 

java

 

penetration testing

 

golang

 

java

 

python

This job post is closed and the position is probably filled. Please do not apply.
Responsibilities include but are not limited to reviewing designs, code, performing in-depth security assessments of mobile apps, distributed backend systems and internal IT infrastructure; developing custom security tools; documenting the infrastructure, policies, and procedures. Applicants are also expected to participate in after-hours work.\n\n**All candidates will have**\n* a Bachelor's or higher degree in technical field of study\n* a minimum of 3 years security work experience\n* experience with performing application code reviews, design reviews and penetration testing\n* experience in penetration testing web-based apps, mobile apps and back-end infrastructure\n* experience implementing modern cryptosystems\n* excellent knowledge with at least one modern programming language, such as Go, Java, C++, Python and Scala\n* excellent troubleshooting and creative problem-solving abilities\n* excellent written and oral communication and interpersonal skills\n\n\n**Ideally, candidates will also have**\n\n* experience with systems for automating deployment, scaling, and management of containerised applications, such as Kubernetes or Mesos\n* experience working with large scale distributed systems\n\n*Location: Remote*\n


See more jobs at Numbrs Personal Finance AG

Visit Numbrs Personal Finance AG's website

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
This job post is closed and the position is probably filled. Please do not apply.
Blockstack is a new internet for decentralized apps. With Blockstack, you own your data and maintain your privacy, security and freedom. Blockstack is open source project and a public benefit corporation. [Learn more](https://blockstack.org).\n\nBlockstack is looking for a passionate and collaborative DevOps Engineer to help develop rigorous testing suites to guarantee the safety of a soon-to-be launched cryptocurrency and blockchain. This person will work on implementing securely tested solutions, and interface with our dev team and back end engineers on product builds and feature implementation. This role will span testing and security, software development and upgrades, improvements to our Developer API, and community support. \n\nOur engineering team builds software using JavaScript/ES6, React, Redux, Swift, and Objective-C on the frontend and Python, bash, and Bitcoin Core on the backend.\n\nThings You'll Work On:\n- Manage distribution of Blockstack software upgrades for developers and everyday users\n- Keep our users happy by managing Blockstack browser availability, scalability, and performance \n- Build tools for faster deployment schedules \n- Instate monitoring protocols and fail-over measures \n- Implement continuous testing practices to ensure the security and performance goals of Blockstack are met across backend services, blockchain infrastructure, and our frontend user clients\n- Deliver on rapid implementation schedules (without compromising on smart development goals and principles) to build web functionality that is functional, fast, and scalable\n\nQualifications\nYou are have worked in a large, highly available systems environment before, as well as an agile start-up. You are familiar with strategizing and improving for system security and availability. Your strengths lie in backend development, but can work across the full-stack when needed. \n\nKPIs\n- Increased uptime of Blockstack software \n- Delivery of long term, securely tested software \n- Work to improve our failure processes, alerting, and emergency response times \n- Support our community developers to increase number and usability of Blockstack Apps \n\nSkills \n- Experience developing with python and bash\n- Comfort across operating systems, with a strong Linux background\n- Experience across the CI/CD pipeline, with an understanding of best practices for automated testing and deployment\n- Ability to build and maintain highly available infrastructure\n- Competency in monitoring and quick response time in the event of an emergency\n- Security background with strength in automated testing and infrastructure\n- Experience deploying Bitcoin infrastructure with bitcoin core or utxo providers\n\nQualities + Traits \n- Passion for building the new internet for decentralized apps \n- Strong problem solving skills, ability to think fast and thoroughly\n- Development mindset with strong security background\n- Experience in a rapidly scaling start-up\n- Proactive solution provider\n- Excellent communication


See more jobs at Blockstack

Visit Blockstack's website

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Sublime Security

 This job is getting a relatively high amount of applications currently (11% of viewers clicked Apply)

closed

Senior Software Engineer  This job is getting a relatively high amount of applications currently (11% of viewers clicked Apply)


Sublime Security


golang

 

dev

 

senior

 

golang

 

dev

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - ** Why Sublime **Nation states, criminal organizations, and lone wolves are attempting to phish businesses and consumers 24/7/365. When they succeed it can be extraordinarily destructive, costing a single business $100M (1), disrupting coronavirus research (2), and even impacti...


See more jobs at Sublime Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Sublime Security


closed

Software Engineer


Sublime Security


golang

 

dev

 

golang

 

dev

 
This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - ** Why Sublime **Nation states, criminal organizations, and lone wolves are attempting to phish businesses and consumers 24/7/365. When they succeed it can be extraordinarily destructive, costing a single business $100M (1), disrupting coronavirus research (2), and even impacti...


See more jobs at Sublime Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

1Password


closed

DevOps Security Engineer


1Password


devops

 

devops

 

devops

This job post is closed and the position is probably filled. Please do not apply.
Over 80,000 businesses and millions of people use 1Password to protect their most important information. We’re a kind, curious, and customer-focused team on a mission to build the world's most-loved password manager and give people more control over their data.\n\nAt 1Password, customer privacy and security come first and foremost; this commitment informs everything we do, and the Security Team is responsible for upholding this commitment. We are a passionate team that really cares about protecting our customers, and we’re looking for new team members that share this passion. \n\nAs a DevOps Security Engineer, you’ll be working as part of the Security Engineering team, helping us continue to raise the bar for security in our DevOps environment. This includes enhancing the security of our existing platform and assisting with the design and build of new platforms.\n\nWhen we say bring your whole self to work, we mean it. You'll join a diverse and inclusive community, built on trust, support and respect. Be yourself, find your people and share the things you love. As we continue to build our global team, we welcome all individuals and do not discriminate on the basis of gender identity, race, ethnicity, disability, sexual orientation, education, languages spoken, and veteran's status. \n


See more jobs at 1Password

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Hopper

 This job is getting a relatively high amount of applications currently (15% of viewers clicked Apply)

closed

Security Engineer  This job is getting a relatively high amount of applications currently (15% of viewers clicked Apply)


Hopper


This job post is closed and the position is probably filled. Please do not apply.
ABOUT HOPPER\n\nAt Hopper, we’re on a mission to build the most customer-centric travel company on earth. We are leveraging the power that comes from combining massive amounts of data and machine learning to build the world’s fastest-growing mobile first travel marketplace -- one that enables our customers to save money and travel better.\n\nHopper’s goal is to reduce traveler anxiety throughout all stages of the trip buying and taking process. By creating a transparent travel marketplace and unique, data-driven financial technology products focused on providing peace-of-mind, Hopper adds value along each step of the customer’s journey.\n\nHopper has launched several bespoke fintech products that leverage our immense first and third-party data to create products and value that do not exist elsewhere - including Refundable and Flexible Tickets and Price Freeze. Thanks to these offerings, Hopper’s revenue growth is up 112% despite the travel slowdown due to COVID-19.\n\nWith over $250M CAD in funding from leading investors in both Canada and the US, Hopper is primed to continue its acceleration to becoming the world’s fastest-growing end-to-end customer-centric travel offering.\n\nRecognized as one of the world’s most innovative companies by Fast Company three years in a row, Hopper has been downloaded over 50 million times and sees over 1 million new installs per month. The app has received high praise in the form of mobile accolades such as the Webby Award for Best Travel App of 2019. \n\nCome take off with us!\n\nTHE ROLE\n\nAs a Security Engineer, you will be a core member of Hopper's Information Security Team within Hopper's B2B partnerships group. This role represents a key position responsible for the continuous safeguarding of Hopper's data, assuring the trust of our customers and partners, and executing on the organization’s Information Security strategy.\n\nBENEFITS\n\n• Well-funded and proven startup with large ambitions, competitive salary and stock options\n• Dynamic and entrepreneurial team where pushing limits is everyday business\n• 100% employer paid medical, dental, vision, disability and life insurance plans\n• Access to a 401k (US) or Retirement Savings Plan (Canada)


See more jobs at Hopper

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Seamless.AI

 This job is getting a relatively high amount of applications currently (10% of viewers clicked Apply)

closed

Cloud Security Engineer US  This job is getting a relatively high amount of applications currently (10% of viewers clicked Apply)


Seamless.AI


cloud

 

cloud

 
This job post is closed and the position is probably filled. Please do not apply.
The Opportunity\nThe Cloud Security Engineer will be responsible for a variety of tasks. The candidate must be able to work in a fast-paced environment, manage and execute upon security requirements for the company, and oversee agendas and budgets for projects. It is crucial this candidate is amplifying their individual contribution, their professional growth and their capability to work effectively with team members as well supporting the growth of any direct reports.\n\nAbout Seamless\nSeamless delivers the world’s best sales leads. Through our product, we help sales teams maximize revenue, increase sales, and easily acquire their total addressable market using artificial intelligence; by development of a robust real-time contact and company search engine as well as a suite of technically-advanced tools to support sales and lead generation. We have been recognized as one of Ohio’s fastest growing companies and has been awarded recently for Best Technology Company of the year in 2019 by NJTC, Best Place to Work in 2020, Top 50 Ohio-Based Startups by VentureOhio and Ranked in LinkedIn’s Top 50 Startups of 2020! \n\nThe Seamless Family\nWe have an amazing culture and work environment that anyone would want to be a part of. We encourage a culture of positivity. We thrive off of continuous feedback and do whatever it takes to help our team and customers be successful. You will grow as an individual, professionally, and be able to see and feel the impact you are making to the growth of Seamless every day.\n\n\nDisclaimer: This is a full-time remote position. We are headquartered out of Columbus, OH but currently open to remote or local candidates. We are open to assisting with relocation in the right circumstance. Visa Sponsorship is not included in our hiring package. Applicants will need to be authorized to work in the U.S.\n\nWe are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.\n\nNo Recruiters. This is an internal position our internal team is hiring for.


See more jobs at Seamless.AI

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

NowPow


closed

Security DevOps Engineer


NowPow


devops

 

devops

 

devops

This job post is closed and the position is probably filled. Please do not apply.
\nNowPow, whose name is a play on knowledge is power, is a women-owned and led technology business based on Chicago's south side. NowPow's multi-sided platform is a personalized community referral management solution that enables care professionals - social workers, physicians, justice workers - to manage and close the loop on health and social service referrals and also directly supports patients, members, and clients in their own self care. NowPow helps people get the care they need, whether they are managing chronic health and social conditions or just staying well.\nThe Role:\nAs a Security and DevOps Engineer at NowPow, you will be responsible for NowPow's Azure environment and costs, NowPow's HIPAA compliant security program, and managing our build, automation, and test pipelines.\nYou will build tools to optimize and manage our Azure cloud environment. You will own NowPow's security program and document, certify, and explain the program to our customers while managing its activities (including automated scanning, penetration tests, and certification processes). You will own and manage our platform automation, including deployment/CI pipelines and build/test automation processes.\nAs a growing startup, you will need to own all things Azure for our teams and help us to identify missing skills and new processes as our systems grow. You will be responsible for our platform's security, monitoring, and costs.\nAn ideal candidate will have 2+ years of experience using Microsoft Azure as a hosting platform and expertise in using cloud infrastructure frameworks is required.\nWhat you'll do:\nMonitor and manage the NowPow Platform's Hosting Environment:\n* Monitor activity within the NowPow's Azure cloud environment\n* Optimize and monitor our costs and plan and implement cost saving initiatives with engineering leadership\n* Manage NowPow's system monitoring solutions and help us go from 99% uptime to five-nines (99.999% uptime)\n* Monitor and automate platform scaling to improve performance and optimize costs\n* Inventory and manage all cloud resources and archive and delete as needed\n* Evaluate advancements in cloud technologies and share with our teams\n\n\nRun the NowPow Platform Security Program:\n* Partner with our operations team on HIPAA security and privacy monitoring activities\n* Manage NowPow's recurring security activities (including automated scans and tests, penetration testing, etc.…)\n* Work with our Sales team on customer security review processes and RFP/RFI questions around security\n* Own and document overall platform security and review with customer IT teams as needed\n* Evaluate security compliance programs (such as HITRUST, SOC2, etc…) and work across departments to implement and manage\n\n\nSupport our Engineering, QA, Analytics, and Product Support teams:\n* Partner with the Architecture and R+D team to test new Azure features and build new solutions as needed\n* Automate more of the customer provisioning process with our Product Support team\n* Work with our QA team to update our automated testing pipelines and strategy\n* Coordinate with engineering to improve our CI build and test pipelines\n\n\nWhat will make you successful:\n* BS or MS in computer science, or equivalent.\n* 2+ years of DevOps experience with the Azure cloud infrastructure with extensive cloud infrastructure framework experience required\n* CI/CD experience with TeamCity, Jenkins, TFS, or other CI frameworks\n* Experience with deployment automation tools (like Octopus or Azure DevOps) is preferred\n* Scripting and environment automation experience required\n* Experience working with security compliance programs such as HITRUST, SOC2, ISO 27001, FedRAMP and PCI is preferred\n* Excellent verbal and written communication skills.\n* Comfortable adopting to new technologies quickly\n\n\nWhy NowPow?\nWe work at NowPow because we care! NowPowers are passionate about our mission and are excited about the opportunities and challenges we face. At NowPow, we cultivate a culture of collaboration and respect, where everyone is a valued team member.\nOur people and our culture are important to us and make working at NowPow special. We invest in the self-care of our team and provide competitive benefits to support this. We celebrate our successes every week with a company wide happy hour on Fridays and recognize those who went above and beyond in their work. Outside of work, we have fun through company events such as laser tag, ice skating and heading to the ballpark for beautiful weather and a baseball game!\nWe are looking for highly motivated and hard-working individuals to join our team and help us connect health care to self-care. Apply now to join our growing team!\nEqual Employment Opportunity\nNowPow is an Equal Opportunity Employer. NowPow evaluates applicants for employment on the basis of qualifications, merit, and work-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, genetic information, or any other characteristic protected by applicable federal, state or local laws. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, associate activities and general treatment during employment.


See more jobs at NowPow

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Parity Technologies


closed

Security Operations Engineer


Parity Technologies


ops

 

ops

 
This job post is closed and the position is probably filled. Please do not apply.
\n\n* Design and implement secure cloud and on-premise infrastructure to validate on substrate based networks.\n\n* Work within systems that secure millions of dollars of cryptocurrency from motivated attackers.\n\n* Instrument high-signal alerts from production infrastructure events to provide early indicators of network attacks and compromises. Create playbooks of what to do in the case of such events. \n\n* Model and evaluate risks of slashing for validator nodes from an operational perspective and prioritize security efforts based on these risk assessments. \n\n* Monitor for unsafe and uncertain conditions and design fallback systems to support the stability of the network.\n\n* Work with infrastructure and core runtime engineers to design and implement hardened, layered systems.\n\n* Work with security engineers around securing digital assets in a production environment\n\n* Respond to security alerts and triage incident response management.\n\n* Work with core developer teams on security-critical projects, reviewing architecture designs and automating critical infrastructure tasks\n\n* Refine alerting rules to improve signal/noise ratio of operational health and security\n\n* Participate in an on-call rotation with colleagues in multiple time zones\n\n\n\n\n\nTo see how we use your data please see our Applicant Notice


See more jobs at Parity Technologies

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

TigerConnect


closed

Security DevOps Engineer


TigerConnect


devops

 

devops

 

devops

This job post is closed and the position is probably filled. Please do not apply.
\nLOCATION:       Santa Monica, CA\nTITLE:                DevOps Security Engineer\nREPORTS TO:   VP, DevSecOps\n\nAs an integral part of the operations team, the DevOps Security Engineer is passionate about security and wants to have a meaningful impact within the Healthcare space.  This individual will be part of a team charged with making sure TigerConnect is secure and stays at the top level of security and reliability in the industry. Join us and help manage/secure our AWS hosted infrastructure. Responsibilities will include hands-on security management, monitoring, discovery, and remediation of all security related issues while working cross functionally with other departments on company-wide initiatives and compliance.  \n\nThe DevOps Security Engineer will have at least 5+ years of commercial experience as a Security Engineer (including at least 3 years of current commercial experience as a DevOps Engineer) with specific focus on public cloud infrastructure, multi-tenant enterprise software security, compliance programs (HIPAA/HiTrust/FedRamp), and supporting production 24x7 highly available infrastructure with a DevOps mindset.   \n\nThe ideal candidate's background will include a strong emphasis on information security, infrastructure as code/automation, public cloud infrastructure, compliance, secure software development, and other security best practices.   \n\nWhat You'll Own:\n\n\n* Contribute to the design and integration of cyber security toolsets to enable more automated discovery, remediation, and alerting of system vulnerabilities.\n\n* Architect and integrate security tools into the CI/CD pipeline.\n\n* Architect, manage, and remediate findings from security tools, pen test reports, and compliance requirements.\n\n* Manage and maintain compliance and certifications (existing and new).\n\n* Help select and manage relationships with security vendors and partners.\n\n* Analyze and respond to production security notifications in a timely manner.\n\n* Foster DevSecOps culture and advocate for a security-first mindset amongst Security, QA, Development, and DevOps teams.\n\n* Deploying web and service-based applications in multiple instances of our PaaS.\n\n* Continually research, evaluate, and apply emerging technologies to improve security and the products.\n\n* Provide technical oversight to the development process including reviewing the technical design and the deployment architecture.\n\n* Work cross functionally with all departments to assist with security related issues as it relates to engineering, client care, and sales teams.\n\n* Willingness to take ownership, troubleshoot hands-on, and be on-call for security issues in a 24/7 environment.\n\n\n\n\nWhat You've Accomplished:\n\n\n* Experience in monitoring and responding to security events\n\n* Proven track record of creating secure cloud architectures for mission critical Internet-facing applications.\n\n* Expertise implementing and maintaining compliance (HIPAA, HI-TRUST, FEDRAMP)\n\n* Experience with build-time dependency management, unit testing and code-coverage tools, test automation techniques and tools.\n\n* Experience and understanding of microservices architecture, design patterns, and secure software development methodologies.\n\n* Experience building and managing infrastructure-as-code including automation/scripting tools and languages.  \n\n* Experience in DevOps culture and the ability to teach and profess is highly desired.\n\n* Ability to communicate security and risk-related concepts to technical and nontechnical audiences at both the executive and working level.\n\n\n\n\nWhat You Bring to the Table:\n\n\n* Background in monitoring and securing cloud environments\n\n* Linux and configuration management tools (Chef and Terraform)\n\n* Strong public cloud experience (AWS)\n\n* Security certifications are a plus (CCSP, CISSP, AWS Security)\n\n* Security policy development, implementation and enforcement.\n\n* Integrating security into a CI/CD pipeline\n\n* SSL certificate and key management policies\n\n* Scripting in either Python, Ruby, or Bash.\n\n\n


See more jobs at TigerConnect

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Platform.sh


closed

Security Engineer


Platform.sh


This job post is closed and the position is probably filled. Please do not apply.
\nTo reinforce our commitment to customers’ privacy and security, for its PaaS solution, Platform.sh is looking for a Security Engineer with a taste for Python and Go, excellent Linux system understanding, outstanding written English skills, experience working on PCI and/or SOC 2 compliance, and a real hunger for the challenges of building compliant distributed systems. If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.\n\nWe are targeting engineers that like writing documentation and can function in a high performing, multithreaded, 100% cloud-based, remote environment.\n\nSecurity, privacy, and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red-tape and constraints to a well-oiled machine where everything is automated and where every constraint becomes a feature making the product better.\n\nThis role reports to our Security Operations Manager, and works in close interaction with our CTO, VP of Infrastructure, VP of Engineering, our Data Protection Officer, and our Customer Support teams.\n\nIn a given day you might:\n\n\n* Act as a technical liaison between the Security department and our product, engineering, support, and operations staff.\n\n* Create documentation and processes in English to help satisfy compliance requirements and/or internal process questions.\n\n* Evaluate, deploy, and create systems and tools that will enhance our efficiency.\n\n* Support our data protection officer and compliance team with information requests, pen-testing coordinations, internal and external vulnerability scanning, disaster recovery, and related activities.\n\n* Execute our security incident management process.\n\n* Ensure all systems and services in our environment are securely designed, configured, managed, and monitored.\n\n* Work with external auditors to answer questions on PCI and SOC 2.\n\n* Participate in an on-call rotation, the majority of which is during normal working hours.\n\n\n\n\nQualifications\n\nMinimum Qualifications:\n\n\n* Experience with Linux (preferably Debian-based)\n\n* Markdown\n\n* Experience implementing PCI, SOC 2, or related\n\n* Operate largely independently (go take that hill) with management support\n\n* Able to juggle several requests at the same time\n\n* Experience securing cloud services (AWS in particular)\n\n* Sysadmin experience\n\n* Experience with git-based workflows\n\n* Proficient in Python or Golang\n\n* Experience with containerization technologies (LXC/LXD, Docker)\n\n* Working knowledge of\n\n\n\n* Patch and Vulnerability Management process\n\n* Principle of Least Privilege\n\n* Incident response\n\n* Identity and Access Management\n\n* IPTABLES\n\n* Encryption: TLS, SSH, Disk, etc.\n\n* Ticketed change control\n\n* Snapshot-based backups\n\n\n\n* CISSP, CISM, Security+, GCED, GICSP, GCIH, SSCP, or CASP+ Certification or similar\n\n* Excellent written English skills\n\n\n\n\nPreferred Qualifications:\n\n\n* AWS, Google, and/or Azure certifications\n\n* Experience with performing vendor security reviews\n\n* Experience with Puppet\n\n* Knowledge of Magento Ecommerce, Symfony, Drupal, eZ Platform, or Typo3\n\n* Relational database skills\n\n* Public speaking experience\n\n* Ability to speak French or German\n\n* Ability to kick ass in Chess or beat Zork without using a map\n\n* Can bravely take on new challenges like a Gryffindor, analyze problems like Ravenclaw, protects our infrastructure and client data like a Slytherin, and talks with clients like a Hufflepuff.\n\n\n\n\nSound Like a Good Fit? We’d love to talk to you!  \n\n* This is a remote job \n\nWe are a worldwide distributed team and are looking for a candidate who can perform well working remotely. To be an effective performer here at Platform.sh, you’ll need to be able to effectively collaborate across time zones while operating with a high level of independence and autonomy.


See more jobs at Platform.sh

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

ShapeShift


closed

Senior Software Security Engineer


ShapeShift


dev

 

senior

 

dev

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nPOSITION OVERVIEW\n\nShapeShift is seeking a Senior Software Security Engineer to help identify risks and mitigate them for this growing organization. The Software Security Engineer will be scanning, researching, hacking, and advising developers on security, in addition to altering source code to resolve security vulnerabilities. The ideal candidate will possess a keen understanding of how tweaking one parameter can vastly change the security outcomes of an information system. This position offers a unique opportunity to think with a black hat but wear a white hat for an exciting cryptocurrency startup.\n\nThis is a full-time, exempt position that reports directly to the CISO.\n\nYour desire to make a real impact on an organization and the world grows by the day. The ideal candidate will be open to daily changes in workflow and protocol (and force us to improve workflows). As a start-up in an evolving space, there are new challenges that require new solutions every day.\n\nGOALS OF POSITION\n\n\n* Stay abreast with daily CVE announcements and 0-day vulnerabilities\n\n* Provide strong software engineering experience to ShapeShift’s Security team.\n\n* Work with Site Reliability Engineers and IT administrators to mitigate any vulnerabilities found with ShapeShift's systems.\n\n* Provide security guidance and advice to software engineers on best practices for storing, securing, and accessing secrets in their application development. \n\n* Participate in architecture design discussions for ShapeShift's upcoming feature enhancements and new products/services, ensuring best practices in security are followed in each phase of development, and ensuring security risks are understood and mitigated in the design choices.\n\n* Execute and automate approved penetration tests, vulnerability scans, and related intelligence gathering about the existing security posture of development and production systems.\n\n* Manage internal TLS Certificate Authority, issuing and revoking internal server and client certificates where necessary.\n\n* Collect and organize security-related metrics for reporting to ShapeShift’s CISO.\n\n* Maintain ShapeShift's existing Information Security Policy, ensuring it is up-to-date with ShapeShift's requirements. \n\n* Providing security training to all new staff, and security refreshers to existing staff.\n\n* Oversee the provisioning of cryptographic keys and security hardware for new staff.\n\n* Can research, understand, and implement security enhancements to ShapeShift systems independently, and communicate changes to management in a timely fashion.\n\n\n\n\nSUCCESS METRICS OF POSITION\n\n\n* Concerns and risks are brought to the attention of the CISO in a timely manner\n\n* Staff receive your assessments and recommendations on improving/maintaining security in a timely manner\n\n* Staff are able to rely on you to educate them on security and answer their questions\n\n* Ability to contribute security enhancements to ShapeShift’s codebase.\n\n* Senior Security Engineer is able to meet deadlines independently\n\n\n\n\nWHAT YOU BRING TO THE TABLE\n\n\n* "Jack of All Trades" mindset, knowledgeable in many areas\n\n* "Geek to English translator" - ability to train/teach security concepts to non-security staff in easy-to-understand language\n\n* Strong "Google-fu" - ability to quickly find and learn concepts that aren't already known\n\n* Knowledge and experience that can be relied upon by others in the Security department\n\n* Ability to be flexible while working in a dynamic startup environment\n\n* Desire to make the world a better and safer place\n\n\n\n\nREQUIRED EDUCATION & EXPERIENCE\n\n\n* 7+ years of full-stack engineering experience or equivalent \n\n* Strong competency with Javascript and/or TypeScript\n\n* Strong competency with modern software development tools (git, jira, IDEs)\n\n* Experience performing source code review\n\n* Experience resolving application level vulnerabilities\n\n* Experience working with GPG / PGP\n\n* Experience with TLS, cryptographic certificates and PKI\n\n* Experience performing vulnerability scanning (i.e. Metasploit, Nessus, or similar)\n\n* Securing and administering services/daemons according to best practices\n\n* Experience working with Linux and open source technologies\n\n* At least 4 years experience in a security-focused role\n\n\n\n\nPREFERRED EDUCATION & EXPERIENCE\n\n\n* Experience securing cloud-based service providers, such as DigitalOcean, Azure, and AWS\n\n* Experience with deployment automation tools such as CircleCI, Terraform, etc.\n\n* Experience with penetration testing\n\n* Experience with charting, graphing, and presenting data visually\n\n* Experience working with cryptocurrencies and blockchains\n\n* Familiarity with Agile Development Methodologies \n\n* Familiarity with hardware and firmware security \n\n* Security certifications such as: CISSP, CISA, OSCP, Pentest+, Security+ would be an asset\n\n* Experience with Open Source Software\n\n\n


See more jobs at ShapeShift

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Balena


closed

Lead Security Engineer


Balena


exec

 

exec

 
This job post is closed and the position is probably filled. Please do not apply.
\nBeing a Lead Security Engineer at balena\n\nOur users trust us to provide critical infrastructure for their distributed IoT fleets, and our engineers work hard to protect each of these devices from attacks. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team.\n\nAs a Lead Security Engineer, you will learn how our complex interdependent systems are built and run. You will dig deep into diagnostics & debugging surfaces, logs, and reports to identify areas of risk and strategies to minimize vulnerabilities. You will develop and deploy security controls and concepts stretching from cloud-based apps to systems running on embedded devices, and lead initiatives to create new frameworks and roadmaps. You will influence infrastructure and product decisions and, above all, establish and promote a culture of shared responsibility for security.\n\nResponsibilities\n\n\n* Analyze weaknesses and attack patterns, and architect solutions to address them\n\n* Construct a comprehensive threat model that includes a variety of actors and security contexts\n\n* Define standards and streamline workflows for managing incidents, recovery, and vulnerability reports\n\n* Implement, tune, and enhance security auditing, monitoring, and notification systems\n\n* Perform checks to ensure our production pipeline is secure — from developer machines to servers\n\n* Design and review security-related product features, like automated vulnerability scanning and audit logs\n\n* Be a key resource for peers on support, share knowledge and mentor others on best practices\n\n\n\n\nRequirements\n\n\n* Strong technical background in software development, operations and/or information security\n\n* Experience writing high-quality code and debugging production systems\n\n* Working knowledge of Linux operating system internals\n\n* Awareness of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles\n\n* Ability to manage ambiguity, push through friction, and independently make critical trade-off decisions\n\n* Continuous improvement mindset and desire to make yourself and others more effective\n\n* Willingness to constantly build on your knowledge of the platform and new technologies\n\n* Excellent communication skills and fluency in English\n\n\n\n\nBonus points\n\n\n* Proficiency in at least one high-level language (we use Typescript and Javascript)\n\n* Knowledge of state of the art authentication standards such as OIDC\n\n* Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols\n\n* Background in leading teams and working across functions to build secure products\n\n* Experience with IoT, embedded SW, dev tools, or balena as a user/contributor\n\n* Contributions to OSS projects and community involvement\n\n\n\n\nMake sure to let us know if any of these items apply to you! If possible, please also share a sample of your work or examples of projects (URL or attachment).


See more jobs at Balena

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SUSE


closed

Security Engineer


SUSE


This job post is closed and the position is probably filled. Please do not apply.
\nSUSE is a growing company, with great products, a culture that fosters openness and friendship, and where many opportunities exist.\n\nProduct security is the most important building block of the global IT ecosystem.\n\nOur SUSE Security Team has over two decades of experience working on pro-active and reactive security to make our products and solutions outstanding. Using the latest technologies allows us to respond to hyped and very urgent vulnerabilities like ShellShock or BootHole. The race is still on-going and we need you to stay ahead and win.\n\nLocation: EMEA (Remote)\n\nKey Responsibilities:\n\n\n* Product security for our enterprise and community products\n\n* Security incident management, evaluation, assessment, fixing of vulnerabilities\n\n* Secure product and tools development, supporting development teams\n\n* Security testing, manual and automatic\n\n* Writing patches\n\n* Working in projects and teams\n\n* Communication with external and internal customers\n\n\n\n\nCandidate Profile:\n\n\n* An academic degree (Master/Bachelor or comparable) or IT specialist (Fachinformatiker)\n\n* Self-motivated and self-organised\n\n* Very good understanding of the Linux operating system\n\n* Programming skills in C and at least one scripting language (bash, perl, ruby, python, ...)\n\n* Experience with application security\n\n* Familiarity with basic security concepts (e.g. code analysis, binary formats, encryption)\n\n* Familiarity with security analysis tools is a bonus (e.g. IDA, gdb)\n\n* Knowledge of network security (TCP/IP, SSH, TLS/SSL) is a plus\n\n* Pronounced quality awareness, customer-oriented approach - Enthusiastic about security and improving knowledge in this area\n\n* Good communication skills and meticulous working style\n\n* Good knowledge of English\n\n\n\n\nWhat makes us different:\n\n\n* You will find and can connect to highly skilled engineers at SUSE\n\n* We provide many different products and endless opportunities to learn\n\n* We help our employees to develop\n\n* Our work environment is creative and productive\n\n* You can work with and within an international team\n\n* Our working hours are as flexible as possible\n\n* We organize regular events (hackathons, workshops, outdoor events, ...) to build up relationships and friendship within and across teams\n\n* At SUSE the opinion of the employee matters!\n\n\n\n\nIf you are successful for this position you'll have to pass pre-employment checks before joining us. The content of these checks may vary by country and position.


See more jobs at SUSE

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Automattic


closed

Security Research Engineering


Automattic


This job post is closed and the position is probably filled. Please do not apply.
\nJetpack is expanding its security team to provide crucial malware protection to WordPress websites. As a Security Researcher you will research and identify vulnerable and malicious code and help the team to develop methods to scan, prevent and remove malware attacks. If you have a knack for solving puzzles and a desire to document and create solutions, this is a great role for you!\n\nThe Security Engineer position might be a good fit if you:\n\n\n* Have a love for securing and protecting websites and applications!\n\n* Understand security threats, vulnerabilities, and common attack vectors such as XSS, injection, hijacking, social engineering, and so on, and how to mitigate them.\n\n* Have a deep understanding of networking protocols like TCP/IP, as well as HTTP/HTTPS\n\n* Are familiar with large scale systems, CDN based content delivery, WAF protection, Data partitioning, and Database Replication.\n\n* Are highly collaborative and love participating in code reviews and discussions about architecture or design.\n\n* Are open, and able, to travel 3-4 weeks per year to meet up with your teammates in person.\n\n\n\n\nExtra Credit:\n\n\n* Experience with penetration testing and associated tools\n\n* Previous experience with malware detection systems\n\n* Reported vulnerabilities in the past\n\n* Know your way around WordPress and its file and database structures.\n\n* Have experience writing and debugging WordPress plugins and themes.\n\n\n\n\n\nSpeaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company:\n\n\n* Leadership – we offer a variety of leadership options to those who have interest, including becoming a team lead and managing releases.\n\n* Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books and conferences.\n\n* Architecture – we encourage developers to develop expertise in the systems they work with, guide their evolution and mentor other developers working on them.\n\n* Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process improvements.\n\n\n\n\nDiversity & Inclusion at Automattic\n\nWe’re improving diversity in the tech industry. At Automattic, we want people to love their work and show respect and empathy to all. We welcome differences and strive to increase participation from traditionally underrepresented groups. Our D&I committee involves Automatticians across the company and drives grassroots change. For example, this group has helped facilitate private online spaces for affiliated Automatticians to gather and helps run a monthly D&I People Lab series for further learning. Diversity and Inclusion is a priority at Automattic, though our dedication influences far more than just Automatticians: We make our products freely available and translate our products into and offer customer support in numerous languages. We require unconscious bias training for our hiring teams and ensure our products are accessible across different bandwidths and devices. Learn more about our dedication to diversity and inclusion and our Employee Resource Groups.\n\nCurious who works in engineering at Automattic? Meet our JavaScript Engineers – Lena and Riad.\n\nHow to apply\n\nDoes this sound exciting? If yes, click the Apply button below and fill out our application form. We are looking to having you in the process with us.


See more jobs at Automattic

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

CrowdStrike


closed

Software Engineer Cloud Security


CrowdStrike


golang

 

dev

 

golang

 

dev

 

cloud

This job post is closed and the position is probably filled. Please do not apply.
Sunnyvale, United States - At CrowdStrike we’re on a mission - to stop breaches. Our groundbreaking technology, services delivery, and intelligence gathering together with our innovations in machine learning and behavioral-based detection, allow our customers to not only defend themselves, but do so in a...


See more jobs at CrowdStrike

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

NS8


closed

Cloud Security Engineer


NS8


cloud

 

cloud

 
This job post is closed and the position is probably filled. Please do not apply.
\nDevSecOps Engineers at NS8 have a dual responsibility to uphold and create security standards across all of our environments as well as collaborate with other infrastructure teams to operate a production environment. The DevSecOps team’s responsibility is to “shift left” security, reliability, and availability matters early into the development process for the entire engineering org. Accordingly, the DevSecOps team has 3 focuses, Infrastructure, Security, and Test/QA.\n\nWe value quality work and an attitude to design and review carefully, thoughtfully, and proactively. We are looking for a DevSecOps Engineer who is passionate about high quality code and processes, automated testing, and continuous integration and monitoring and who will maintain high standards through code reviews and daily interactions.\n\nResponsibilities:\n\n\n* Implement SAST/DAST/IAST/RAST, IDS/ADS, SIEM/SOAR and other DevSecOps systems, both vendor and open-source, that deploy and run in Kubernetes clusters and in Concourse CI/CD\n\n* Write Policy-as-Code that ensure various systems are compliant, encrypted, and follow least privilege and zero trust models\n\n* Harden networks, containers, orchestrators, and cloud infrastructure more broadly.\n\n* Proactively assess vulnerabilities, model threats, and write automated penetration tests\n\n* Respond to and forensically analyze security incidents in a production environment, ensuring all compliance requirements and guidelines are followed\n\n* Code review with an eye for correctness, standards-compliance, security holes, new attack vectors, increased attack surface, etc\n\n\n\n\nRequirements: \nExperience with specific technologies listed is not required. We may prefer candidates who know the specific technologies, but we are also open to input on some of these.\n\n\n* Threat modeling and penetration testing experience\n\n* IDS/ADS, SIEM/SOAR, and forensics experience. We use or are looking to implement tools like Sysdig Falco as well as vendors like Aqua Security, Twistlock/Prisma, StackRox, and/or Splunk.\n\n* Experience responding to security incidents and following required reporting and resolution protocols\n\n* Compliance experience, e.g. NIST, SOC-2, SOX, PCI, etc.\n\n* Experience with vulnerability assessments, implementing SAST/DAST/IAST/RAST, and integrating security tooling into CI/CD pipelines. We are using or looking to implement tools like Anchore, Clair, Trufflehog, etc. Cloud. We are migrating to Concourse from CircleCI and some AWS CodeBuild.\n\n* Policy-as-Code experience. We are using or looking to implement tools like Open Policy Agent (OPA), cloud-custodian, terraform-compliance, etc.\n\n* Experience encrypting, hardening, segmenting networks. We are using or looking to implement tools like VPC, Security Groups, WAF, Kubernetes L4 & L7 NetworkPolicy, Istio AuthzPolicy, Istio mTLS, and Cilium encrypted networking.\n\n* Experience writing production code in at least one language. Most of our engineering teams use TypeScript, with some sprinkles of Java, Python, Go, Shell, etc.\n\n\n\n\nPreferred: \nThese experiences are not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.\n\n* Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.\n\n* Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.\n\n* Experience implementing and influencing a DevSecOps workflow for other teams\n\n* Experience working in an Agile/Kanban environment with GitFlow style development on a Remote / distributed team.\n\n* Experience with any of the DevSecOps Team’s other focuses: Infrastructure (linkme) and/or Test/QA (linkme)\n\n\n\n\nVery Preferred: \nThese experiences are also not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Experience running and securing untrusted, 3rd-party workloads.\n\n* Experience with kernel security and hardening containers and orchestrators. Tools such as distroless, gVisor, kata-containers and SELinux, AppArmor, and seccomp more broadly as well as kube-bench and Polaris.\n\n* Experience with PKI management\n\n\n


See more jobs at NS8

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

vast limits


closed

Security Engineer Windows Endpoints


vast limits


This job post is closed and the position is probably filled. Please do not apply.
\nWir sind eine erfolgreiche Softwarefirma, die organisch weiter wachsen möchte. Wir sind inhabergeführt, nicht fremdfinanziert und haben spannende Unternehmenskunden in über 30 Ländern.\n\nWir sind der Überzeugung, dass Micromanagement tödlich ist für Kreativität und Produktivität. Wir bieten eine offene Arbeitskultur, in der die Mitarbeiter ihren Arbeitsort frei wählen können und sich den Tag selbst einteilen.\n\nWir entwickeln Software für die Unternehmens-IT, weil wir den Markt kennen und die Bedürfnisse von Fachabteilungen und Mitarbeitern verstehen. Wir wissen, wie IT-Profis arbeiten und welche Werkzeuge sie verwenden. Wir wissen auch, wie komplex ein großer Teil der Unternehmenssoftware ist. Wir wollen dazu beitragen, dass sich das ändert.\n\nUnser Produkt uberAgent bietet tiefe Einsichten in User Experience und Security von physischen PCs und virtuellen Desktops. Mit Hilfe dieser Informationen optimieren unsere Kunden die Geschwindigkeit, Sicherheit und Stabilität der Endgeräte ihrer Mitarbeiter.\n\nDie Kombination aus einfacher Bedienung und wertvollen Metriken macht uberAgent zu einem Produkt, mit dem sehr gerne gearbeitet wird. Insofern passt es perfekt zu Splunk, einer leistungsfähigen und gleichzeitig benutzerfreundlichen Big Data-Plattform, die von uberAgent für Datenspeicherung und -visualisierung verwendet wird.\n\nDeine Aufgaben\n\nWir leben Qualität. Zusammen mit Deinen Kollegen bietest Du Kunden und Partnern Betreuung auf höchstem Niveau bei allen technischen und vertrieblichen Fragen.\n\nDies umfasst:\n\n\n* Kontakt zu Partnern halten\n\n* Webinare für Interessenten durchführen\n\n* Technische und vertriebliche Anfragen bearbeiten\n\n* Vorträge auf Konferenzen halten\n\n* Blog- und KB-Artikel verfassen\n\n* Unsere Entwickler unterstützen\n\n\n\n\nDas wünschen wir uns\n\nDie einzigen Qualifikationen, die uns wirklich wichtig sind, sind der Drang, das bestmögliche Resultat zu erzielen und der Wunsch, jeden Tag etwas dazuzulernen.\n\nDaneben erwarten wir:\n\n\n* Langjährige Erfahrung mit Security in großen Unternehmen\n\n* Sehr gute Kenntnisse in Windows-Interna\n\n* Eigenständiges Arbeiten\n\n* Hang zur Perfektion\n\n* Sehr gute Deutsch- und Englischkenntnisse\n\n* Hauptwohnsitz in Deutschland\n\n\n\n\nZusätzlich freuen wir uns über:\n\n\n* Gute Kenntnis eines oder mehrerer SIEMs (z.B. Splunk)\n\n* Erfahrung mit Pentesting, Hacking, Threat Hunting\n\n* Erfahrung mit Automatisierung, Skripting, Programmierung\n\n* Community-Engagement, Bloggen (bitte schicke uns Links)\n\n\n


See more jobs at vast limits

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Mastery Logistics Systems


closed

Security Engineer


Mastery Logistics Systems


This job post is closed and the position is probably filled. Please do not apply.
\nAbout the Role\n\nThe transportation industry has no shortage of complex problems requiring creative solutions to scale efficiently. Enterprise grade security is at the foundation of everything we do.  Mastery’s security team is dedicated to keeping our customer data safe. \n\nResponsibilities:\n\n\n* Partner with engineering and operations teams to provide security at every layer of the software development life cycle\n\n* Design, implement, and operate a highly automated and scalable vulnerability management program\n\n* Work with vendors to select and implement new security technologies\n\n* Conduct internal risk assessments and develop mitigation strategies\n\n* Work directly with the compliance team to implement controls that align with industry standard frameworks\n\n* Author policies, processes, and standards\n\n\n\n\nRequirements:\n\n\n* 3+ years of practical experience in an information security role\n\n* Strong written and verbal communication skills\n\n* Excellent analytical, decision-making, and problem solving skills\n\n* Preferred AWS, Azure, GCP cloud computing experience\n\n* Understanding of basic networking, hosting, and containerization technologies\n\n* CISA, CISM, CISSP, or GIAC certifications a plus\n\n\n\n\n\nBenefits\n\nMastery takes great pride in providing our employees a robust and highly competitive benefit package. Our benefits include Medical, Dental and Vision insurance covering 90% of premium costs. Company paid life insurance for 1x salary. Legal, AD&D, Additional Life and other employee assistance benefits. We have a 401k savings plan with a 4% match. We provide opportunities for professional growth and development. We fully support our work from home initiative as we do our part to combat the Covid 19 crisis. We have a manage your life and schedule Paid Time Off program. We are fully devoted to finding creative perks and benefits since we cannot currently enjoy our cool office culture. Our philanthropic partner is St. Jude Children’s Research Hospital.\n\n\nWe are an equal opportunity employer and actively seek a diverse community of professionals. Veterans, Women, non-binary, people of color, LGBTQIA, we welcome all to apply!


See more jobs at Mastery Logistics Systems

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

TaxJar


verified closed

Security Engineer


TaxJar


This job post is closed and the position is probably filled. Please do not apply.
\nTaxJar is the leading technology solution for busy eCommerce sellers to manage sales tax and is trusted by more than 20,000 businesses. \n\nWe know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To achieve this, we provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, award-winning place to work. We have many different backgrounds and lifestyles, and everything we do is guided by our core values:\n\n\n* We do the right thing for our customers\n\n* We're a team, built on trust\n\n* We're proud to be remote\n\n* We're in control of our own destiny\n\n\n\n\n\nWe’re a happy team and we all really love what we do. We’re fast-growing, fully-distributed, talented, and driven. We live all across the US, working from our homes, local libraries, co-working spaces, airstreams - pretty much anywhere we can and do accomplish great work. We've created a space where high-achievers can succeed, but are also safe to fail. We're profitable and focused on growing TaxJar sustainably, and we believe a diverse team can create better solutions for our customers.\n\nWe’re looking for people who:\n\n\n* Are based in the US\n\n* Value working remotely\n\n* Excel at communication and collaboration\n\n* Highly value working with people they like and respect\n\n* Are open and accountable\n\n* Are confident with their skills and who love being part of a team (we’re peers here, no egos please) but are also comfortable working asynchronously\n\n* Want to make a positive impact at TaxJar and who aren’t afraid to fail\n\n\n\n\n\nTaxJar is looking for an exceptional and highly skilled Security Engineer who lives by TaxJar’s values and has a demonstrated track record of securing the SDLC process. TaxJar’s Security Team is responsible for partnering with Engineering teams to build and deploy secure products for our customers. This involves maturing the Secure Development Lifecycle, training developers in secure practices, working with our Operations team to scale and automate security, and innovating new ways to help developers secure themselves.\n\nAs a Security  Engineer for TaxJar you will:\n\n\n* Proactively perform security assessments and reviews (threat models/code reviews/pentests) against TaxJar’s products and services.\n\n* Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications\n\n* Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities\n\n* Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)\n\n* Be responsible for the Identity access management (IAM) for all users and roles in AWS\n\n* Integrate security best practices into the SDLC process and the CI/CD pipeline\n\n* Act as a technical leader for the security team and work with engineering teams to improve security practices\n\n* Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened\n\n* Perform security reviews of the architecture\n\n* Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls\n\n\n\n\n\nRequirements:\n\n\n* 4-6 years of experience in Application/Product Security preferably in SaaS\n\n* 2-4 years of experience within Cloud Security in AWS\n\n* Strong understanding  of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices\n\n* Pentesting, threat modeling, and architecture review experience\n\n* Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.\n\n* Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must\n\n* Working knowledge of the OWASP Top 10 security risks and remediation techniques\n\n* Previous programming experience in languages such as Python, Ruby, or Elixir\n\n* Experience with operating systems and hardening (Linux, OS X, and Windows) a plus\n\n* Knowledge of container security such as Docker and Kubernetes a plus\n\n* Certifications such as CISSP, GSEC, CEH or CISM highly desired\n\n* Agile, humble, trustworthy, and a team player\n\n\n\n\n\nBenefits:\n\n\n* Excellent health, vision and dental benefits\n\n* Flexible vacation\n\n* Company holidays, plus mandatory Birthday holiday\n\n* 12 weeks paid parental leave for all employees\n\n* 4 hours volunteer time per month\n\n* Biannual all-company in person summits (paid for by us, of course!)\n\n* $250 Home office stipend\n\n* 401k Plan\n\n* Equity in a profitable company\n\n* Monthly perks reimbursement ($100 a month to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)\n\n\n\n\n\n\nPlease visit www.TaxJar.com/jobs for a full list of our amazing benefits for full-time employees, and to learn more about our values and how we work. You can learn more about our hiring process here.\n\nIf you send us a referral for someone who may be a great candidate for this role, we'll pay you $1,000 if we hire them. To refer someone, please email their full name to [email protected] and add “Candidate Referral - [Job Title]” to the subject line once the individual has applied for a role.


See more jobs at TaxJar

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Carve Systems


closed

Software Deconstruction Engineer Aka. InfoSec Consultant


Carve Systems


consulting

 

dev

 

consulting

 

dev

 
This job post is closed and the position is probably filled. Please do not apply.
\nUpdate April 2020: If you are interested in what you read below, please apply and we'll get you started on the process. The process starts with a technical puzzle that should take around an hour and will give you an idea of exactly what we mean by software deconstruction. Got questions? You'll get a short intro call right after the puzzle. This is the best place to raise any questions you might have. Carve just hired someone and we are anticipating a late-summer, early-fall 2020 opportunity for the next great candidate. If you are a great candidate and have a different schedule we can talk about that right up front. Thanks ...the Carve team.\n\nThis job is only listed on Stack Overflow: https://stackoverflow.com/jobs/268907/software-deconstruction-engineer-aka-infosec-carve-systems\n\nWhat's the job?\n\n\n* Information security consulting: assessing the security of software and hardware systems.\n\n* Understanding how systems are built and learning how to break them.\n\n* Working with our experienced team on short-to-medium term engagements.\n\n\n\n\nWhat would you do?\n\nEvery two to three weeks you'll get a new project to work on. A typical project will involve:\n\n\n* Recon: Digging into the functionality, design, and implementation of the software system or device.\n\n* Probing: Searching for implementation weaknesses which could indicate a security issue. This is a combination of tools that we use, tools that we build, and manual probing. For device projects this can include firmware extraction, analysis, and hardware interfacing.\n\n* Extending: Now that you've found a weakness... how far can you extend your access into the system?\n\n* Writing: Now that you've hacked your way in you'll need to write-up your findings and work with the developers to make sure they understand what the problem is and how to fix it.\n\n\n\n\nIf you enjoy puzzles and technical variety you'll find this job very enjoyable.\n\nWho are we looking for?\n\n\n* You do not need to have information security experience. If you've got the right technical background and problem solving skills we can train you in the dark arts of infosec.\n\n* People who enjoy writing code, solving problems with code, and learning how computers work at a fundamental level.\n\n* This is not a "travel every week" type of consultant. We do sometimes work at a client site but most of the time we do our projects remotely.\n\n\n\n\nWe’re hiring for all experience levels: from zero career experience to information security veterans.\n\nSkills & Requirements\n\n\n* Deep experience in software and computers. You may have earned this experience with a degree, career as a software developer, or perhaps you've invested in a technical hobby that took you deep into the rabbit hole.\n\n* Technical writing skills (English)\n\n* Resident of the USA and able to be employed in the USA.\n\n\n\n\nWe encourage remote candidates to reply *if* they are residents of the USA.


See more jobs at Carve Systems

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Shogun Labs


closed

Security Engineer


Shogun Labs


This job post is closed and the position is probably filled. Please do not apply.
\nWe Are…\n\nShogun, and we're on a mission to help people create the best eCommerce experiences in the world.\n\nWe were in the Winter 2018 batch of Y-Combinator, we just raised a Series A investment, we have over 14,000 active paying clients, and we're preparing to launch a new product in 2020 (you can read more in TechCrunch).\n\nOur teams are fully distributed and global (check out our team page)! We have no office, so we are looking for team members that are comfortable with and motivated by the opportunity to work remotely.\n\n\n\nYou Are…\n\nA self-motivated and passionate Ruby Engineer looking to join our engineering team and help secure our applications and cloud infrastructure.\n\nWe're looking for a talented programmer who is interested in security and eager to help resolve vulnerabilities as they arise, build security processes and tooling, and investigate threats.\n\n\nIn This Role You Will...\n\n\n* Learn from your teammates and help other engineers develop more secure software via design input and code review.\n\n* Contribute to the implementation of secure development practices.\n\n* Resolve security vulnerabilities in the application layer, including those reported through our bug bounty program at Federacy.\n\n* Deliver well-engineered, scalable solutions that improve our defense-in-depth.\n\n* Author and implement an information security policy.\n\n\n\n\n\n\nYou Have...\n\n\n* 5+ years software engineering experience.\n\n* 3+ years of Ruby on Rails, including security responsibilities.\n\n* Proven knowledge of authentication and authorization.\n\n\n\n\n\n\nNice-to-Haves...\n\n\n* Experience with Go, Javascript, MongoDB, and/or Redis.\n\n* Experience securing a cloud platform (AWS, GCP, Azure, etc.).\n\n* Clear and precise written and interpersonal communication skills.\n\n* Effective time management and organizational skills.\n\n* Penetration and vulnerability testing experience.\n\n\n\n\n\n\nWe Offer\n\n\n* Competitive salary\n\n* Benefits (vary by location)\n\n* A highly skilled and dedicated team that is fun to work with.\n\n* Remote work – We are a fully distributed team that works from anywhere with good internet. (+13 countries just on the engineering team!)\n\n* Occasionally, we hire on a full time contractor basis to begin with. Team members enjoy the same opportunities for great compensation, full time positions, and consideration, regardless of location.\n\n\n\n\n\n\nTry Out Shogun\n\nIf you want, you can use Shogun to get a feel for the product. We'd love to hear what you think. Here is how:\n\n* Create a Shopify Developer Account: https://developers.shopify.com\n\n* Create a development store: https://help.shopify.com/en/partners/dashboard/development-stores\n\n* Install Shogun on your development store: https://apps.shopify.com/shogun\n\n* Create a couple of pages. We will take a look.\n\n \n\n\n\nShogun supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity/expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical or mental disability, or any other protected class


See more jobs at Shogun Labs

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Numbrs


closed

Security Engineer


Numbrs


This job post is closed and the position is probably filled. Please do not apply.
\nNumbrs is reshaping the future of the workplace. We are a fully remote company, at which every employee is free to live and work wherever they want.\n\nNumbrs was founded with the vision to revolutionise banking. Therefore from day one Numbrs has always been a technology company, which is driven by a strong entrepreneurial spirit and the urge to innovate. We live and embrace technology.\n\nAt Numbrs, our engineers don’t just develop things – we have an impact. We change the way how people are managing their finances by building the best products and services for our users.\n\nNumbrs engineers are innovators, problem-solvers, and hard-workers who are building solutions in big data, mobile technology and much more. We look for professional, highly skilled engineers who evolve, adapt to change and thrive in a fast-paced, value-driven environment.\n\nJoin our dedicated technology team that builds massively scalable systems, designs low latency architecture solutions and leverages machine learning technology to turn financial data into action. Want to push the limit of personal finance management? Join Numbrs.\n\nJob Description\n\nYou are responsible for planning, developing, and monitoring all information security aspects of the organisation and our large scale micro-service based distributed systems. From establishing security policies, implementing active defense-in-depth strategies, to conducting reviews of software and infrastructure, you are leading a security-first organisation without compromise. You enjoy learning new things and keep yourself up to date on the latest security threats and defenses. You are a great teammate who thrives in a dynamic environment with rapidly changing priorities.\n\nAll candidates will have\n\n\n* a Bachelor's or higher degree in a technical field of study or equivalent work experience\n\n* a minimum of 3 years security work experience\n\n* experience in establishing organisation wide security policies and procedures in a regulated environment\n\n* experience in penetration testing web-based apps, mobile apps and back-end infrastructure\n\n* experience implementing modern crypto systems and securing sensitive data in motion and at rest\n\n* experience in security auditing of back-end distributed systems and infrastructure\n\n* good knowledge of at least one modern programming language, such as Go, Java, C++, or Python\n\n* hands-on experience with performing code and design reviews\n\n* excellent troubleshooting and creative problem-solving abilities\n\n* excellent interpersonal skills, English written and oral communication\n\n\n\n\nIdeally, candidates will also have\n\n\n* experience with the management of personal data according to the GDPR\n\n* hands-on experience in securing and monitoring Amazon Web Services infrastructure\n\n* good understanding of modern authorisation protocols like OAuth2 and OpenID Connect\n\n* good German written and oral communication skills\n\n\n\n\nLocation: Remote


See more jobs at Numbrs

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Clevertech


closed

Systems Security Engineer


Clevertech


This job post is closed and the position is probably filled. Please do not apply.
\nWe know that during this time there are concerns around the actuality of hiring needs, we want to assure you that this job is posted for a need that we are eagerly looking to fill. We would love to see your application! Clevertech is a leading consultancy that is on a mission to build transformational digital solutions for the world’s most innovative organizations. Enterprise companies turn to Clevertech to help them launch innovative digital products that interact with hundreds of millions of customers, transactions, and data points.\n\nRequirements\n\n\n* Experience securing data including platform, AWS, installable, back office\n\n* 7+ years experience with network and data security\n\n* CISSP or other industry certification is a plus\n\n* Clearly communicate complex concepts verbally in English\n\n\n\n\nOur Benefits\n\nWe know that people do their best work when they’re taken care of. So we make sure to offer great benefits.\n\n\n* Competitive Vacation Package\n\n* Annual Financial Allowance for YOUR development\n\n* Flexible Family Leave\n\n* Clevertech Gives Back Program\n\n* Clevertech U (Leadership Program, Habit Building, New Skills Training)\n\n* Clevertech Swag\n\n* Strong Clevertech Community\n\n\n\n\nHow We Work\n\nAre you curious about what it's like to work at Clevertech? Check out our YouTube channel  to hear directly from Clevertech developers.\n\nPeople join Clevertech to make an impact. To grow themselves. To be surrounded by developers who they can learn from. We've found that innovation comes from an exchange of knowledge across all of our teams. To put people on the path for success, we nurture a culture built on trust, collaboration, and personal growth. You will work in small feature-based cross-functional teams and be empowered to take ownership. We make a point of constantly evolving our experience and skills. We value diverse perspectives and fostering personal growth by challenging everyone to push beyond our comfort level and try something new. The result? Meaningful work. Getting Hired\n\nWe hire people from a variety of backgrounds who are respectful, collaborative, and introspective. Members of the tech team, for example, come from diverse backgrounds having worked as copy editors, graphic designers, and photographers prior to joining Clevertech. Our hiring process focuses not only on your skills but also on your professional and personal ambitions. We want to get to know you. We put a lot of thought into the interview process in order to get a holistic understanding of you while being mindful of your time. You will solve problems derived from the work we do on a daily basis followed by thoughtful discussions around potential fit. Whatever the outcome, we want you to have a great candidate experience.\n\nAPPLY FOR THIS POSITION


See more jobs at Clevertech

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

CrowdStrike


closed

Engineering Manager Cloud Security


CrowdStrike


exec

 

cloud

 

exec

 

cloud

 
This job post is closed and the position is probably filled. Please do not apply.
\nAbout the Role\n\nCrowdStrike is seeking a Senior Manager, SecOps Engineering.  This critical role in the organization will be responsible for leading one or more key areas of the cloud platform. You will help drive and deliver on the technical strategy and roadmap. CrowdStrike is growing rapidly and you will be instrumental in the hiring, retaining and growth of our world class engineers. You will work cross functionally with your peers in the engineering organization as well as leaders in sales and product. We are a remote first company so you must bring your excellent verbal and written communication skills to bear when you are working with your engineering teams and cross functional teams across the globe.\n\nWhat you will need\n\n\n* MS in Computer Science or related field, or equivalent work experience\n\n* Experience in Golang and/or container and container orchestration technologies\n\n* Demonstrated track record of building a strong core engineering team and engineering team management\n\n* 10+ years of software engineering experience in all phases of a software development lifecycle\n\n* 1+ years of hands-on management experience leading engineering teams \n\n* Experience with shipping high quality software in a cloud environments\n\n* Solid grounding in the technology of at least one cloud environment (AWS, Azure, GCP)\n\n* Broad grounding in all aspects of distributed systems development: understanding of distributed systems concepts, authN/Z (OAuth2, etc.) and API development\n\n* Solid design and problem solving skills with demonstrated passion for engineering excellence, quality, security and performance\n\n* Strong cross-group collaboration and interpersonal communication skills working with a variety of roles including engineering, product management, support and sales engineering\n\n* Demonstrated ability to attract and hire talent and grow the team rapidly\n\n* Experience working with remote teams and individuals while ensuring agility and code velocity\n\n* Ability to communicate and articulate crisply at all levels from executive staff to engineers\n\n* Broad general knowledge of the high-technology industry gained in larger enterprise software environments enhanced by ongoing awareness of R&D practices/technology advances\n\n\n\n\nBonus Points\n\n\n* Experience with hybrid cloud environments\n\n* Exposure to/experience with cybersecurity and intelligence.\n\n\n


See more jobs at CrowdStrike

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Fidel


closed
Lisbon

Senior Security Engineer


Fidel

Lisbon

senior

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nFidel’s mission is to democratize access to financial data globally so that consumers are in control of their data. Our technology makes transactional data accessible through a single access point for global businesses like Avios, Klarna and the Royal Bank of Canada. We have a record of fast growth and our key investors include Horizon Ventures and Innovate UK.\n\n\nWe recently closed our Series A round, raising $18M from top-tier VCs, including Nyca Partners and QED Investors. We currently have offices in London and Lisbon — and we’re only getting started.\n\n\nIn this exciting period of growth, both within the UK and internationally, we are now looking for an experienced Senior Security Engineer who wants to be part of this journey.\n\n\n\n\nWhat you’ll do:\n\n\n* Identify and define system security requirements;\n* Prepare and document standard operating procedures and protocols;\n* Configure and troubleshoot security infrastructure devices;\n* Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks;\n* Ensure that the company knows as much as possible, as quickly as possible about security incidents;\n* Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement;\n\n\n\n \n\n#Salary and compensation\n - /year\n\n\n#Location\nLisbon


See more jobs at Fidel

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SemanticBits


closed

Security Engineer


SemanticBits


This job post is closed and the position is probably filled. Please do not apply.
\nSemanticBits is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.\n\nThe selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.\n\nResponsibilities:\n\n\n* Collaborating with various teams to secure new platforms/applications\n\n* Implementing platform security and framework improvements\n\n* Implementing analysis and monitoring tools\n\n* Working with engineering and QA teams to build tools and scale security in a continuous deployment environment\n\n* Assessing the security of applications, APIs, and platforms via penetration testing and code reviews\n\n* Document System Security plan and Contingency Plans for related projects\n\n\n\n\nRequired Qualifications:\n\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience\n\n* At least 5 years of experience in the following;\n\n\n\n* NIST 800-53 security controls\n\n* Penetration Testing\n\n* System Hardening (blue team)\n\n* Programming/Scripting (java, node, python, etc)\n\n* Incident Response\n\n\n\n* Strong knowledge to perform below tests:\n\n\n\n* Penetration testing\n\n\n\n* Static Analysis/Static Application Security Testing\n\n* Vulnerability Assessment/Scanning\n\n* Dynamic Analysis/Dynamic Application Security Test (DAST)\n\n* Malicious Software Analysis\n\n\n\n\n\n* Strong foundation in one or more of the following:\n\n\n\n* Data management security\n\n* Authentication\n\n* Applied cryptography\n\n* Linux security\n\n* Network & Cloud security\n\n\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardware\n\n* Understanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n\n\n\nOne or more of the following certifications is preferred;\n\nOSCP, OSCE, OSWE, CISSP, GPEN, GXPN \n\nNice to Have: \n\n\n* Strong engineering background \n\n* Application architecture experience \n\n* Experience working in the healthcare industry\n\n* Federal Government contracting work experience\n\n* Prior experience working remotely full-time\n\n\n\n\nPhysical and emotional requirements for the job:\n\nThis position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations. \n\n\n\n\n\nBenefits:\n\n\n* Generous base salary\n\n* Three weeks of PTO\n\n* Excellent health benefits program (Medical, dental and vision)\n\n* 401k retirement plan. We contribute 3% of base salary irrespective of employee's contribution\n\n* 100% paid short-term and long-term disability\n\n* 100% paid life insurance\n\n* FSA\n\n* Casual working environment\n\n* Flexible office hours\n\n* New laptop (Mac or PC - your choice)\n\n\n\n\nSemanticBits, LLC is an equal opportunity, affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law. We are also a veteran-friendly employer.


See more jobs at SemanticBits

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Loadsmart

 This job is getting a relatively high amount of applications currently (14% of viewers clicked Apply)

closed

Security Engineer  This job is getting a relatively high amount of applications currently (14% of viewers clicked Apply)


Loadsmart


This job post is closed and the position is probably filled. Please do not apply.
\nWho we are: Loadsmart aims to move more with less. We combine great people and innovative technology to more efficiently move freight throughout North America. Our focus is on designing and building the best tools for our team and our customers, using machine learning algorithms to connect cargo with trucks. By better matching supply and demand, we reduce wasted fuel and lost time, cutting out empty miles for motor carriers and providing instant booking for shippers. \n\nWho you are: You believe in game-changing innovations and are excited about reimaging a 700 billion dollar industry.  You take your impact seriously. You are passionate about building solutions that create sustainable, resilient, long-lasting value. You are a first-rate site reliability engineer, with experience and a proven ability to think about deploying software development projects.\n\nThe role: We are looking for a Security Engineer to work remotely based in Brazil or in Florianopolis with Loadsmart. You need to be obsessed about security, both technical and non technical aspects of it. You should have experience and proven ability to analyze, propose and implement safer systems and processes.\n\nKey Responsibilities:\n\n\n* Take a leadership role in driving internal security projects.\n\n* Do regular risk assessment over important assets of the company.\n\n* Build security plans, coordinate among involved people and execute.\n\n* Do regular security tests and code reviews to look for possible threats.\n\n* Assess security aspects of new architectural proposals.\n\n* Analyze non software security threats.\n\n* Document operational procedures and protocols regarding security. \n\n* Maintain disaster recovery plans and train staff on security procedures.\n\n* Generate security reports whenever needed.\n\n\n\n\n Qualifications:\n\n\n* Proved experience as a security engineer or related\n\n* Advanced Linux and networking experience\n\n* Programming experience with Python and at least one more programming language\n\n* Experience with AWS\n\n* Experience with relational databases (PostgreSQL) or columnar databases (Vertica, Redshift, Greenplum) a plus\n\n* Good communication and project management skills\n\n* BS or MS in Computer Science or related field\n\n\n


See more jobs at Loadsmart

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

IOVLABS


closed

Applications Security Engineer


IOVLABS


This job post is closed and the position is probably filled. Please do not apply.
\nWe are seeking a Security Engineer !\n\nWe’re looking for a person who is passionate, analytical, and hard-working, with an interest in cryptocurrencies and the blockchain ecosystem. \n\nAs part of our IOV Labs Security Team, you will help to research attacks and defense techniques and develop innovative tools to help automate detection and response tasks. You will also work in close collaboration with internal development teams to develop new capabilities to improve the security of web and decentralized applications, its users, and the company's infrastructure. We’re looking for an offensive security engineer who wants to challenge themselves on the defensive side of the table.\n\nMain Responsibilities:\n\n\n* Develop and deploy security tools, monitoring, and detection infrastructure.\n\n* Investigate security incidents.\n\n* Conduct research on attack techniques to better predict and prevent future attacks.\n\n* Interact with internal teams, contribute to the secure design of new products and features.\n\n* Review source code for security weaknesses.\n\n\n\n\nExperience & Skills Required\n\n\n* Significant experience in application and network security.\n\n* Knowledge of Java, Python, Javascript, Go.\n\n\n\n\nOther Desired Skills\n\n\n* Experience with cryptocurrency networks\n\n* Knowledge of C/C++, Rust.\n\n* Experience with virtual and containerized environments\n\n* Experience conducting vulnerability research\n\n* Experience mitigating network attacks\n\n* Experience in incident detection, incident response, and forensics\n\n\n\n\nType\n\n\n* Full time & remote !!\n\n\n\n\n Join our team to be part of the next technological revolution and help us build the Internet of the Future.


See more jobs at IOVLABS

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Open-Xchange


closed

Platform Security Engineer EU


Open-Xchange


This job post is closed and the position is probably filled. Please do not apply.
\nThis position will support our SaaS email platform, providing service to large customers for tens of millions of end users.Core competencies required include platform security, automated deployment, virtualization and internet protocols. You will be expected to provide quick resolution of difficult technical problems. This position will also be responsible for major contributions to technical architecture, documentation and systems project management. \n\nWe can only employ people from the following countries: Germany, Austria, Netherlands, Finland, Italy, Spain, and France.\n\n\n Your key responsibilities / Your passion\n\n\n* Review and evaluate current security standards based upon best practices and latest technologies\n\n* Server configuration and management using IaC (Terraform, Ansible, Chef)\n\n* Define and implement platform architecture and binding security concepts/policies at a deeply technical level both internally and externally\n\n* Ensure the security requirements of our customers and that the requirements for our security certifications (ISO 27001) are met and documented correctly\n\n*  Assist with an overall security concept for our container platform approach\n\n* Work closely together with our platform architecture experts, with a particular focus on the security of the platform\n\n* Assit in providing security related feedback for mission-critical software such as Dovecot, LDAP, Galera, Cassandra, OX AppSuite with a particular focus on hardening\n\n* Prepare system security reports by collecting, analyzing, and summarizing data and trends\n\n* Maintain security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs\n\n* Document architecture and essential function methodologies\n\n* Collaboration with global operations teams\n\n\n\n\n\n \n Your background / What you bring to the table\n\n\n* Bachelor or master degree in computer science or comparable +10 years job experience\n\n* 3+ years experience in the area of Operations security\n\n* 8+ years experience working with Linux\n\n* Strong experience with configuring, validating and securing environments utilizing firewalls and iptables\n\n* Experience and understanding of hardening Linux-based environments with heterogenous applications\n\n* Knowledge of Internet, authentication, and authorization protocols (HTTP, LDAP, SAML, OAuth/Openid Connect), Privileged Identity Management, Identity Federation\n\n* Knowledge of symmetric and asymmetric encryption technologies, including concepts such as Forward Secrecy, Padding Modes, Elliptic Curves\n\n* Strong Experience with Linux kernel tuning, TCP/IP, Mcast and strong networking fundamentals\n\n* Experience with configuring and operating a Host-based IDS such as OSSEC across a large platform\n\n* Deep understanding of encryption technologies, including keeping cipher suite configurations up-to-date at the OS and application level\n\n* Experience with security incident response\n\n* Solid understanding of networking concepts: the OSI model, TCP, IP, routing, firewalls, load balancers\n\n* Interest in learning new technologies and working with proof of concepts to promote new technologies\n\n* Excellent written and verbal communication skills; willingness to present technical information to a group\n\n* Understanding of multi-tiered applications\n\n* Experience with logging technologies such as Graylog, ELK stack, or Splunk\n\n* Design operation concepts, implementation of IaC automation and provide documentation \n\n* Lead and assist in areas of technical innovations and security improvements\n\n* Some domestic and international travel will be required\n\n\n\n\n\n Our offer to you\n\n\n* Exciting work on a modern open-source cloud software in an internationally operating company\n\n* Plenty of scope for your own ideas and design decisions\n\n* Flexible working hours and the ability to work from home\n\n* Equipped with the up-to-date hardware\n\n* Trainings and continuous personal development\n\n* Flat hierarchies with an "Open Door" philosophy\n\n\n


See more jobs at Open-Xchange

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Auth0


closed

Software Engineering Manager Product Security


Auth0


product manager

 

dev

 

product manager

 

dev

 

exec

This job post is closed and the position is probably filled. Please do not apply.
\nAuth0 is a pre-IPO unicorn. We are growing rapidly and looking for exceptional new team members to add to our teams and will help take us to the next level. One team, one score. \n\nWe never compromise on identity. You should never compromise yours either. We want you to bring your whole self to Auth0. If you’re passionate, practice radical transparency to build trust and respect, and thrive when you’re collaborating, experimenting and learning – this may be your ideal work environment.  We are looking for team members that want to help us build upon what we have accomplished so far and make it better every day.  N+1 > N.\n\nAuth0 is a security company and Auth0's Security organization is in the privileged position of supporting a security-first culture for a company that wants to make the Internet safer. The Product Security team mission is to ensure that Auth0 products are as secure as our customers trust them to be. We partner closely with our Engineering and Product teams to embed security into every stage of the product life cycle.\n\nWe are looking for a Software Engineering Manager with a passion for both building and breaking things to solve security problems in partnership with our Engineering teams. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis.\n\nIn this role you will:\n\n\n\n\n* Mentor and develop your team of security engineers by supporting their goal setting and career growth.\n\n* Foster a collaborative culture between Security and Product Delivery teams.\n\n* Work in partnership with other engineering and product managers to improve security posture of Auth0 products and systems.\n\n* Work to build defensive controls using early software lifecycle tools and techniques.\n\n\n\n\n\n\nOur ideal candidate will have:\n\n\n\n\n* Experience in people management and technical leadership roles.\n\n* Significant past experience in security or software engineering.\n\n* Strong understanding of Web application security.\n\n* Familiarity with secure development practices, security testing techniques, and threat modeling.\n\n* Ability to explain complex security issues and their impact to diverse audiences.\n\n\n\n\n\n\nAlso nice if you have:\n\n\n\n\n* Experience with identity protocols such as OpenID Connect or SAML.\n\n* Experience with JavaScript (Node.js) or Go development.\n\n\n\n\n\n\nYou can learn more about our hiring process here. Auth0’s mission is to help developers innovate faster. Every company is becoming a software company and developers are at the center of this shift. They need better tools and building blocks so they can stay focused on innovating. One of these building blocks is identity: authentication and authorization. That’s what we do. Our platform handles 2.5B logins per month for thousands of customers around the world. From indie makers to Fortune 500 companies, we can handle any use case.\n\nWe like to think that we are helping make the internet safer.  We have raised $210M to date and are growing quickly. Our team is spread across more than 35 countries and we are proud to continually be recognized as a great place to work. Culture is critical to us, and we are transparent about our vision and principles. \n\nJoin us on this journey to make developers more productive while making the internet safer!


See more jobs at Auth0

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

DHIS2


closed

Security Software Engineer


DHIS2


dev

 

dev

 
This job post is closed and the position is probably filled. Please do not apply.
\nAt DHIS 2 we are making a positive impact on the world. DHIS 2 software engineers develop a platform used to improve health care at a global scale. We work directly with end-users in order to understand how our system is being used. DHIS 2 developers work in small teams and have great impact on the product. We are seeking a security software engineer who is passionate about creating secure, reliable software systems.\n\nDHIS 2 is a web-based, open source data platform used by governments, international development agencies and NGOs in more than 90 countries worldwide. It is currently recognized as the world's most widely adopted e-health information platform. The system is used to improve access and use of information within health, education, sanitation, nutrition, disaster relief and other domains. The platform has become a global standard within international development and has a huge impact on the way health systems are being managed.\n\nDHIS 2 is changing the way developing countries and NGOs manage their health systems and programs through a world class data platform. We work on projects with global reach and scale, such as:\n\n\n* Disease surveillance and monitoring in collaboration with the Centers for Disease Control and Prevention (CDC). DHIS 2 is used to notify the right people about possible disease outbreaks so that action can be taken in time.\n\n\n\n\n\n* HIV/AIDS control in collaboration with PEPFAR, the largest initiative ever for combating a single disease. DHIS 2 is used to collect data and provide analytics and insights into how funding can be spent most effectively.\n\n\n\n\n\n* Health information management systems with more than 60 ministries of health worldwide, including South Africa, Tanzania, Ghana and Cambodia. DHIS 2 is used to collect and analyze data for areas such as service utilization, family planning and immunization.\n\n\n\n\n\n* Program monitoring and evaluation with more than 70 NGOs such as Medecins Sans Frontieres, Save the Children, and PSI. DHIS 2 is used to analyse the impact of programs, improve planning and guide resource utilization.\n\n\n\n\nAt DHIS 2 you will be specialize in building and maintaining a secure and reliable software platform. You will play a key role in the software design, implementation and testing, where you apply security thinking and best-practices to the process. You will advise, train and encourage fellow engineers to adopt secure software development practices, as well as writing source code on your own. The role encourages you to research and identify security flaws and attack vectors in the source code base, as well as ensuring these will be corrected. You will help defining and implementing an organization-wide security strategy.\n\nAt our team you will be part of the software design process and have great influence on the end product. We give you the vision and the challenge - you have the freedom to choose your own approach to problem solving. And of course, you can pick your hardware, tools and software of choice.\n\nOur platform is built API-first with an extensible app architecture. We do continuous delivery and short iterations. You can find our source code on GitHub. Check out the backend repository and a typical front-end app repository.\n\nTo learn more about how it is to work at DHIS 2, have a look at this video.\n\n\n\nSkills\n\n\n* Experience with secure software engineering practices.\n\n* Knowledge about application security risks including OWASP top 10.\n\n* Experience with Java development (Java 8) and Maven.\n\n* Experience with PostgreSQL, MySQL or other relational databases.\n\n* Working proficiency and communication skills in verbal and written English.\n\n\n\n\n\n\nNice-to-have skills\n\n\n* Relevant security certifications.\n\n* Work experience from similar role.\n\n\n\n\n\nLocation\n\nFor this position we accept both remote, partly remote and on-site work at our Oslo offices.


See more jobs at DHIS2

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

HashiCorp


closed

Test Infrastructure Engineer Security Products


HashiCorp


golang

 

testing

 

golang

 

testing

 
This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - Test Infrastructure Engineer, Security ProductsREMOTEAbout HashiCorpHashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks.  We build tools to ease these de...


See more jobs at HashiCorp

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

HashiCorp


closed

Senior Golang Engineer Security


HashiCorp


golang

 

senior

 

golang

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - About the RoleWe are looking for an experienced engineer to join the Vault team and focus on secure storing, sharing, creating, and handling of privileged systems management within Vault. You will help design, prototype, and implement core features while ensuring the...


See more jobs at HashiCorp

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Olo


closed

Senior Security Engineer Blue Team


Olo


senior

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nAt Olo we operate a digital food ordering platform used by many of the country’s largest restaurant chains, reaching millions of consumers. We take great pride in the reliability, security, and performance of our systems and services. We are looking for a talented security engineer with experience in a Blue Team role to help us fortify our defenses and protect the systems that enable hungry people to order their food quickly and securely.\n\nIn the role of Senior Security Engineer, you will design and implement the security defenses that enable our systems to keep running while protecting the data of our clients and their customers. \n\nYou can work at Olo’s headquarters on the 82nd floor of One World Trade Center or remotely from anywhere in the U.S. In fact, more than half of our team is remote!\n\n\nResponsibilities\n\n\n\n\n* Detect and defend against attacks by analyzing security-related events and alerts, and leading incident response, remediation and mitigation activities\n\n* Provide stakeholders with concise, detailed, and well-written incident reports, root causes identification, and remediation recommendations\n\n* Use experience and data gained during incident investigations to improve security posture\n\n* Provide management oversight for the identification, triage and response of events or incidents\n\n* Coordinate and track incident response activities with other teams and third parties. This includes remediations arising from Red Team tests and external penetration tests.\n\n* Perform non-event driven security reviews, including but not limited to patching, firewall rules, system configuration checks and vulnerability reports\n\n* Conduct Blue Team exercises and drills to evaluate and improve processes and technologies related to various controls including but not limited to threat detection, incident response, patching, remediation and user training.\n\n* Mature Blue Team exercises by leveraging recent breach reports, evolving threats and vulnerabilities\n\n* Execute Threat Hunts to proactively detect and mitigate advanced threats\n\n* Mature threat hunting through improved data analysis, additional data augmentation, creating custom toolsets and improving automation \n\n* Maintain and optimize various security technologies. This includes ongoing optimizations and implementing new or replacement security technologies as needed and automating security activities where feasible.\n\n* Deep collaboration with IT, Infrastructure and Development teams where security ownership and responsibilities are shared.\n\n* Ensure security policies and standards are understood and complied with\n\n* Educate and influence employees on security and coach junior team members\n\n* Work with PCI and SOC auditors to provide evidence of compliance\n\n* Assist with third party software and provider due diligence\n\n* Contribute to security policies and standards\n\n* Proactively identify and implement improvements to our tools and processes\n\n* Participate in a 24/7 on call rotation\n\n\n\n\n\n\nRequirements\n\n\n\n\n* Previous Blue Team, Security Operations or Security Engineering experience\n\n* Deep knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards\n\n* Proven experience developing and leading incident response, remediation and mitigation activities, and providing status updates and reports.\n\n* Adept at analyzing security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.\n\n* Deep understanding of operating system, networking and application concepts \n\n* Ability to harden Windows, MacOS and Linux and any underlying virtualization\n\n* Familiarity with AWS security best practices and Infrastructure-as-Code (e.g. Terraform, Ansible, CloudFormation or similar.)\n\n* Experience deploying, maintaining and administering security technologies including. (e.g. Anti-Malware, Intrusion Detection System (IDS), Data Leak Prevention (DLP), File Integrity Monitoring (FIM), Firewalls, Security Information and Event Monitoring (SIEM), Static Inspection, Multi Factor Authentication (MFA), Vulnerability Assessment, Web Proxies and Web Application Firewalls (WAF))\n\n* PCI and/or SOC compliance experience preferred\n\n* CISSP, GCIH, CEH, OSCP, or similar certification preferred\n\n* Scripting and/or development familiarity preferred\n\n* 5+ years of Information Technology experience with a focus on Security\n\n* Ability to work on-call, during critical incidents or to support coverage requirements\n\n* Strong English writing and verbal communication skills\n\n* Legally able to work in the U.S.\n\n\n\n\n\n\nCOVID-19 Impact\n\nOlo is committed to the well-being of candidates, employees and our community. The  Olo NYC Headquarters will be closed for the foreseeable future because of the global outbreak of COVID-19. While an in-person interview is typical for many roles at Olo, we will conduct interviews via video conferencing while our HQ is closed. Olo benefits from the fact that over half of our workforce is remote, therefore we are accustomed to conducting interviews via video conferencing and we anticipate no impact on our recruiting timelines. We encourage candidates to share any concerns or questions with Olo’s recruiting team.\n\nAbout Olo\n\nOlo powers digital ordering and delivery programs that connect restaurant brands to the on-demand world, placing orders directly into the restaurant through all order origination points – from a brand’s own website or app, third party marketplaces, social media platforms, smart speakers, and home assistants. Olo serves as the on-demand ordering and delivery platform for over 300 brands, such as Applebee’s, Checkers & Rally’s, Cheesecake Factory, Chili’s, Dairy Queen, Denny’s, Five Guys Burgers & Fries, Jamba Juice, Noodles & Company, Portillo’s Hot Dogs, Shake Shack, sweetgreen, Wingstop, and more. Learn more at www.olo.com. Olo's headquarters is located on the 82nd floor of One World Trade Center.  We offer great benefits, such as 20 days of Paid Time Off, fully paid health, dental and vision care premiums, stock options, a generous parental leave plan, and perks like FitBits, rotating craft beers on tap in our kitchen, and food events featuring our clients' menu items (now you know why we give out FitBits!). Check out our culture map:https://www.olo.com/images/culture.jpg.\n\nWe encourage you to apply! \n\nAt Olo, we know a diverse and inclusive team not only makes our products better, but our workplace better. Many groups are consistently underrepresented across the tech sector and we are fully committed to doing our part to move the needle.  Olo is an equal opportunity employer and diversity is highly valued at our company. All applicants receive consideration for employment. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, pregnancy, age, marital status, veteran status, or disability status. If you like what you read, hear, and/or know about Olo, and want to be a part of our team, please do not hesitate to apply! We are excited to hear from you!


See more jobs at Olo

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Jack Henry & Associates .


closed

Senior Cloud Security Engineer


Jack Henry & Associates .


cloud

 

senior

 

cloud

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nJob Description\n\nJack Henry & Associates, a leading provider of technology solutions and payment processing services primarily for the financial services industry; is hiring a Senior Cloud Security Engineer to join our Security Engineering department. As a Senior Cloud Security Engineer you’ll work in close collaboration with Jack Henry architecture and security teams to design and build security systems that support Jack Henry’s public and private cloud strategies. Areas of particular focus will include cloud security posture management, cloud workload protection, network security, and application security. \n\nThis position can be based to work out of any of the following Jack Henry office locations: Springfield, MO (Primrose), Monett, MO, Allen, TX or Lenexa, KS, or be 100% remote from any US location.\n\nMINIMUM QUALIFICATIONS\n\n\n* Associate’s Degree\n\n* CCSP (Certified Cloud Security Professional)\n\n* Must have a minimum of 6 years of experience in a combination of any of the following areas: information security, systems engineering, application development, or cloud management\n\n* Must be able to travel up to 5% for occasional team meetings or conferences\n\n\n\n\nPREFERRED QUALIFICATIONS\n\n\n* Bachelor’s degree. \n\n* CISSP or GSEC certifications\n\n\n\n\nESSENTIAL FUNCTIONS\n\n\n* Design security solutions that maintain security and compliance within public cloud while ensuring alignment of technology to business strategy.\n\n* Develop and understand JHA’s public cloud strategic roadmap.\n\n* Participate and collaborate in project level architecture reviews and vendor selection recommendations.\n\n* Assist in creating security architecture documentation based on specifications.\n\n* Review security design to discover any errors or confirm the design meets required specifications.\n\n* Maintains an awareness and understanding of industry developments and provides ideas for innovation and improvement in order to maintain current service designs value.\n\n* Provides consultation to engineering and operations staff.\n\n\n\n\n\nEqual Employment Opportunity\n\nApplicants for U.S. based positions with Jack Henry & Associates must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.\n\nJack Henry & Associates, Inc. is an Equal Employment Opportunity/Affirmative Action Employer and maintains a Drug-Free Workplace.\n\nFemales, minorities, veterans, and individuals with disabilities are encouraged to apply.


See more jobs at Jack Henry & Associates .

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Staff Engineer


Contrast Security


This job post is closed and the position is probably filled. Please do not apply.
Contrast is looking for an architect enthusiastic and proficient in front-end technologies such as ReactJS and AngularJS and server-side API development written in Java/Spring interested in pursuing a life changing experience in the field of application security and continuous delivery. We are an exciting, young team that is growing leaps and bounds each month. This person should take a wholistic view of our application architecture with sincere attention to quality, performance, scalability, security and maintainability.\n\nThis team is tasked with the unique opportunity to advance our runtime and pre-compile code analysis capabilities. This includes providing enhanced techniques to improve the accuracy, findings and reporting of code analysis. It will also include driving and leading the next generation of product and offerings to make the Contrast platform the choice for code analysis tools among developers and security professionals.\n\nIdeal candidates have a background building highly scalable and responsive Single Page Applications (SPAs) using ReactJS, CSS/Bootstrap, visualization libraries such as D3, HighCharts or AMCharts, as well as other SVG based visualization plugins. We write a lot of GraphQL to interact with our REST layer to improve performance and data interaction.\n\nOur engineering team has a strong spirit of entrepreneurship. Every member of the team has joined us over our 5 year history because he/she wants to be part of a high-performing team and go through the startup experience. We look for candidates that share similar goals and beliefs about the work and the team they want to be a part of.\n\n\nAbout You\n\n\n\n* Experience architecting modern, scalable and high-performing full-stack web applications\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You have experience working in Java/Spring or Python/Flask to design and implement robust and scalable APIs.\n\n* Stellar visual skills and attention to detail.\n\n* You have extensive HTML5, CSS3 (Less), and JavaScript Framework (ReactJS) experience.\n\n* Experience with TypeScript and GraphQL.\n\n* Have an eye for quality and have an interest in using tools/frameworks like Enzyme, Prettier, ReactTestRenderer, Jest, JUnit, StoryBook, etc...\n\n* AWS Services: S3, EC2, CloudFront, Lambda.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* Your code is clean, your designs are elegant and you are constantly refactoring.\n\n* Multiple years experience working in Enterprise or Commercial Software development.\n\n* Own your work. Whether a nasty bug or an awesome feature, you put your name on every line of code.\n\n\n\n\n\nWhat We Offer\n\n\n* Competitive compensation package (salary + equity)\n\n* A fun and dynamic environment where you work with other like minded people on products which make a real difference to the security of our customers\n\n* In-office lunches\n\n* Medical, dental and vision benefits\n\n* Flexible paid time off\n\n* 401K with match\n\n\n


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Wikimedia Foundation


closed

Senior Application Security Engineer


Wikimedia Foundation


senior

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nSummary\n\nThe Wikimedia Foundation is looking for an Application Security Engineer to join the Security team working to help protect Wikipedia and our other projects. You'll be working with other developers and security engineers to create new security features, review the security of other people's code, and help find and fix security bugs before they're exploited.\n\nYOU ARE ...a smart security practitioner with experience building and auditing security features in large scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You must have a passion for the WMF mission. We do (almost) everything publicly, and volunteers can add arbitrary JavaScript to our site.\n\nYou will be joining a team responsible for ensuring the security and integrity of applications written in PHP, Python, Ruby, Lua, Perl, JavaScript (Node.js) among others, using both relational and key-value data storage mechanisms. (Don't worry, you don't need to have had experience with all of those technologies.)\n\nWe’d like you to do these things:\n\n\n* Triage and remediate reported security issues\n\n* Review and deploy features developed by the Foundation and community members\n\n* Work with other development teams to ensure that they make safe architectural and implementation choices\n\n* Constantly poke and abuse our software to find bugs before attackers do\n\n* Provide application security concept reviews and help socialize application security best practice\n\n* Provide support for application security operations\n\n\n\n\nWe’d like you to have these skills:\n\nThe right person is better than the right set of experiences, these are the traits we’ve identified make great additions to our team so far.\n\n\n* Two or more years of application security experience, including thorough understanding of issues documented in the OWASP Top Ten and CWE Top 25\n\n* Strong understanding of modern, object-oriented PHP development\n\n* In-depth experience developing or auditing client-side JavaScript\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Experience conducting software security reviews using a combination of source code inspection, manual testing, and automated scanning\n\n* Patience in explaining security issues and their implications on privacy to non-technical audiences\n\n* Sensitivity to the security challenges faced by participants in a large, international project\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux at the command line for tasks related to web application development and deployment\n\n* Ability to maintain focus when working remotely\n\n\n\n\nAnd it would be even more awesome if you have this:\n\nIn addition to the basic skills needed for being successful these skills could set you apart from the pack!\n\n\n* Experience as a contributor in the Wikipedia or Wikimedia project communities\n\n* Experience contributing to a consensus-based open source project\n\n* Experience developing, maintaining, or administering authentication systems\n\n\n\n\nAbout the Wikimedia Foundation\n\nThe Wikimedia Foundation is the non-profit organization that supports and hosts Wikipedia and its sister free knowledge sites. Wikipedia consists of nearly 40 million articles across hundreds of languages. Every month, more than 80,000 volunteer editors contribute to Wikipedia. Based in San Francisco, California, the Wikimedia Foundation is an audited, 501(c)(3) non-profit that is funded primarily through donations and grants. It currently employs over 240 staff members.\n\nAt the Foundation, we build technology to help people everywhere access Wikipedia, across devices and in nearly 300 languages. We engineer privacy for our readers and editors so they can safely and securely explore Wikipedia. We create programs and initiatives to make Wikipedia freely available to more people in more parts of the world. We build new tools for the community of editors so they can continue to improve and grow Wikipedia. Roughly a quarter of our budget goes to supporting the community that make the site possible, including through grantmaking programs that enable volunteers and enrich the information on the sites.\n\nBenefits & Perks\n\n\n* Fully paid medical, dental and vision coverage for employees and their eligible families (yes, fully paid premiums!)\n\n* The Wellness Program provides reimbursement for mind, body and soul activities such as fitness memberships, massages, cooking classes and much more\n\n* The 401(k) retirement plan offers matched contributions at 4% of annual salary\n\n* Flexible and generous time off - vacation, sick and volunteer days\n\n* Pre-tax savings plans for health care, child care, elder care, public transportation and parking expenses\n\n* For those emergency moments - long and short term disability, life insurance (2x salary) and an employee assistance program\n\n* Telecommuting and flexible work schedules available\n\n* Appropriate fuel for thinking and coding (aka, a pantry full of treats) and monthly massages to help staff relax\n\n* Great colleagues - diverse staff and contractors speaking dozens of languages from around the world, fantastic intellectual discourse, mission-driven and intensely passionate people\n\n\n


See more jobs at Wikimedia Foundation

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Certica Solutions


closed

Development Security Operations Engineer


Certica Solutions


ops

 

ops

 
This job post is closed and the position is probably filled. Please do not apply.
\nCertica seeks an experienced and energetic engineering professional to take Certica’s DevSecOps practices to the next level by driving the secure provisioning, automation and monitoring of Certica’s infrastructure and applications. The DevSecOps Engineer will work collaboratively with other members of the product team to deliver world-class analytic, assessment and data management solutions.  This role will provide important expertise and knowledge by researching new and upcoming technologies while partnering with other teams to achieve our business goals. This role will blend the considerations of best practices of DevOps with SecOps considerations while working in an agile software environment.   \n\nThis is a very exciting full-time position with generous benefits and flexible work arrangements and a great time to join a market leading company that is expanding its operations. This position will be located at either our Austin, TX or Cincinnati, OH locations.\n\nEssential Tasks & Responsibilities:\n\n\n* Implement and maintain the secure infrastructure needed for Continuous Integration and Continuous Delivery practices in our products and manage the environments involved;\n\n* Create a highly robust and secure infrastructure for the automation of the build, deployment, test, monitoring and reporting of operations of our software products;\n\n* Ensure our environments are secure, cost-effective, scalable, responsive, and limit single points of failure;\n\n* Work in an agile software development environment with distributed teams using Scrum;\n\n* Drive and implement security reviews, vulnerability assessments and the resolution of identified vulnerabilities;\n\n* Participate in defining and implementing incident management processes and technologies;\n\n* Research new and upcoming technologies/tools that help us achieve our business goals; and\n\n* Successfully collaborate with other teams, such as development, product management, and quality assurance.\n\n\n\n\nSkills & Professional Experience:\n\n\n* 3+ years extensive professional experience with multiple scripting technologies (PowerShell, Bash, Python, etc.);\n\n* 3+ years of daily hands on production level management using cloud technologies (AWS, Azure) to deploy infrastructure, databases and software in a secure and scalable fashion;\n\n* 3+ years strong experience of any industry leading build, deployment, and configuration system(s); Team City and Octopus preferred but not required;\n\n* Experience leading and implementing security best practices across infrastructure and DevSecOps pipelines;\n\n* Demonstrated ability to design and implement the DevSecOps pipeline as we scale;\n\n* 3+ years of database experience (SQL Server, MySQL, etc.), including configuration, deployment, and query writing and execution;\n\n* Comfortable with Windows and Linux and working with servers from the command line;\n\n* Experience configuring and managing Active Directory;\n\n* Ability to quickly become a contributor working independently and as part of a local or remote team;\n\n* Strong communication, analytical, entrepreneur skills with pride in personal contributions and passion to learn and grow their professional skills/experience;\n\n* BA/BS Degree in Computer Science or related software engineering experience; and\n\n* Appropriate certifications are a plus (CISSP, etc.)\n\n\n\n\nAbout Certica Solutions    www.CerticaSolutions.com\n\nCertica is dedicated to advancing academic progress and equity in education through measurable improvements in student achievement. Certica’s analytic, assessment and data management solutions provide a foundation for standards-based learning and assessment, as well as teacher data literacy. Certica serves more than 1,500 K-12 school districts and numerous charter school organizations, and educational service agencies. Certica is based in Wakefield, Massachusetts, with offices in Harvard, North Carolina, Ohio, South Carolina and Texas. Follow Certica on Twitter @Certica_K12.


See more jobs at Certica Solutions

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Skillshare


closed

Senior Security Engineer


Skillshare


senior

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
As a Senior Security Engineer on the SRE Team at Skillshare, you’ll play a key role in helping us continuously improve our security programs to ensure the best experience for our users through the safety of our technology and data. \n\nThis role spans strategic work of putting in place forward-looking initiatives as well as responding to external threats on an ongoing basis, which means the opportunity for impact across the board.  We’re scaling quickly and are excited to bring someone onboard who can help us proactively tackle challenges – both in the day-to-day operations and anticipated future ones. \n\nYou’ll collaborate with the other members of the SRE team as well as the product development teams to plan and implement various security initiatives. We’ll look to your strategic expertise, reliable execution, and sound judgment to improve and maintain our security infrastructure, along with creating and improving processes for maintaining a secure product and environment.\n\nYou’ll be joining a team that’s passionate about technology, and helping pave the way for building products together that we’re proud of. We’re excited to meet you.\n\n\n\n\nWhat you'll do:\n\n\n\n\n* Improve, monitor and maintain our information security.\n\n* Execute security initiatives related to infrastructure, product, and data.\n\n* Make strategic recommendations and improvements to our security.\n\n* Work with application developers to improve the security of various product features.\n\n* Proactively prep and train developers and raise the security awareness of everyone in the organization.\n\n* Quickly and proactively respond to incoming security threats.\n\n* Continually assess, address and report on the levels of threat and preparedness.\n\n\n\n\n\n\n\n\n\n\nWhy we're excited about you:\n\n\n\n\n* 7+ years of experience building, supporting and securing cloud-based web infrastructure with AWS.\n\n* Knowledge of best security practices for building web applications.\n\n* Experience with security monitoring tools.\n\n* Experience in compliance with industry standards such as PCI, OWASP, NIST, GDPR etc.\n\n* Experience with Single Sign-on (SSO) for internal systems.\n\n* Understanding of and ability to deal with and prevent typical security threats and risks.\n\n* Deep understanding of web application infrastructure.\n\n* Working knowledge of software engineering.\n\n* Strong communication skills – you’re a natural collaborator and can report out to stakeholders of all levels.\n\n* Tech stack knowledge: Docker (Kubernetes experience is a plus), Linux, DataDog, AWS security products, MySQL.\n\n\n\n\n\n\n\n\n\n\nWhy you're excited about us:\n\n\n\n\n* Impact: you’ll play a key role in shaping the direction of a comprehensive security approach long-term.\n\n* Growth: Our team is small, so you’ll have room to wear a lot of hats and take on more responsibility over time. \n\n* Our mission: We are building a learning ecosystem for the new economy and changing millions of lives for the better.\n\n* Our team: We have a passionate, smart team that is a lot of fun to work with.\n\n* Your life: We take pride in our flexibility. Working remotely is part of how we need to work these days. You’re a professional, and we trust you to do what you need to do.\n\n\n\n\n


See more jobs at Skillshare

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Olo


closed

Security Engineer Blue Team


Olo


This job post is closed and the position is probably filled. Please do not apply.
\nAt Olo we develop an online food ordering platform used by many of the country’s largest restaurant chains, reaching millions of consumers. Chances are if you’ve ordered directly from a restaurant brand’s app or website, we’ve made that happen. Mobile ordering and payments is an exciting and active industry full of interesting players and yet still a relatively untapped market ripe for disruption. We’re quite up-front about the technical challenges our business faces. Running a platform with multiple white-labeled front-ends, that maintains real-time connections into thousands of restaurants’ POS systems, and coordinates complex transactions between these and other third parties (such as payment gateways and gift card providers) is not for the faint of heart!\n\nWe take great pride in the reliability, security, and performance of our systems and services. We are looking for a talented Security Engineer with experience in a Blue Team role to help us fortify our defenses and protect the systems that enable hungry people to order their food quickly and securely.\n\nIn the role of Senior Security Engineer, you will design and implement the security defenses that enable our systems to keep running while protecting the data of our clients and their customers. \n\nResponsibilities\n\n\n* Detect and defend against attacks.\n\n* Review patching, firewall rules, and server configurations together with the Infrastructure team.\n\n* Respond to alerts, events, and incidents per our specified procedures and processes. \n\n* Proactively examine logs and system activity for unusual activity, adding and tweaking monitors and alerts.\n\n* Lead remediation efforts from Red Team findings.\n\n* Work with PCI and SOC auditors to provide evidence of compliance.\n\n* Support and lead AV and Endpoint technology and deployments. Automate patching and task automation of servers and desktops.\n\n* Interact with IT operational and development teams to advise on, coordinate and track mitigation and remediation activities.\n\n* Conduct Blue Team exercises and Computer Network Defense drills in order to evaluate and improve processes and technologies related to threat detection, incident response, patching, remediation and user training.\n\n* Maintain vulnerability management solutions to ensure endpoints are compliant with security guidelines.\n\n* Daily operational work includes security monitoring, patch verification, IDS alerts, FIM alerts, log analysis, forensic analysis, host configuration audits, firewall rule reviews, assisting with fraud attacks, and other security tasks.\n\n* Help diligence third party software and SaaS tools for our approved vendor list.\n\n* Proactively identify and implement improvements to our tools and processes.\n\n\n\n\nRequirements\n\n\n* Previous Blue Team experience \n\n* Proficient in current security technologies, including advanced anti-malware solutions, network forensics, and detection solutions.\n\n* Proven experience developing and leading remediation / mitigation activities, and providing status updates and reports.\n\n* Experience with Windows Desktop, Windows Server, macOS, and Linux operating systems and system administration – specifically with regard to hardening, detection, patching and compliance.\n\n* Solid experience with AWS security best practices and Infrastructure-as-Code (e.g. Terraform, Ansible, CloudFormation or similar.)\n\n* Experience with both hardware and AWS networking configuration (switches, firewalls, security groups, etc) – specifically with regard to patching and compliance.\n\n* Deep understanding of networking concepts such as DMZs, subnets, VLANs, proxies, private IP addressing and NAT; protocols, ports and common services, such as TCP/IP network protocols and application layer protocols (e.g. HTTP/S, DNS, SSH, SMTP, Active Directory etc.)\n\n* Up-to-date knowledge of information technology and cyber security standards, trends, and issues. \n\n* Experience deploying, maintaining and administering security technologies including DLP systems, IDSs, WAFs, FIM, etc. \n\n* Experience with PCI and/or SOC compliance highly beneficial.\n\n* CISSP certification preferred.\n\n\n\n\nAbout Olo\n\nOlo powers digital ordering and delivery programs that connect restaurant brands to the on-demand world, placing orders directly into the restaurant through all order origination points – from a brand’s own website or app, third party marketplaces, social media platforms, smart speakers, and home assistants. Olo serves as the on-demand ordering and delivery platform across 70,000 locations for over 300 brands, such as Applebee’s, Checkers & Rally’s, Cheesecake Factory, Chili’s, Dairy Queen, Denny’s, Five Guys Burgers & Fries, Jamba Juice, Noodles & Company, Portillo’s Hot Dogs, Shake Shack, sweetgreen, Wingstop, and more. Learn more at www.olo.com.  \n\nOlo is located on the 82nd floor of One World Trade Center.  We offer great benefits, such as 20 days of Paid Time Off, fully paid health, dental and vision care premiums, stock options, a generous parental leave plan, and perks like FitBits, rotating craft beers on tap in our kitchen, and food events featuring our clients' menu items (now you know why we give out FitBits!). Check out our culture map: https://www.olo.com/images/culture.jpg.\n\nWe encourage you to apply! \n\nAt Olo, we know a diverse and inclusive team not only makes our products better, but our workplace better. Many groups are consistently underrepresented across the tech sector and we are fully committed to doing our part to move the needle. \n\nOlo is an equal opportunity employer and diversity is highly valued at our company. All applicants receive consideration for employment. We do not discriminate on the basis of race, religion, color, national origin, gender identity, sexual orientation, pregnancy, age, marital status, veteran status, or disability status.\n\nIf you like what you read, hear, and/or know about Olo, and want to be a part of our team, please do not hesitate to apply! We are excited to hear from you


See more jobs at Olo

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Redox


closed

Director Of Security Engineering


Redox


exec

 

exec

 
This job post is closed and the position is probably filled. Please do not apply.
\nAre you a technical leader who is passionate about security and enabling a team of highly talented security engineers in their mission to make Redox the most trusted name in healthcare technology?\n\nThe Redox Security Team\n\nThe Redox Security Team is building the foundation for our company to safely and efficiently eliminate the barriers to the adoption of technology in healthcare. We support teams throughout the company to enable them to build components that can securely store and transmit health data, thus enabling our customers to rapidly build and deploy products to change the face of the healthcare industry.\n\nYour Impact in this Role\n\nAs a Director of Security Engineering, you will oversee critical security programs that directly support building our secure healthcare platform. These programs include Application Security, Cloud Security, Identity & Access Management and Corporate Security. You will be responsible for coaching engineers in these functions and managing our strategic relationships across the technical and operational teams they work with.  We are all patients, and your role will be to ensure the safety of the data of yourself, your loved ones, and everyone else’s flowing through our platform. Our mission at Redox is to make health data useful, and you would focus on how to ensure that this mission isn’t undermined by interference from bad actors or flaws in the design of the environment. \n\nAbout You:\n\n\n* You prioritize building and supporting a diverse and inclusive team of engineers.\n\n* You are a leader who is able to elicit support without direct authority across the company.\n\n* You maintain relationships with key stakeholders and allies. \n\n* You are an exceptional coach, supporting your direct reports in achieving their goals and progressing their careers. \n\n* You hold yourself and your team accountable to goals and deliverables.\n\n* You maintain strong technical capabilities and use these to influence your overall security engineering strategy.\n\n* Rather than find solutions you help your teams find them themselves.\n\n* Be a sponsor and vigorous champion for your teams’ initiatives, including removing roadblocks for them when needed.\n\n* You draw from your experience to anticipate risks, and solve for future problems before they jeopardize your team. \n\n* Coordinate roadmaps across security, engineering and operation functions to ensure our plans are in sync, we have dependencies identified and are working towards common goals. \n\n* You have strongly honed communication and organizational skills.\n\n\n\n\nWork Experience and Expertise Should Include:\n\n\n* Experience leading technical engineering teams.\n\n* Knowledge of cloud-native and modern technologies (AWS, NodeJS, *nix, OSX, etc).\n\n* Familiarity of security practices, processes, and systems.\n\n* Affinity for an engineering culture that emphasizes Agile, DevOps, and continuous delivery.\n\n* Deep understanding of threat models for large, high-scale production platforms.\n\n* Strong communication and organizational skills.\n\n* Technical Security certification is nice to have.\n\n\n\n\nBonus Points\n\n\n* A history of building high performing technical security teams. \n\n\n


See more jobs at Redox

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

King & Union


closed

Cyber Security Sales Engineer


King & Union


sales

 

sales

 
This job post is closed and the position is probably filled. Please do not apply.
\nPosition Description\n\nKing & Union is seeking to hire an experienced and talented Senior Cyber Security Sales Engineer in our fast-paced well-funded start-up. Our flagship product, Avalon, is a threat analytics platform built with collaboration at its core helping build an interactive community of cyber analysts. Avalon provides a dynamic workspace where security operators and analysts can lean in, cut through the noise and reduce the time to address threats from hours to minutes. The platform enables organizations’ users to rapidly collaborate with trusted peers on investigations and findings, providing unique insights, and setting up fast action events for remediation. The Senior Sales Engineer is responsible for providing exceptional pre-sales support to the sales team focusing on public and private sector accounts.\n\nOverview of Position\n\n\n* Assist in driving new business from prospective and existing customer accounts as well as assisting the sales team in meeting and/or exceeding all sales quotas\n\n* Organize, plan, direct, and coordinate all aspects of the technical pre-sales engagement for the prospect\n\n* Serve as business resource to the customer/prospect and provide subject matter expert service and consulting throughout sales cycle\n\n* Proactively drive sales opportunities within identified accounts\n\n* Work with Sales, Marketing, and Product Managers to bridge the gap between the customer and the product contributing to messaging and product enhancements\n\n* Ownership of technical relationships with our pre-sales customers\n\n* Support sales team to accelerate sales cycle as appropriate\n\n\n\n\nRequirements:\n\n\n* Bachelor’s Degree in Computer Science or equivalent experience\n\n* +5 years of experience as a sales engineering or similar consulting role\n\n* Strong understanding of general networking concepts\n\n* Strong understanding of security and information event management (SIEM), SOAR's, TIP's, threat intelligence \n\n* Knowledge of scripting languages like Python/Perl\n\n* Ability to handle Proof of Concept and solution demonstrations\n\n* Self-motivated and strong work ethic\n\n* Clear, concise, confident, and effective communicator\n\n* Exceptional presentation skills and commitment to customer satisfaction\n\n* Background in cybersecurity and relevant industry experience preferred\n\n* Prefer knowledge of threat intelligence landscape including key players in the industry \n\n* Broad contacts in cyber threat intelligence community are a plus \n\n\n\n\nCompensation\n\n\n* Early round shares\n\n* Competitive salary\n\n* 401(k), healthcare, and full benefits\n\n* Ability to work from home and our offices in Old Town, Alexandria\n\n\n


See more jobs at King & Union

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Software Engineer Serverless Platform


Contrast Security


dev

 

serverless

 

dev

 

serverless

 
This job post is closed and the position is probably filled. Please do not apply.
\nContrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber-attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\n\nAbout the Position\n\nA revolution is underway in how software is built and deployed. Serverless computing represents that next generation approach to both. At Contrast our goal is to help our customers build and deploy the most robust and secure software imaginable. We believe that not enough is being done in the Serverless space to make Serverless applications secure.\n\nWriting instrumentation agents is a responsibility we take very seriously at Contrast. Our customers trust us enough to run our agents directly in their applications. We're looking for an engineer to exercise that power carefully, to help us build a quality, thoroughly tested agent that our customers run with complete confidence. Serverless presents a very unique problem for our customers, as now our IAST, RASP and OSS capabilities will extend into the compile and deploy process.\n\nAn ideal candidate has a passion and excitement around the Serverless Framework, as well as the AWS Lambda and Azure Functions communities. They have professional experience building Serverless applications and have a deep understanding of observability and secure programming.\n\nResponsibilities and About You\n\n\n* History of building Serverless web applications in Node, Python, Go or Java.\n\n* Extensive experience with AWS Lambda and/or Azure functions.\n\n* Collaborates enthusiastically as we are serious users of Slack, Github/Bitbucket, HighFive/Zoom (video/voice calls) to leverage chat (Slack), asynchronous communication and tracking (JIRA).\n\n* Desire to document and automates everything. You believe knowledge should be shared. You document systems and share knowledge with the rest of the team clearly and precisely.\n\n* Contribute to the development of our instrumentation agent written in Python, Node and Java, but from the perspective of distributed systems and function based architectures.\n\n* Perform forensic investigations when the agent negatively impacts the performance of functionality of instrumented Serverless applications.\n\n* You approach problems from a product perspective, thinking through how the user will interact with what you're building.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* You see the big picture. You understand how the code you write interacts with systems and services, both internally and externally. \n\n\n\n\nWhat We Offer\n\n\n* Competitive compensation and Stock\n\n* Medical, dental, and vision benefits\n\n* Flexible paid time off\n\n* Daily in-office lunches\n\n* 401K\n\n* Professional Development Budget\n\n\n\n\nWe are changing the world of software security. Do it with us.  We believe in what we do and are passionate about helping our customers secure their business. We work hard, and we have fun doing it. Solve the impossible. Easy = boring. If you’re looking for a fun work environment and like a challenge, you’ll love Contrast Security.


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Wikimedia Foundation


closed

Application Security Engineer


Wikimedia Foundation


This job post is closed and the position is probably filled. Please do not apply.
\nLocation: Remote/SF\n\nHours: 40 hours\n\nContract Length: Until end of June (6+ months)\n\n\nSummary\n\nThe Wikimedia Foundation is looking for an Application Security Engineer to join the Security team working to help protect Wikipedia and our other projects. You'll be working with other developers and security engineers to create new security features, review the security of other people's code, and help find and fix security bugs before they're exploited.\n\nYOU ARE ...a smart security practitioner with experience building and auditing security features in large scale systems. You understand the importance of testing and documentation, and common pitfalls in developing secure web applications. You must have a passion for the WMF mission. We do (almost) everything publicly, and volunteers can add arbitrary JavaScript to our site.\n\nYou will be joining a team responsible for ensuring the security and integrity of applications written in PHP, Python, Ruby, Lua, Perl, JavaScript (Node.js) among others, using both relational and key-value data storage mechanisms. (Don't worry, you don't need to have had experience with all of those technologies.)\n\nYou are responsible for:\n\n\n* Triaging and remediating reported security issues\n\n* Reviewing and deploying features developed by the Foundation and community members\n\n* Working with other development teams to ensure that they make safe architectural and implementation choices\n\n* Constantly poking and abusing our software to find bugs before attackers do\n\n* Providing application security concept reviews and help socialize application security best practice\n\n* Providing support for application security operations\n\n\n\n\nSkills and Experience:\n\nThe right person is better than the right set of experiences, these are the traits we’ve identified make great additions to our team so far.\n\n\n* Two or more years of application security experience, including thorough understanding of issues documented in the OWASP Top Ten and CWE Top 25\n\n* Strong understanding of modern, object-oriented PHP development\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Experience conducting software security reviews using a combination of source code inspection, manual testing, and automated scanning\n\n* Patience in explaining security issues and their implications on privacy to non-technical audiences\n\n* Sensitivity to the security challenges faced by participants in a large, international project\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment\n\n* Ability to maintain focus when working remotely\n\n\n\n\nAdditionally, we’d love it if you have:\n\nIn addition to the basic skills needed for being successful these skills could set you apart from the pack!\n\n\n* Experience as a contributor in the Wikipedia or Wikimedia project communities\n\n* Experience contributing to a consensus-based open source project\n\n* Experience developing, maintaining, or administering authentication systems\n\n* In-depth experience developing or auditing client-side JavaScript\n\n\n\n\nThe Wikimedia Foundation is... \n\n...the nonprofit organization that hosts and operates Wikipedia and the other Wikimedia free knowledge projects. Our vision is a world in which every single human can freely share in the sum of all knowledge. We believe that everyone has the potential to contribute something to our shared knowledge, and that everyone should be able to access that knowledge, free of interference. We host the Wikimedia projects, build software experiences for reading, contributing, and sharing Wikimedia content, support the volunteer communities and partners who make Wikimedia possible, and advocate for policies that enable Wikimedia and free knowledge to thrive. The Wikimedia Foundation is a charitable, not-for-profit organization that relies on donations. We receive financial support from millions of individuals around the world, with an average donation of about $15. We also receive donations through institutional grants and gifts. The Wikimedia Foundation is a United States 501(c)(3) tax-exempt organization with offices in San Francisco, California, USA.\n\nThe Wikimedia Foundation is an equal opportunity employer, and we encourage people with a diverse range of backgrounds to apply.\n\nMore information\n\nWMF\nBlog\nWikimedia 2030\nWikimedia Medium Term Plan\nDiversity and inclusion information for Wikimedia workers, by the numbers\nWikimania 2019\nAnnual Report - 2017 \nThis is Wikimedia Foundation \nFacts Matter\nOur Projects\nFundraising Report


See more jobs at Wikimedia Foundation

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!


closed

Senior Application Security Engineer


Aha!


senior

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
**About Us:**\n\nWe are Aha! - a fully remote, profitable, and self-funded SaaS company. We build the world's #1 product roadmap and marketing planning software, and more than 250,000 users trust our software to build amazing products. \n\n[It started in 2013](https://www.aha.io/company/history) with a simple idea — to build a company that customers and employees would love. And to do it with no venture funding, offices, or salespeople.\n\n**The Role:**\n\nAha! is looking for a Security Engineer who is passionate about finding and fixing security vulnerabilities in our sophisticated SaaS platform. Over 250,000 users trust us with their product roadmaps, including many of the world's largest brands. As the second hire in the security group, you will be a key part of the engineering team, helping with both code reviews and general appsec as well as other security projects to help grow and secure the company.\n\nAs a Senior Security Engineer at Aha!, you will have an excellent opportunity to join a self-funded and profitable company that is growing fast. Aha! was founded by a proven team of product and marketing experts. \n\n**We are looking for someone who:**\n\n- Finds joy in breaking (and then fixing) software\n- Has experience with Ruby on Rails and Javascript based applications\n- Has experience with AWS\n- Has worked on compliance projects and security policy development\n- Has driven security initiatives or delivered security training\n- Wants to be great and work in a fast-moving, online environment where the end-user is key\n\n**We are committed to being great, and we want someone who:**\n\n- Can work at a fast-paced company where the feedback cycle is measured in hours rather than weeks\n- Has a background of delivering superb work again and again\n- Is seeking a career-defining opportunity and a proven, results-oriented team that has sold multiple software companies\n- Is interested in collaborating with software engineers to grow their skills and career\n- We are building a distributed team, and you can work from anywhere in North America for this role. \n\n*We offer generous salary, equity, benefits, and a profit-sharing program.*


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Golang Instrumentation Engineer


Contrast Security


golang

 

golang

 
This job post is closed and the position is probably filled. Please do not apply.
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber-attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\n\nAbout the Position\nWe've been working with GoLang for a little over two years now. Most of our work thus far has been building our communication layer for dynamic agents to talk with our TeamServer. In the last year, we've spent a lot of time prototyping instrumentation within Go. Now's the time to build our first IAST and RASP agent, dedicated to the GoLang community.\n\nWriting instrumentation agents is a responsibility we take very seriously at Contrast. Our customers trust us enough to run our agents directly in their applications. We're looking for an engineer to exercise that power carefully, to help us build a quality, thoroughly tested agent that our customers run with complete confidence. Go presents a more unique situation in which our customers will have to include our agent within their compile process.\n\nAn ideal candidate has a passion and excitement around the GoLang community. They likely have professional C experience, including some experience contributing to open source frameworks and/or libraries, this could be a great opportunity for you to deepen your understanding of GoLang's unique characteristics. You like to reverse engineer code, making it better with each iteration.\n\n\n\nResponsibilities and About You\n\n\n* Love all things String related...\n\n* Build, ship, curate, and iterate on Contrast Security agent features.\n\n* Work with design, product, and support teams to build features.\n\n* Own your work. Whether a nasty bug or an awesome feature, you put your name on every line of code.\n\n* Be a team player. You love to work with others to find the right solutions.\n\n* Experience developing in Go and C.\n\n* Have a deep understanding of Go dependencies (Modules).\n\n* You approach problems from a product perspective, thinking through how the user will interact with what you're building.\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* You see the big picture. You understand how the code you write interacts with systems and services, both internally and externally. \n\n\n


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

New Context Services


closed

Application Security Engineer


New Context Services


This job post is closed and the position is probably filled. Please do not apply.
\nApplication Security Engineer\n\nNew Context is a rapidly growing consulting company in the heart of downtown San Francisco. We specialize in Lean Security: an approach that leads organizations to build better, safer software through hands-on technical and management consulting. We are a group of engineers who live and breathe Agile Infrastructure, Systems Automation, Cloud Orchestration, and Information & Application Security.\n\nAs a New Context Application Security Engineer, you will provide technical leadership with a hands-on approach. Our clients look to us to guide them to a solution that makes sense for them, and you should expect to provide thought leadership, design, and implement that solution. \n\nExpect to be involved in application security and vulnerability management using Open Source technologies as well as all aspects of security architecture, directives, and standards for application security. You will utilize our core methodologies - DevOps, Agile, Lean, TDD and Pair Programming - along with your expertise in application security - to provide advice and assistance to application teams. You will work with our clients and other New Context team members while working from the New Context office, at client sites, or from your home.\n\nWe foster a tight-knit, highly-supportive environment where you will receive respect and be included. Even if you may not know the answer to a question immediately, you'll have the entire company supporting you via Slack, Zoom, or in-person. We also host a daily, all-company stand-up via Zoom, and a weekly company Retro, so you won't just be a name on an email. \n\nAt New Context, our core values are Humility, Integrity, Quality & Passion! Our employees live these values every single day.\n\nWho you are:\n\n\n* A seasoned technologist with 5+ years work experience in cybersecurity, secure app development, or application security roles;\n\n* Happy and effective as a consultant in client-facing situations;\n\n* Knowledgeable about Lean Security or DevSecOps techniques and environments;\n\n* Experienced in Open Source web technologies, especially in the areas of highly-available, secure systems;\n\n* Experienced with cloud-native (AWS, Google Cloud, Azure) application implementations and the relevant security risks and mitigations. \n\n* Have worked in a team to create production-quality applications in an Agile environment;\n\n* Possess working knowledge of Unix-based operating systems and networking concepts, Windows and Microsoft Active Directory..\n\n* Comfortable with authentication and authorization functionalities and systems - identity federation (SAML, Oauth, OpenId), directory services (LDAP, AD), authenticating proxies;\n\n* Experienced as a technical lead;\n\n* An excellent communicator, experienced with external clients and customers and able to communicate productively with customers to explain technical aspects and project status;\n\n* Able to think on your feet and learn quickly on-the-job in order to meet the expectations of our clients;\n\n* A great teammate and a creative and independent thinker.\n\n\n\n\nBonus points if you are:\n\n\n* CISSP, CEH, CASE, GWEB, GWAPT, GSSP (or equivalent) certified.  \n\n* Experienced with Windows operating systems and Windows-based networking, e.g. Active Directory.\n\n* Familiar with network security fundamentals,, social engineering, and/or forensic analysis;\n\n* A believer in automated tests and their role in software engineering;\n\n* Familiar with Infrastructure as Code (IaC) and automated server provisioning technologies;\n\n* Able to translate complex concepts to business customers;\n\n* A member of national and/or local security groups.\n\n\n\n\nTechnology we use: We tailor solutions to our customers. You might work on projects using any of the following technologies (or other similar technologies):\n\n\n* Security: BurpSuite, ZAP Proxy, SAST/DAST Scanning Tools, Threat Modeling, Kali Linux, Standards & Compliance, Compliance standards, Application Security, Layer 7 Firewalls, OSSEC, Hashicorp Vault, STIX, TAXII;\n\n* Automation: Chef, Puppet, Docker, Ansible, Salt, Terraform, Automated Testing\n\n* Containerization Ecosystem: Docker, Mesosphere, Rancher, CoreOS, Kubernetes\n\n* Cloud & Virtualization: AWS, Google Compute Engine, OpenStack, Cloudstack, kvm, libvirt\n\n* Tools: Jenkins, Atlassian Suite, Pivotal Tracker, Vagrant, Git, Packer\n\n* Monitoring: SysDig, DataDog, AppDynamics, New Relic, Sentry, Nagios, Prometheus\n\n* Databases/Datastores: Cassandra, Hadoop, Redis, Postgres, MySQL\n\n* Languages: Ruby, Python, Go, Java, JavaScript\n\n\n\n\nWe are committed to equal-employment principles, and we recognize the value of committed employees who feel they are being treated in an equitable and professional manner. We are passionate about finding ways to attract, develop and retain the talent and unique viewpoints needed to meet business objectives, and to recruit and employ highly qualified individuals representing the diverse communities in which we live, because we believe that this diversity results in conversations which stimulate new and innovative ideas.\n\nEmployment policies and decisions on employment and promotion are based on merit, qualifications, performance, and business needs. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


See more jobs at New Context Services

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Security Scorecard - We are revolutionizing the cybersecurity industry


closed

Senior DevOps Engineer


Security Scorecard - We are revolutionizing the cybersecurity industry


devops

 

senior

 

devops

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nOpportunity\n\nSecurityScorecard is hiring a DevOps Engineer to bridge the gap between our global development and operational teams who is motivated to help continue automating and scaling our infrastructure. The DevOps Engineer will be responsible for setting up and managing the operation of project development and test environments as well as the software configuration management processes for the entire application development lifecycle. Your role would be to ensure the optimal availability, latency, scalability, and performance of our product platforms. You would also be responsible for automating production operations, promptly notifying backend engineers of platform issues, and checking long term quality metrics.\n\nOur infrastructure is based on AWS with a mix of managed services like RDS, ElastiCache, and SQS, as well as hundreds of EC2 instances managed with Ansible and Terraform. We are actively using three AWS regions, and have equipment in several data centers across the world.\n\nRegions: North America (GMT-7.00) Mountain time - (GMT-4.00) Atlantic time\n\nResponsibilities\n\n\n* Training, mentoring, and lending expertise to coworkers with regards to operational and security best practises. \n\n* Reviewing and providing feedback on GitHub Pull Requests to team members AND development teams- a significant percentage of our Software Engineers have written Terraform.\n\n* Identifying opportunities for technical and process improvement and owning the implementation. \n\n* Championing the concepts of immutable containers, Infrastructure as Code, stateless applications, and software observability throughout the organization.\n\n* Systems performance tuning with a focus on high availability and scalability.\n\n* Building tools to ease the usability and automation of processes\n\n* Keeping products up and operating at full capacity\n\n* Assisting with migration processes as well as backup and replication mechanisms\n\n* Working on a large-scale distributed environment where you were focused on scalability/reliability/performance\n\n* Ensuring proper monitoring / alerting are configured\n\n* Investigating incidents and performance lapses\n\n\n\n\nCome help us with projects such as…\n\n\n* Extending our compute clusters to support low latency, on-demand job execution\n\n* Turning pets into cattle\n\n* Cross region replication of systems and corresponding data to support low latency access\n\n* Rolling out application performance monitoring to existing services, extending integrations where required\n\n* Migration from self hosted ELK to a SaaS stack\n\n* Continuous improvement of CI/CD processes making builds & deployments faster, safer, and more consistent\n\n* Extending a Global VPN WAN to a datacenter with IPSec+BGP\n\n\n\n\nRequirements\n\n\n* 3+ years of DevOps and/or Operations experience in a Linux based environment\n\n* 1+ years of production environment experience with Amazon Web Services (AWS)\n\n* 1+ years using SQL databases (MySQL, Oracle, Postgres)\n\n* Strong scripting abilities (bash/python)\n\n* Strong Experience with CI/CD processes (Jenkins, Ansible) and automated configuration tools (Puppet/Chef/Ansible)\n\n* Experience with container orchestration (AWS ECS, Kubernetes, Marathon/Mesos)\n\n* Ability to work as part of a highly collaborative team\n\n* Understanding of monitoring tools like DataDog\n\n* Strong written and verbal communication skills\n\n\n\n\nNice to Have\n\n\n* You knew exactly what was meant by "Turning pets into cattle"\n\n* Experience working with Kubernetes on bare-metal and/or the AWS Elastic Kubernetes Service.\n\n* Experience with RabbitMQ, MongoDB, or Apache Kafka.\n\n* Experience with Presto or Apache Spark.\n\n* Familiarity with computation orchestration tools such as HTCondor, Apache Airflow, or Argo.\n\n* Understanding of network concepts- OSI layers, firewalls, DNS, split horizon DNS, VPN, routing, BGP, etc.\n\n* A deep understanding of AWS IAM, and how it interacts with S3 buckets.\n\n* Experience with SAFe.\n\n* Strong programming skills in 2+ languages.\n\n\n\n\nTooling We Use\n\n\n* Data definition, format and interfaces\n\n\n\n* Definitions - Protobuf V3\n\n* Normalize from - JSON / XML / CSV\n\n* Normalize to - Protobuf / ORC\n\n* Interfaces - REST API(s) and object store buckets\n\n\n\n* Cloud Services - Amazon Web Services\n\n* Databases: Postgresql, PrestoDB\n\n* Cache: Redis, Varnish\n\n* Languages: Python / C++14 / Scala / Golang / Javascript / Ruby / Java\n\n* Job Orchestration - HTCondor / Apache Airflow / Rundeck\n\n* Analytics - Spark \n\n* Storage: NFS/EFS, AWS S3, HDFS\n\n* Computation - Docker Containers / VMs / Metal / EMR\n\n\n


See more jobs at Security Scorecard - We are revolutionizing the cybersecurity industry

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Security Scorecard - We are revolutionizing the cybersecurity industry


closed

Data Engineer Attribution


Security Scorecard - We are revolutionizing the cybersecurity industry


This job post is closed and the position is probably filled. Please do not apply.
\nAbout The Role\n\nThe Attribution team develops software to collect and infer ownership information of Internet assets, such as IP addresses and domain names. Our team is looking for a data engineer to productionize prototype statistical models for attribution, and integrate new data sources into the attribution pipeline. We value experience in the networking and anti Internet-abuse communities.\n\n Requirements:\n\n\n* 3+ years of experience with:\n\n\n* Scala or Python, both preferred\n\n* Distributed systems (e.g. Spark, Hadoop)\n\n\n\n\n\n* Database systems (e.g. Postgres, MySQL)\n\n* Experience with the following is preferred:\n\n\n* IP (v4/v6) allocation and addressing conventions\n\n* DNS conventions and best practices\n\n* Anti-abuse investigations\n\n\n\n\n\n* Bachelor’s degree (CS, CE/EE, Math, or Statistics preferred)\n\n\n\n\nTraits\n\n\n* Comfortable working as part of a distributed team\n\n* Excellent communication and teamwork skills\n\n* Ability to make data driven decisions\n\n* Ability to do independent research\n\n\n\n\nInterview Process\n\n\n* Phone conversation with a Talent Acquisition team member to learn more about your experience and career objectives. 30 minutes.\n\n* Technical interview with hiring manager via video (preferred). Will include some coding. 30-45 minutes.\n\n* 1-2 technical interviews with data engineer and data science team members via video or in person. 1-1.5 hours for both.\n\n* Final meeting with engineering leadership via video or in person. 1 hour.\n\n\n


See more jobs at Security Scorecard - We are revolutionizing the cybersecurity industry

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Software Performance Engineer


Contrast Security


dev

 

dev

 
This job post is closed and the position is probably filled. Please do not apply.
\nContrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\n\nMembers of our Performance Engineering team believe in continuous measurement to drive product improvements and code optimizations. You would rather spend your time enabling engineering teams to more effectively understand the performance impact of their code. You thrive in an environment where there is something new to learn with each major effort. \n\nResponsibilities\n\n\n* Focus on constant improvement of uptime and page speed\n\n* Perform automated and ad-hoc analysis on usage patterns, data growth, and application change to prevent performance bottlenecks\n\n* Design, build, and configure environments and services at AWS\n\n* Partner to improve operational efficiency through automation, visibility, and transparency of performance and reliability metrics.\n\n\n\n\nAbout You\n\n\n* You love to make web applications faster and efficient.\n\n* History of working with Performance testing and monitoring tools\n\n* You love to break things, and you like to share how you did it.\n\n* You’re a storyteller with compelling stories about that time you learned something new in order to solve a problem for your company, and stories about the times you helped your team mates skill up.\n\n* You have powerful stories about the failures and mistakes you’ve made and the lessons learned. You share them as cautionary tales with your team mates.\n\n* You can demonstrate familiarity with common language frameworks. Java is preferred to start, but .NET, Ruby, Go, Python and Javascript are also key to our product offering.\n\n* You approach problems from a product perspective, thinking through how the user will interact with what you're building.\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need. You write things down so someone else on your team can do them.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges. We see simplicity as the greatest expression of intelligence and responsibility.\n\n* You see the big picture. You understand how the code you write interacts with systems and services, both internally and externally.\n\n* Bachelor’s Degree or equivalent\n\n* Background developing applications using Java, Tomcat, and MySQL\n\n* Understanding of data modeling for relation and non-relational persistence \n\n\n\n\nBonus Points\n\n\n* Distributed Queues\n\n* Service Discovery\n\n* Caching Design\n\n* Advanced Knowledge of AWS Features and Services\n\n* Spring and Hibernate Excellence\n\n* Knowledge of database fundamentals: SQL, schema, internals (MySQL)\n\n* JVM and garbage collector tuning, heap dump analysis experience\n\n* Experience with the following performance tools: JMeter, YourKit, New Relic, SumoLogic\n\n* Experience in using UI profilers and deep understanding of Chrome developer tools\n\n* Understanding of how a browser works (Chrome Devtools, UI Automator)\n\n\n\n\nWhat We Offer\n\n\n* The opportunity to work with some of the highest performing individuals in the world with the goal of establishing memories of the best part of your career ever.\n\n* Competitive compensation\n\n* Daily in-office team lunches\n\n* Meaningful stock plans\n\n* Medical, dental, and vision benefits\n\n* Flexible paid time off \n\n\n


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Software Development Engineer Test


Contrast Security


dev

 

testing

 

dev

 

testing

 
This job post is closed and the position is probably filled. Please do not apply.
\nContrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\n\nThe Software Development Engineer in Test (SDET) believes the reward for a job well done is another job. You would rather spend your time enabling engineering teams to more effectively write their own tests than write tests for them. You thrive in an environment where there is something new to learn with each major effort. \n\nImagine landing with an engineering team with a goal of improving their unit testing coverage.  Maybe they need help mocking services? Maybe they need help just refactoring a large group of tests during a system upgrade? Maybe they need help starting a load testing practice? Our teams will ask. You will research, implement and train.  When you are done with that job, a new one will await you with another of our teams.  \n\nResponsibilities\n\n\n* Work with multiple agile teams to establish automated test metric goals and achieve them. \n\n* Work with teams to set up processes, patterns and standards to increase unit test coverage\n\n* Work with teams to set up processes, patterns and standards to automate high value performance testing (benchmark, load and stress)\n\n* Work with teams to set up high value automated API tests\n\n* Working with the Ops teams to test infrastructure as code gets you a gold star\n\n* Contribute to our synthetic test infrastructure run against our production SaaS systems for real-time awareness of product uptime and functional stability.\n\n* Build and maintain expertise in several languages and their testing tool sets over time.\n\n* A passion for automation – a key team goal is to reduce daily toil through automation\n\n* Work cross-functionally within a service team and be a core contributor in every significant engineering solution that is delivered\n\n* Debug production issues across services and levels of the stack\n\n* Participate in on-call rotations, along with every member of the engineering team\n\n* Solid understanding of system design, including the operational trade-offs of various designs\n\n* Solid programming and troubleshooting skills. You may be called upon to help with systems written in Java, .NET, Ruby, Go, Python and Javascript. You won’t be expected to know everything, but we are looking for people who can dig through a codebase for debugging and commit tactical fixes opportunities.\n\n\n\n\nAbout You\n\n\n* You don't love writing code, you love writing code that test's the code.\n\n* You have 5+ years in technology with at least three in a QA Automation Role or SDET\n\n* You love to break things, and you like to share how you did it.\n\n* You’re a storyteller with compelling stories about that time you learned something new in order to solve a problem for your company, and stories about the times you helped your team mates skill up.\n\n* You have powerful stories about the failures and mistakes you’ve made and the lessons learned. You share them as cautionary tales with your team mates.\n\n* You can find your way around a database, but you are better at mocking them.\n\n* You can demonstrate familiarity with common language frameworks. Java is preferred to start, but .NET, Ruby, Go, Python and Javascript are also key to our product offering.\n\n* You have a desire to make the Internet a safer place.\n\n* You have a passion for tools, testing frameworks, methodologies and implementations. You choose them based on the the best fit for the problem at hand. \n\n* You approach problems from a product perspective, thinking through how the user will interact with what you're building.\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need. You write things down so someone else on your team can do them.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges. We see simplicity as the greatest expression of intelligence and responsibility.\n\n* You see the big picture. You understand how the code you write interacts with systems and services, both internally and externally.\n\n\n\n\nWhat We Offer\n\n\n* The opportunity to work with some of the highest performing individuals in the world with the goal of establishing memories of the best part of your career ever.\n\n* Competitive compensation\n\n* Daily in-office team lunches\n\n* Meaningful stock plans\n\n* Medical, dental, and vision benefits\n\n* Flexible paid time off \n\n\n\n\nBy submitting your application, you are providing Personally Identifiable Information about yourself (cover letter, resume, references, or other employment-related information) and hereby give your consent for Contrast Security, and/ or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles and locations.


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

.NET Engineer


Contrast Security


This job post is closed and the position is probably filled. Please do not apply.
\nAt Contrast, our goal is the make the Internet safer day by day. We are always interested in meeting talented and creative technologists who share this goal. We’ve built some amazing technology thus far and are shaking up the way the world looks at application security. We know that our products can get better with new voices and ideas. Contrast is looking for a talented .NET application developer to join our team, engineering a world-class instrumentation agent for analyzing the security of Microsoft web applications. An ideal candidate is proficient in ASP.NET, C#, and C++. Ideally, we would love for you to have an interest or experience in Azure, as well as experience or curiosity with .NET Core.\n\nKey Responsibilities\n\n\n* Build many variations of simple to complex web applications using ASP.NET and .NET Core for our instrumentation agent to analyze to detect security vulnerabilities at run-time.\n\n* Contribute to the development of our instrumentation agent written in C# and C++.\n\n* Support traditional ASP.NET apps and more modern .NET Core apps on Windows/Linux.\n\n* Perform forensic investigations when the agent negatively impacts the performance of functionality of instrumented web applications.\n\n* Own your work. Whether a nasty bug or an awesome feature, you put your name on every line of code.\n\n* Be a team player. You love to work with others to find the right solutions.\n\n\n\n\nAbout You\n\n\n* You love to code.\n\n* Experience with at least one ASP.NET Framework (WebForms, MVC, WCF, Web API) or .NET Core web applications.\n\n* Experience with C# and C++.\n\n* Comfortable working with Visual Studio Team Services for continuous integration.\n\n* Strong understanding of Microsoft IIS for configuration and deployment purposes.\n\n* Knowledge of the .NET development ecosystem.  Experience with popular .NET libraries such as Entity Framework, Dapper and Unity.\n\n* Experience deploying web applications to Azure services such as Azure VMs, Azure Web Apps, Service Fabric, Azure Table Storage (NoSQL), SQL Server and Azure Networking Services.\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* You see the big picture. You understand how the code you write interacts with systems and services, both internally and externally.\n\n\n


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Zapier


closed

Cloud Security Engineer


Zapier


cloud

 

cloud

 
This job post is closed and the position is probably filled. Please do not apply.
\nHi there!\n\nWe're looking for someone to join our Engineering team at Zapier as a Cloud Security Engineer. Are you interested in helping build and secure cloud infrastructure to support a powerful automation tool? Then read on…\n\nWe know applying for and taking on a new job at any company requires a leap of faith. We want you to feel comfortable and excited to apply at Zapier. To help share a bit more about life at Zapier, here are a few resources in addition to the job description that can give you an inside look at what life is like at Zapier. We hope you'll take the leap of faith and apply.\n\n\n* Our Commitment to Applicants\n\n* Culture and Values at Zapier\n\n* Zapier Guide to Remote Work\n\n* Zapier Code of Conduct\n\n* Diversity and Inclusivity at Zapier\n\n\n\n\nZapier is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.\n\nEven though our job description may seem like we're looking for a specific candidate, the role inevitably ends up tailored to the person who applies and joins. Regardless of how well you feel you fit our description, we encourage you to apply if you meet these criteria:\n\nYou care deeply about building secure products in secure ways that simplify the lives of millions of people through automation.\n\nAbout You\n\nYou have deep infrastructure security experience. Keeping the cloud resources that support our core Zapier application secure is at the heart of this role. Zapier is a SaaS product, so experience building software and managing cloud infrastructure under a similar model is a big plus.\n\nYou know what makes browsers and sites secure.  The web browser is practically the operating system of the internet; these days nearly everything that happens online, happens in a browser.  You’ll help us continue to keep customer data safe by ensuring the “first mile” is trouble-free.\n\nYou love writing software and building infrastructure. Most of what you’ll do each day is guiding, building and maintaining Zapier's infrastructure and product. You'll focus on high value, high risk portions of Zapier. You'll use code to automate and improve the more mundane parts of auditing and monitoring of internal processes, as well as in the product.\n\nYou have worked with teams before on large Python, AWS, & Kubernetes projects. You’re also familiar with some common frameworks for languages like Django, Flask, or Rails. You've also worked extensively in cloud providers like AWS, GCE, or Azure and have strong experience with threat detection tooling on linux. \n\nYou love doing things efficiently. At Zapier, the work you do will have a disproportionate impact on the business. We believe in systems and processes that let us scale our impact to be larger than ourselves. You'll be in a unique position to find and eliminate "insecure and painful" experiences and replace them with "secure and joyful" experiences.\n\nYou love learning. Engineering is an ever-evolving world. You enjoy playing with new tech and exploring areas that you might not have experience with yet.\n\nYou love to set your own direction. At Zapier, we have one team meeting each week and one-on-one meetings every month. Between those we chat in Slack and then go make things happen.\n\nYou are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.\n\nThings You Might Do\n\nZapier is a small, fast-growing, and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:\n\n\n* Write some python and work within ansible, terraform, AWS and more.\n\n* Identify where we can add more layers of defense in depth and implement them.\n\n* Regularly play a role in red team / blue team type of activities and see what threats you can expose in our cloud and server stack. \n\n* Build internal tooling to ensure safe data access patterns for Zapier employees.\n\n* Review code across Zapier's product and infrastructure.\n\n* Locating weak points across Zapier and strengthening them.\n\n* Ship code to millions of users every week.\n\n* Experiment: this is a startup so everything can change\n\n\n\n\nAs part of our All Hands Support initiative, help customers have the best experience with Zapier as possible. \n\nThe Whole Package\n\nLocation: Planet Earth.\n\nIf you want to work remote, that's great. If you want to work near others, that's cool too. Our team of 100+ is distributed because it lets us work with the best people. You don't have to be located in the USA either. Some team members live in the United Kingdom, Thailand, India, Nigeria, Taiwan, Guatemala, New Zealand, Australia, and more! You just need the skills and drive to succeed in this role and the ability to work from anywhere.\n\nCompensation:\n\n\n* Competitive salary (we don't use remote as an excuse to pay less)\n\n* Great healthcare + dental + vision coverage*\n\n* Retirement plan with 4% company match*\n\n* Profit sharing\n\n* 2 annual company retreats to awesome places\n\n* 14 weeks paid leave for new parents of biological or adopted children\n\n* Pick your own equipment. We'll set you up with whatever Apple laptop + monitor combo you want plus any software you need.\n\n* Unlimited vacation policy. Plus we require you to take at least 2 weeks off each year. We see most employees take 4-5 weeks off per year. This isn't a vague policy where unlimited vacation means no vacation.\n\n* Work with awesome companies around the world. We partner with great software companies all over the world and you'll constantly get to interact with people from these great companies\n\n\n\n\n*While we take care of our international folks as best we can, currently, healthcare and retirement plans are only available to US-based employees.


See more jobs at Zapier

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Zapier


closed

Application Security Engineer


Zapier


This job post is closed and the position is probably filled. Please do not apply.
\nHi there!\n\nWe're looking for someone to join our Engineering team at Zapier as an Application Security Engineer Are you interested in helping build and secure a powerful automation tool? Then read on…\n\nWe know applying for and taking on a new job at any company requires a leap of faith. We want you to feel comfortable and excited to apply at Zapier. To help share a bit more about life at Zapier, here are a few resources in addition to the job description that can give you an inside look at what life is like at Zapier. We hope you'll take the leap of faith and apply.\n\n\n* Our Commitment to Applicants\n\n* Culture and Values at Zapier\n\n* Zapier Guide to Remote Work\n\n* Zapier Code of Conduct\n\n* Diversity and Inclusivity at Zapier\n\n\n\n\nZapier is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.\n\nEven though our job description may seem like we're looking for a specific candidate, the role inevitably ends up tailored to the person who applies and joins. Regardless of how well you feel you fit our description, we encourage you to apply if you meet these criteria:\n\nYou care deeply about building secure products in secure ways that simplify the lives of millions of people through automation.\n\nAbout You\n\nYou have web application and infrastructure security experience. Keeping the core Zapier web application secure is at the heart of this role. Zapier is a SaaS product, so experience building software and managing infrastructure under a similar model is a big plus.\n\nYou know what makes browsers and sites secure.  The web browser is practically the operating system of the internet; these days nearly everything that happens online, happens in a browser.  You’ll help us continue to keep customer data safe by ensuring the “first mile” is trouble-free.\n\nYou love writing software and building infrastructure. Most of what you’ll do each day is guiding, building and maintaining Zapier's infrastructure and product. You'll focus on high value, high risk portions of Zapier. You'll use code to automate and improve the more mundane parts of auditing and monitoring of internal processes, as well as in the product.\n\nYou have worked with teams before on large Python, AWS, & Kubernetes projects. You’re also familiar with some common frameworks for languages like Django, Flask, or Rails as well as React/Backbone.js. You've also worked extensively in cloud providers like AWS, GCE, or Azure\n\nYou love doing things efficiently. At Zapier, the work you do will have a disproportionate impact on the business. We believe in systems and processes that let us scale our impact to be larger than ourselves. You'll be in a unique position to find and eliminate "insecure and painful" experiences and replace them with "secure and joyful" experiences.\n\nYou love learning. Engineering is an ever-evolving world. You enjoy playing with new tech and exploring areas that you might not have experience with yet.\n\nYou love to set your own direction. At Zapier, we have one team meeting each week and one-on-one meetings every month. Between those we chat in Slack and then go make things happen.\n\nYou are friendly and patient, welcoming, considerate, and respectful. Learn more about these attributes in our code of conduct.\n\nThings You Might Do\n\nZapier is a small, fast-growing, and remote-first company, so you'll likely get experience on many different projects across the organization. That said, here are some things you'll probably do:\n\n\n* Write some Python!\n\n* Identify where we can add more layers of defense in depth and implement them.\n\n* Periodically embed with product teams with to help with security sensitive projects.\n\n* Build internal tooling to ensure safe data access patterns for Zapier employees.\n\n* Review code across Zapier's product and infrastructure.\n\n* Locating weak points across Zapier and strengthening them.\n\n* Ship code to millions of users every week.\n\n* Experiment: this is a startup so everything can change\n\n\n\n\nAs part of our All Hands Support initiative, help customers have the best experience with Zapier as possible.\n\nThe Whole Package\n\nLocation: Planet Earth.\n\nIf you want to work remote, that's great. If you want to work near others, that's cool too. Our team of 100+ is distributed because it lets us work with the best people. You don't have to be located in the USA either. Some team members live in the United Kingdom, Thailand, India, Nigeria, Taiwan, Guatemala, New Zealand, Australia, and more! You just need the skills and drive to succeed in this role and the ability to work from anywhere.\n\nCompensation:\n\n\n* Competitive salary (we don't use remote as an excuse to pay less)\n\n* Great healthcare + dental + vision coverage*\n\n* Retirement plan with 4% company match*\n\n* Profit sharing\n\n* 2 annual company retreats to awesome places\n\n* 14 weeks paid leave for new parents of biological or adopted children\n\n* Pick your own equipment. We'll set you up with whatever Apple laptop + monitor combo you want plus any software you need.\n\n* Unlimited vacation policy. Plus we require you to take at least 2 weeks off each year. We see most employees take 4-5 weeks off per year. This isn't a vague policy where unlimited vacation means no vacation.\n\n* Work with awesome companies around the world. We partner with great software companies all over the world and you'll constantly get to interact with people from these great companies\n\n\n\n\n*While we take care of our international folks as best we can, currently, healthcare and retirement plans are only available to US-based employees.


See more jobs at Zapier

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Security Scorecard - We are revolutionizing the cybersecurity industry


closed

Senior Data Analytics Engineer


Security Scorecard - We are revolutionizing the cybersecurity industry


senior

 

stats

 

senior

 

stats

 
This job post is closed and the position is probably filled. Please do not apply.
\nWhy SecurityScorecard\n\nSecurityScorecard is revolutionizing the cybersecurity industry with our platform, data, and insights. We’ve built a new category of enterprise software, which enables companies to rate and understand the security risk of any company. Our customers span a variety of sectors and use cases, including compliance, cyber insurance, and vendor risk management. We are proud to be backed by Sequoia, Google Ventures, and Moody's.\n\nSecurityScorecard is growing tremendously and targeting talent who can contribute to the next phase in our company's development. A successful Scorecarder exemplifies our S(CORE) values: Solutions Focused, Customer Centric, operate as One Team, Resilience and Embody #SecurityDNA. Your interest in making an impact in our organization and alignment with these values are as important as your skills.\n\nOpportunity\n\nThe Senior Data Analytics Engineer will build meaningful analytics that inform companies of security risk. You will be working closely with our Data Science team, implementing algorithms and managing the analytic pipeline. We have over 1 PB of data, so the ideal candidate will have experience processing and querying large amounts of data.\n\nWe prefer this person to work from our NYC headquarters, but will consider remote applicants in other geographic areas.\n\nResponsibilities:\n\n\n* Manage the analytic pipeline using Spark, Hadoop, etc.\n\n* Leverage cutting-edge technologies to support new and existing and services and processes.\n\n* Quickly and efficiently design and implement in an agile environment\n\n* Work with other team members to implement consistent architecture\n\n* Drive projects through all stages of development\n\n* Actively share knowledge and responsibility with other team members and teams\n\n* Improve the effective output of the engineering team by managing quality, and identifying inconsistencies.\n\n\n\n\nRequirements:\n\n\n* Bachelor's degree (CS, EE or Math preferred) or equivalent work experience as well as interest in a fast paced, complex environment.\n\n* 5+ years of experience Scala or another functional language experience in a commercial environment (highly preferred)\n\n* 3+ Experience with Spark, and the Hadoop ecosystem and similar frameworks\n\n* Familiarity with various tools such as AWS and Docker and an instinct for automation\n\n* Expert in SQL\n\n* Strong understanding of Software Architecture principles and patterns.\n\n* Experience working with 3rd party software and libraries, including open source\n\n* Experience with Postgres\n\n\n


See more jobs at Security Scorecard - We are revolutionizing the cybersecurity industry

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Perch Security


closed

Experienced Sales Engineer


Perch Security


sales

 

sales

 
This job post is closed and the position is probably filled. Please do not apply.
\nAt Perch Security, Sales Engineers provide technical pre-sales and post-sales engineering support to the Sales Operations Center and Perch’s prospective and current clients. Sales Engineers are the primary technical resource for the Sales Operations Center. As a Sales Engineer you are expected to develop and build relationships with our clients and be well versed in all things Perch.\n\nA day in the life\n\n\n* Demonstrate products and services to clients onsite, remotely via webinar sessions, and at conferences/trade shows.\n\n* Communicate Perch’s key value propositions to clients in context of their specific use case or requirements.\n\n* Provide technical support and field questions from prospects and clients.\n\n* Develop and manage client relationships.\n\n* Communicate client feature requests and issues with product management and leadership teams.\n\n* Communicate and train partners on how to share the Perch value propositions.\n\n* Collaborate and communicate effectively with cross functional teams, executives, and clients.\n\n* Support RFI/RFP responses.\n\n* Support Proof of Value engagements.\n\n* Stay plugged into industry trends.\n\n\n\n\n\n\nA perfect match\n\n\n* BS/BA degree in Computer Science, a related discipline, or equivalent experience.\n\n* Excellent verbal and written communication skills.\n\n* Strong analytic and problem solving skills.\n\n* 3-5 years of experience working for a private software company.\n\n\n\n\n\n\nLocation\n\n\n* West of the Mississippi\n\n\n\n\n\n\nAbove and beyond\n\n\n* Some networking experience, you know what a subnet is.\n\n* Cybersecurity interest or background.\n\n\n


See more jobs at Perch Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Files.com


closed

Infrastructure Security Engineer


Files.com


This job post is closed and the position is probably filled. Please do not apply.
\nHave you built and managed large cloud server deployments that have seen real production usage? Are you an expert at automation tools like Chef, Consul, Terraform, and Vault? Do the concepts of immutable infrastructure or DevSecOps call out to you?\n\nIf so, we’d like you to learn about Files.com!\n\nFiles.com operates dozens of services over 150+ cloud server in 10 AWS regions. We rely on our ever-growing infrastructure team to keep those services running smoothly and securely.\n\nAt Files.com, you will be working with our existing deployments of Chef, Vault, Consul, Docker, Ansible, ELK, Grafana, Statsd, Asterisk, MySQL, Redis, Memcached, Zeromq, Puma, Jenkins, Wazuh, and many other exciting open source systems. Of course, you’ll also have the freedom to deploy something else if it gets the job done.\n\nAs a member of our infrastructure team, your work will be mostly project-based, but will also involve being part of an on-call rotation for the systems you maintain. (There are not many after-hours incidents.)\n\nExamples of Projects our Infrastructure Team Tackles:\n\n\n* Building zero-downtime failover from one AWS region to another for complex web applications.\n\n* Securing our network using tools like Terraform and Vault.\n\n* Deploying and managing internal services for things like LDAP, VPN, and telephone.\n\n* Designing and building our sophisticated monitoring stack and app uptime alerting.\n\n* Contributing features to our home-built FTP and SFTP server software that runs the FTP/SFTP interfaces of Files.com\n\n* Automating a system for dynamically allocating dedicated IPs to Files.com customers and keeping those IPs highly available even across server/AZ migrations.\n\n* Building and managing a Certificate Authority system\n\n\n\n\nMinimum Qualifications:\n\n\n* 5+ years of directly applicable experience.\n\n* Experience managing large cloud server deployments that have seen real production usage.\n\n* Experience building secure, failure-resistant architecture, including disaster recovery, backups, failover, etc.\n\n* Significant experience working with GNU/Linux servers, including a complete understanding of the command line, /proc, services, processes, virtual memory, etc.\n\n* Experience diagnosing and resolving problems in mission-critical environments.\n\n* Comprehensive understanding of networking concepts (layers, firewalls, DNS, VPN, etc) and how to build secure infrastructure and an awareness of common server security vulnerabilities.\n\n* Proficiency with configuration management tools, such as Chef or Puppet, and fluency with at least one major scripting language.\n\n\n\n\nPreferred Qualifications:\n\n\n* Experienced programmer capable of writing code in at least 2-3 major programming languages.\n\n* Contributions to major open source projects.\n\n* Familiarity with large scale log management systems, such as ELK or Splunk (we use ELK).\n\n* Experience with penetration testing in a production environment\n\n* Experience with the advanced features of public cloud platforms such as AWS or Azure (we use AWS).\n\n* Experience working on a remote team.\n\n\n


See more jobs at Files.com

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Redox


closed

Application Security Engineer


Redox


This job post is closed and the position is probably filled. Please do not apply.
Are you an Application Security Engineer who is passionate about empowering engineering teams to build secure software? Redox is searching for an exceptionally talented Senior Application Security Engineer to join our Security Team. In this role, you will set the direction for our application security processes, tools, and capabilities. Redox is an engineering-first company, building the future of healthcare information exchange, the platform to help power healthcare companies and applications to work together!\n\n\n\n\nResponsibilities:\n\n\n\n\n* Be an active voice in our small, focused security team as the primary engineer responsible for Application and Product Security.\n\n* Empower Redox to reduce avoidable vulnerabilities introduced into code, reduce the time to detect vulnerabilities that do exist, and mitigate vulnerabilities detected as quickly as possible.\n\n* Approach securing our company pragmatically, empathizing with engineers, developers and security champions to understand their needs.\n\n* Perform risk assessments, threat models and code reviews for our application.\n\n* Communicate issues and progress on complex problems in terms easily understood by stakeholders.\n\n* Coordinate and manage our penetration testing and bug bounty programs.\n\n* Support and build valuable training activities that uplift developer awareness of secure coding practices.\n\n* Build and maintain tools that detect potential security issues within our development pipeline.\n\n* Maximize security impact and reduce risk while minimizing the negative impact on our businesses and developer velocity.\n\n* Mentor and guide engineering teams on best practices for keeping our applications secure.\n\n\n\n\n\n\n\n\n\n\nBackground and Experience Requirement:\n\n\n\n\n* Knowledge of current application security vulnerabilities, how to detect them, how to prevent them and how to create awareness of them.\n\n* Proficiency and hands-on experience using tools to which can detect security vulnerabilities, both statically and dynamically.\n\n* Experience securing Javascript, NodeJS and Typescript applications.\n\n* Experience with containerized and application mesh architectures.\n\n* Ability to communicate complex security threats and risks into simple terms for non-security (and even non-technical) stakeholders.\n\n* Development experience in at least two high-level languages such as NodeJS, Python, Ruby, C#, Scala, Java, etc.\n\n* Experience running threat modeling sessions with engineering teams.\n\n\n\n\n\n\n\n\n\n\nBonus Points:\n\n\n\n\n* Securing applications based on AWS Technologies\n\n* Offensive security (OSCP) certifications\n\n* Docker/K8 hardening experience\n\n\n\n\n


See more jobs at Redox

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Auth0


closed

Product Security Engineer


Auth0


product manager

 

product manager

 

exec

This job post is closed and the position is probably filled. Please do not apply.
Auth0’s mission is to help developers innovate faster. Every company is becoming a software company and developers are at the center of this shift. They need better tools and building blocks so they can stay focused on innovating. One of these building blocks is identity: authentication and authorization. That’s what we do. Our platform handles 2.5B logins per month for thousands of customers around the world. From indie makers to Fortune 500 companies, we can handle any use case. We like to think that we are helping make the internet safer.\n\nWe have raised $210M to date and are growing quickly. Our team is spread across more than 35 countries and we are proud to continually be recognized as a great place to work. Culture is critical to us, and we are transparent about our vision and principles.\n\nJoin us on this journey to make developers more productive while making the internet safer!\n\nAuth0 is a security company and Auth0's Security organization is in the privileged position of supporting a security-first culture for a company that wants to make the Internet safer. The Product Security team mission is to ensure that Auth0 products are as secure as our customers trust them to be. We partner closely with our Engineering and Product teams to embed security into every stage of the product life cycle.\n\nWe are looking for a Product Security Engineer with a passion for both building and breaking things to solve security problems in partnership with our Engineering teams. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis.\n\n\n\n\nIn this role you will:\n\n\n\n\n* Provide security guidance to Engineering and Product teams\n\n* Build threat models and conduct risk assessments for new features and services\n\n* Perform design and code reviews (lots of them!)\n\n* Identify, triage, resolve, and manage security vulnerabilities identified in Auth0 products\n\n* Build libraries and tools to make software built at Auth0 secure by default\n\n* Make security an integral part of our CI/CD pipeline\n\n* Perform internal penetration tests and participate in red team exercises\n\n* Champion security at Auth0\n\n\n\n\n\n\n\n\n\n\nOur ideal candidate will have:\n\n\n\n\n* Strong understanding of Web application security, including hands-on exploitation skills\n\n* Familiarity with secure development practices and security testing techniques (SAST, DAST, fuzzing, etc.)\n\n* Ability to explain complex security issues and their impact to diverse audiences\n\n\n\n\n\n\n\n\n\n\nAlso nice if you have:\n\n\n\n\n* Experience running a bug bounty program\n\n* Experience with JavaScript (Node.js) development\n\n\n\n\n


See more jobs at Auth0

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Redox


closed
🇺🇸 US-only

Lead Security Engineer Risk Operations


Redox

🇺🇸 US-only

exec

 

ops

 

exec

 

ops

 
This job post is closed and the position is probably filled. Please do not apply.
\nAre you a Security Risk Leader who is passionate about applying scientific methods to security while preparing us for the potential “worse case” scenarios? \n\nRedox is searching for an exceptionally talented Tech Lead for our Security Risk Operations team. In this role, you will set the direction for our security risk management processes, prepare the company to handle security incidents, and ensure our vulnerability and issue management processes are efficient and scalable.\n\nRedox Security Engineers solve the most challenging technical security problems holding back healthcare technology while making a huge impact on the daily lives of patients. Effective security programs are driven by risk management. Security Risk Operations ensures our team has robust processes to identify, assess and manage the security risks of our organization. At Redox, we use quantifiable practices to ensure we are correctly prioritizing and able to measure the impact of the company’s security program and initiatives. Additionally, we ensure our business is prepared to respond appropriately, in the event that these risks do eventuate.\n\nYou will be responsible for technical leadership and hands-on building, operating, and maintaining the Security Risk Operations function at Redox.\n\nResponsibilities:\n\n\n\n\n* Be an active voice in our small, focused security team as the primary engineer responsible for Risk Operations\n\n* Design and facilitate the processes by which we conduct quantifiable security risk assessments and forecasts\n\n* Describe complex problems we face in broadly-understandable terms based on the audience (stakeholders)\n\n* Approach securing our company pragmatically, empathizing with our business to understand our needs while ensuring key risks are being addressed\n\n* Own our incident response processes and procedures, including facilitation of tabletop exercises\n\n* Work with engineering and security teams to ensure we are prepared, technically and procedurally, to respond to incidents\n\n* Support security incident response during security incidents by providing leadership and coordination across business functions\n\n* Build and oversee our business processes for vulnerability management\n\n* Maximize security impact and reduce risk while minimizing the negative impact on our business’s velocity\n\n* Implement and maintain scalable Vendor Risk Management processes\n\n\n\n\n\n\nRequired Skills:\n\n\n\n\n* 3+ years of hands-on experience with quantifiable risk management processes\n\n* Knowledge of current security threats, risks, and processes to quantify and manage them\n\n* Ability to distill complex security threats and risks into simple terms for non-security (and even non-technical) stakeholders, including clear communication and leadership during incidents\n\n* Ability to build and maintain effective incident response procedures, including training and exercises\n\n* Experience with Vendor Security Management processes and tools\n\n* Some development or quantitative science experience is highly desired\n\n\n\n\n\n\nThis is a remote based opportunity. You can live and work anywhere within the US.   We are only hiring for US based candidates.\n\n#Location\n🇺🇸 US-only


See more jobs at Redox

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Auth0


closed

Cloud Security Engineer


Auth0


cloud

 

cloud

 
This job post is closed and the position is probably filled. Please do not apply.
Auth0, a global leader in Identity-as-a-Service (IDaaS), provides thousands of enterprise customers with a Universal Identity Platform for their web, mobile, IoT, and internal applications. Its extensible platform seamlessly authenticates and secures more than 2.5B logins per month, making it loved by developers and trusted by global enterprises.\n\nAuth0 has raised more than $210 million in funding to date and continues its global growth at a rapid pace. We are consistently recognized as a great place to work based our outstanding leadership and dedication to company culture. We are looking for the best people to join our incredible team spread across more than 35 countries. Come join us!\n\nAuth0 gives companies simple, powerful and developer friendly building blocks so they can free up resources to focus on innovation. We strive to be the identity platform of choice of developers and Enterprises. We take our culture very seriously and are looking for people who are drawn to both our mission and our culture.\n\nWe are a security company and Auth0's Security team is in the privileged position of supporting a security first culture for a company that wants to make the internet safer.\n\nAs a member of the Cloud Security Team you will build, own and maintain critical security infrastructure to support Auth0’s production operations. We are looking for a Cloud Security Engineer who is passionate about developing reliable and scalable systems and wants to build tools and drive automation.\n\nWe will support your development, encourage you to open source the tools we build and present at conferences. This is an exciting time to join Auth0 as we are growing quickly -  providing plenty of opportunities to learn and implement new technologies.\n\n\n\n\nIn this role you will:\n\n\n\n\n* Design, build and maintain the systems that help keep Auth0 secure\n\n* Automate security process to reduce as much manual effort as possible\n\n* Build integrations between various alerting, metrics, and logging systems\n\n* Build and operate Cloud scale infrastructure which supports and secures Auth0’s Productions environment\n\n* Develop tooling to make security frictionless for Auth0 engineers\n\n* Participate in the on-call rotation to support the systems you build\n\n\n\n\n\n\n\n\n\n\nOur ideal candidate will have:\n\n\n\n\n* Knowledge of AWS services and security controls\n\n* Knowledge of network security architecture (e.g VPNs, SSH bastions, etc)\n\n* Write clean, readable, and maintainable code (we mostly write Python)\n\n* A knack for automation and instrumentation\n\n* Experience with Linux\n\n* Experience with log collection and analysis (e.g. Kinesis, ElasticSearch, Sumo Logic etc)\n\n* Strong written and verbal communication skills\n\n\n\n\n\n\n\n\nAuth0 is an Equal Employment Opportunity employer. Auth0 conducts all employment-related activities without regard to race, religion, color, national origin, age, sex, marital status, sexual orientation, disability, citizenship status, genetics, or status as a Vietnam-era special disabled and other covered veteran status, or any other characteristic protected by law. Auth0 participates in E-Verify and will confirm work authorization for candidates residing in the United States.


See more jobs at Auth0

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Full Stack Engineer Integrations Tooling


Contrast Security


full stack

 

full stack

 
This job post is closed and the position is probably filled. Please do not apply.
\nContrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\n\nAbout the Position\n\nContrast is looking for an integrations developer who will continue to build out our integrations with communications tools (Slack), platforms (Pivotal Cloud Foundry) security management services (Splunk), and even developer IDEs (InteliJ, Eclipse and VS Code). We have a good start integrating with lots of the software that our customers use. But we want to be integrated with everything, and that’s where you can help.  Ideal candidates have an affinity for working with lots of different software languages including: Java, Ruby, Javascript, and Python.\n\nThis job asks a lot of a developer’s intuition and persistence as we unravel and unwind APIs and software development kits. We the type of developer who wants to “figure it out.” This is a fun job where you get to work on lots of different things and “own” lots of small projects that you can enhance and tinker with on your own. Our engineering team has a strong spirit of entrepreneurship. Every member of the team has joined us over our 5 year history because he/she wants to be part of a high-performing team and go through the startup experience. We look for candidates that share similar goals and beliefs about the work and the team they want to be a part of.\n\nResponsibilities\n\n\n* Build new integrations for Contrast Security software including our SaaS, on-premise, and agents.\n\n* Maintain existing integrations we’ve already developed.\n\n* Collaborate with other developers in the organization to design and deploy integrations that benefit their teams.\n\n* Work with outside organizations to understand how Contrast Security fits with their marketplace and strategy.\n\n\n\n\nAbout You\n\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You have 1-2 years of experience working in Java, Javascript, Ruby, or Python and have a desire to learn languages you don’t already know\n\n* You have a knack for figuring things out and enjoy working with a piece of software to figure out how it works.\n\n* Stellar visual skills and attention to detail.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* Your code is clean, your designs are elegant and you are constantly refactoring.\n\n* Own your work. Whether a nasty bug or an awesome feature, you put your name on every line of code.\n\n\n\n\nWhat We Offer\n\n\n* Competitive compensation package (salary + equity)\n\n* A fun and dynamic environment where you work with other like minded people on products which make a real difference to the security of our customers\n\n* In-office lunches\n\n* Medical, dental and vision benefits\n\n* Flexible paid time off\n\n* 401K\n\n\n\n\nIf you're amazing but missing some of these, email us your résumé and cover letter anyway. Please include a link to your Github or BitBucket account, as well as any links to some of your projects if available. Email: [email protected] We are changing the world of software security. Do it with us.   We believe in what we do and are passionate about helping our customers secure their business. We work hard, and we have fun doing it. Solve the impossible. If you’re looking for a fun work environment and like a challenge, you’ll love Contrast Security. By submitting your application, you are providing Personally Identifiable Information about yourself (cover letter, resume, references, or other employment-related information) and hereby give your consent for Contrast Security, and/ or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities. Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles and locations.   


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Surevine


closed

Software Engineer Security Product Developer


Surevine


product manager

 

dev

 

product manager

 

dev

 
This job post is closed and the position is probably filled. Please do not apply.
\nWe are looking for a senior software engineer with experience working in product development. The ideal candidate will have demonstrable experience working on product roadmaps, technical architecture and design.  We want a team player; someone who is tenacious about getting things done as part of a team in an environment that expects creativity and quality delivery. Be a rebel, but be part of our rebel alliance.\n\nWe are recruiting a Software Engineer to work on our cyber-security product development.\n\nSkills and experience\n\nEssential\n\n\n* Expert-level knowledge of Java with 5+ years of experience\n\n* Experience of JavaScript and modern responsive front-end development (CSS3)\n\n* Experience working in product development\n\n* A good understanding of web technologies, e.g. HTML and RESTful APIs\n\n* Experience of developing enterprise-grade, high-performing and scalable applications\n\n* Expert knowledge of the Spring framework (including Spring Data, Spring Security) and JEE containers\n\n* Comfortable working with AWS and Linux for application development and deployment\n\n* Thorough understanding of application security and secure development practices\n\n* Proficient in application design and architecture\n\n* Knowledge of a variety of persistence technologies, to include SQL and NoSQL\n\n* Tenacious technical problem solver\n\n* Good communicator\n\n* Experience of working in Agile teams\n\n* Demonstrable experience of working with version control, build tools, code-quality and testing tools\n\n\n\n\nDesirable\n\n\n* Experience in Struts, Freemarker, Closure Templates\n\n* Experience of, or strong desire to learn SPA frameworks such as React, Angular or Vue\n\n* Experience of application integration points: e.g. SSO, SAML, LDAP, SSL/TLS\n\n* Familiarity with the Cyber Security domain, and standards such as STIX and TAXI\n\n* Jive development experience\n\n* Demonstrable passion for working on open systems including open standards and open source\n\n\n\n\nResponsibilities\n\n\n* Continually critique and improve how the team delivers\n\n* Architect secure software systems\n\n* Develop the technical roadmap for the product\n\n* Design and develop reliable and secure software components\n\n* Debug, solve and communicate technical problems\n\n* Consider the user at every point in development\n\n* Always be learning.\n\n\n\n\nWe make cool stuff, and we need you to help us make that stuff cool! Surevine gives its people a platform to develop their individual talents into strengths in an environment which expects creativity and is obsessive about innovation.\n\nMuch more about us here: https://www.surevine.com/jobs/


See more jobs at Surevine

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Scratch Financial


closed

Cyber Security Engineer


Scratch Financial


This job post is closed and the position is probably filled. Please do not apply.
\nWhat we're building\n\nScratchpay provides pet parents with simple friendly payment plans. We help pet parents to provide the care their pets need, easing the financial barrier. We are growing fast in the veterinary space and Veterinarian, Pet owners and pets across the US and Canada love us! Come help us help more pets!\n\n\nAbout the position\n\nThis position is about building the Scratchpay's ecosystem and securing it. It is about providing pet parents and clinics with the payment solution they need and working really hard in the background to protect their data, without them even worrying about it. It's about giving the business what it needs to grow safely, smoothly, and with as little surprises as possible when it comes to data and operational cyber security. \n\nIt's also about working with the engineering and operational teams to research, design, implement, deploy and maintain the best tools and practices there are to achieve our goal and mission and train all teams to make the best of it.\n\nThis is about pushing the edge of what has been done in Finance and Lending to build a scalable platform that can serve all-the-pets. However many (but the more the merrier). This is about working with a brilliant team that's been growing from 0 to 1 in 3 years and that is helping pets in all states in the US and Canada.\n\nThis job is for you if you recognize yourself in this:\n\n\n* I am a good mind\n\n* I can think for myself\n\n* I am critical of myself and others\n\n* I am always respectful\n\n* I ask questions when needed\n\n* I can understand the boundaries but have a lot of fun within them\n\n* I take my work seriously and never let down people\n\n* I work hard because I want to do the best that I can right now\n\n* I always observe and reflect on how to do better tomorrow\n\n* I like animals\n\n* I want everyone to be and feel safe\n\n\n\n\n\nAbout you\n\nIdeal Location: Europe (Portugal / Mid/Eastern Europe)\n\nIdeal Experience: 3-5+ years\n\nIdeal Background: Security consultant or working in Cyber Security at a Security Start-up, Financial start-up or data provider company\n\n\nRequirements\n\n\n* Bachelor’s degree in IT security or similar competency, with CISSP, CISA, CIS strongly preferred\n\n* Experience in the IT Field with at least 3 years emphasis on security\n\n* Experience planning, researching, and developing security policies, standards, and procedures\n\n* Experience developing and managing Business Continuity, Disaster Recovery, and Incident Response Plans and associated training programs\n\n* Experience with Next Gen security design and management\n\n* Solid network knowledge focusing on security\n\n* IDS monitoring and management including building necessary reports and alerts\n\n* Proficient in auditing and testing security\n\n\n\n\nYou will:\n\n\n* Implement advanced network threat protection tools\n\n* Manage IDS/IPS, SIEM, and EPP\n\n* Assist with Security Information and Event Management implementation\n\n* Assist with all security issues\n\n* Assist with web security gateway/internet proxy implementation and tuning\n\n* Research security issues, 0-day attacks and vulnerabilities and define remediation plans through risk ranking and scoring\n\n* Analyze threat intelligence, and serve as a SME for enterprise security operations\n\n* Monitor all security logs and events\n\n* Generate daily, weekly and quarterly reports that will be presented to manager\n\n* Create, implement and work in collaboration with the teams (DevOps, SysOps, Engineering, Operations) new initiative using security best practices\n\n* Perform internal pen-test and phishing attacks and trainings, coordinate quarterly independent pentesting\n\n* Mitigate security lapses found by external security company during vulnerability assessments and pen-tests and train users on security aspects in regard to any necessary IT security topic.\n\n\n\n\n\nHow to know if you are a good fit?\n\nIdeal Competencies\n\nLegend:\n\n\n* + = desirable\n\n* ++ = strongly desirable\n\n* ! = required\n\n* !! = strongly required\n\n\n\n\nCompetencies\n\n\n* Operational Strength\n\n\n\n* Accuracy (!!)\n\n* Devotion to quality (!!)\n\n* Planning (++)\n\n* Presenting (+)\n\n\n\n* Interpersonal Strength\n\n\n\n* Adaptability (!)\n\n* Cooperation (!!)\n\n* Creating Support (+)\n\n* Listening Skills (!)\n\n* Providing Feedback (!)\n\n* Social Skills (+)\n\n\n\n* Personal Strength\n\n\n\n* Assertiveness (++)\n\n* Drive (++)\n\n* Flexibility (!!)\n\n* Initiative (!)\n\n* Integrity (!!)\n\n* Personal Development (!)\n\n* Willingness to change (!)\n\n\n\n* Conceptual Strength\n\n\n\n* Analysing and forming opinions (!!)\n\n* Helicopter View (+)\n\n* Innovating (++)\n\n* Situational Awareness (!)\n\n* Strategic Insight (!!)\n\n\n\n\n\n\nIn other words, you will have to:\n\n\n* Have empathy;\n\n* Understand the position of others is critical. It is necessary to navigate through communication, mitigation and the culture\n\n* Be independent;\n\n* Yet know when to raise a point or ask for a clarification or escalate a potential issue\n\n* Communicate;\n\n* Speak your mind and expect others to. Engage in respectful and mindful conflict. Quality > quantity;\n\n* Know your stuff and know what you don't know;\n\n* Understand that no one is perfect but everyone can learn if they chose so. Be humble enough to know your weaknesses. Be open minded and hard working enough to be able to fix them;\n\n* Take constructive critics;\n\n* Ask yourself "how to know if I'm wrong?". You may not, but not challenging your thinking is unhealthy. We challenge each other a lot @Scratchpay;\n\n\n\n\n\nOur culture\n\nWe care about the human aspect of work and we expect others to. Excellence is also an important keyword @ Scratchpay. While everyone makes mistakes, we learn from them. We are conscious about efficiency and effectiveness in the positive way. We don't do things that bring low-to-no value short or long term. We also do hard things that bring a lot of value. Quality, attention to detail and respect are some of the traits you must have and expect others to have.\n\nThe good\n\n\n* We are a team of dedicated, hard working, friendly individuals\n\n* We move fast, sometimes break things with measure, we give a second chance\n\n* We give constructive feedback, we challenge each other\n\n* We are open-minded and we care for each other\n\n* Everyone is striving towards excellence. Mediocrity isn't our cup of tea. But we always work hard to help those that are willing to get there!\n\n\n\n\nThe bad\n\n\n* Everything goes fast and the ultimate goal is to move the business fast. There can be disconnects in the communication at times. We all need to navigate through this and push whenever it is critical to do so.\n\n* We are open-minded but things need to be moving forward.\n\n* We say what we have to. So expect to hear some unpleasant - but true - things sometimes. Don't hesitate to argue back - with respect - if you disagree.\n\n* Like any startup, It can be a mess some days. You also will likely have to do things that aren't in your scope sometimes. Part of the fun, right? ;)\n\n\n\n\nThe most important is: We are always looking at improving. All the time, step by step. If you feel mediocre and don't see a path to improvement or can't listen to others' voice to, please do not apply.


See more jobs at Scratch Financial

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Full Stack Engineer


Contrast Security


full stack

 

full stack

 
This job post is closed and the position is probably filled. Please do not apply.
\nContrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\nAbout the Position\nContrast is looking for a full stack enthusiast proficient in front-end technologies such as ReactJS and AngularJS and server-side API development written in Java/Spring interested in pursuing a life changing experience in the field of application security and continuous delivery. We are an exciting, young team that is growing leaps and bounds each month.\n\nThis team is tasked with the unique opportunity to advance our runtime and pre-compile code analysis capabilities. This includes providing enhanced techniques to improve the accuracy, findings and reporting of code analysis. It will also include driving and leading the next generation of product and offerings to make the Contrast platform the choice for code analysis tools among developers and security professionals.\n\nIdeal candidates have a background building highly scalable and responsive Single Page Applications (SPAs) using ReactJS, CSS/Bootstrap, visualization libraries such as D3, HighCharts or AMCharts, as well as other SVG based visualization plugins. We write a lot of GraphQL to interact with our REST layer to improve performance and data interaction.\n\nOur engineering team has a strong spirit of entrepreneurship. Every member of the team has joined us over our 5 year history because he/she wants to be part of a high-performing team and go through the startup experience. We look for candidates that share similar goals and beliefs about the work and the team they want to be a part of.\n\n\n\nResponsibilities\n\n\n* Build and maintain highly scalable server-side UI processes for the purpose of data collection, manipulation, data pruning, trending and analytics\n\n* Build web-based interfaces and applications and contribute to our platforms, style guide, APIs and libraries.\n\n* Design and development of a rich user interface for mission critical high-availability analytics application using front end technologies like TypeScript, Javascript, ES6, HTML, CSS, SASS, and D3.\n\n* Experience with at least one of the following frameworks: AngularJS, Backbone.js, ReactJS, Ember.js\n\n* Execute performance analysis and optimization of page render, data transfers and page load optimizations.\n\n* Participate in constant collaboration with teammates in the form of pair programming, group code reviews and pull requests prior to commit.\n\n* Work with design and product teams to build amazing, jaw-dropping features.\n\n* Give back to the Open Source Community whenever humanly possibly.\n\n* Work hand-in-hand with our Product Managers, UX/Designers and Customers on each feature and improvement.\n\n* Deploys: our engineers deploy multiple times a day to our AWS infrastructure.\n\n* On-call rotation: every member of the team, including the VP of Engineering participates in the on-call rotation.\n\n* Technical support: Our engineers don't just release code in the wild. When our customer have issues, we have to jump in and give them help.\n\n\n\n\nAbout You\n\n\n* You can join us in our amazing office in the Fells Point neighborhood of Baltimore.\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You have experience working in Java/Spring or Python/Flask to design and implement robust and scalable APIs.\n\n* Stellar visual skills and attention to detail.\n\n* You have extensive HTML5, CSS3 (Less), and JavaScript Framework (ReactJS) experience.\n\n* Experience with TypeScript and GraphQL.\n\n* Have an eye for quality and have an interest in using tools/frameworks like Enzyme, Prettier, ReactTestRenderer, Jest, JUnit, StoryBook, etc...\n\n* AWS Services: S3, EC2, CloudFront, Lambda.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* Your code is clean, your designs are elegant and you are constantly refactoring.\n\n* Multiple years experience working in Enterprise or Commercial Software development.\n\n* Own your work. Whether a nasty bug or an awesome feature, you put your name on every line of code.\n\n\n\n\nWhat We Offer\n\n\n* Competitive compensation package (salary + equity)\n\n* A fun and dynamic environment where you work with other like minded people on products which make a real difference to the security of our customers\n\n* In-office lunches\n\n* Medical, dental and vision benefits\n\n* Flexible paid time off\n\n* 401K\n\n\n


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Senior .NET Software Engineer

</