Remote InfoSec Jobs Open Startup
RSS
API
Remote HealthPost a job

find a remote job
work from anywhere

Browse 81+ Remote InfoSec Jobs in April 2021 at companies like Rumble, Sublime Security and 1password with salaries from $70,000/year to $135,000/year working as a Software Engineer, Senior Software Engineer or Senior Front End Engineer. Last post

Join 91,983+ people and get a  email of all new remote InfoSec jobs

Subscribe
×

  Jobs

  People

👉 Hiring for a remote InfoSec position?

Post a job
on the 🏆 #1 remote jobs board
Remote Health by SafetyWing
Global health insurance for freelancers & remote workers
Remote Health by SafetyWing
Global health insurance for freelancers & remote workers
Advertise here

This month's remote InfoSec jobs

Rumble


verified
🇺🇸 US-only

Senior Front End Engineer


Rumble

🇺🇸 US-only

software

 

golang

 

full stack

 

networking

 

software

 

golang

 

full stack

 

networking

 
## Why Rumble? \n\nRumble brings together the best of IT, security and networking technology to deliver amazing network discovery and asset inventory capabilities for modern enterprises.\n\nAn accurate network inventory is a fundamental building block of all security programs, yet most inventory products do a poor job of network-based discovery because they only see it as a stepping stone to the “real” product features. Legacy products work by sending sensitive credentials to every asset on the network and fail to handle today’s hybrid environments. Without a solid inventory, most companies struggle with attack surface reduction, network management, and incident response. \n\nRumble Network Discovery is a product of Rumble, Inc. We are a fully virtual, high-growth startup based in the United States. Our founders each have over 20 years of experience growing companies in the information security industry, including Rapid7, Veracode, BreakingPoint Systems, and PGP. \n\nRumble has already proven its market fit. Rumble appeals to companies of all shapes and sizes; we have customers that range from museums to Fortune 500 technology companies. We serve the low-end of the market through eCommerce and the mid-market and enterprise segment through inside sales. \n\n## The Opportunity\n\nWe're building the engineering team to lead Rumble into the future. Our work is a mix of Go development, low-level protocol research, standard web technologies, PostgreSQL, and a mix of cloud technologies and integrations. Our platform is cloud-agnostic, can be self-hosted, and builds from a single repository. We ship daily and focus on incremental delivery with fast turnaround for customer requests and bug fixes. We bootstrapped to product market fit and recently raised a $5m venture capital round to accelerate our growth. The company was cash-flow positive in 2020.\n\nWe’re looking for senior engineers that are excited about research-driven product development and want to help build a company focused on happy customers and product-led growth.\n\nWe're a fully remote company but you need to be located in the US, with US citizenship or permanent residency for healthcare, payroll, and legal reasons.\n\n\n## Position Summary\n\nWe're searching for a senior front-end engineer to grow our team! You will contribute to all stages of development, deployment, support, operations, and product planning. This position reports directly to the CEO today and will split into functional teams once the team expands. This is a growth opportunity for future engineering leadership as well as long-term individual contributors. \n\n## What Success Looks Like\n\n* Contribute your skills and knowledge to building, supporting, and operating an amazing product experience for our customers.\n\n* Self-task and coordinate with the rest of the engineering team to move the product forward and solve customer challenges.\n\n* Work with customers to identify bugs, understand gaps in product functionality, and flag opportunities for improvement.\n\n* Work closely and communicate effectively with functional teams across the company to keep our customer experience aligned with product and sales operations.\n\n\n## To be successful in this role, you ideally have\n\n* A strong track record of building products that customers love. \n\n* 5+ years of experience in programming-heavy front-end engineering roles with a demonstrated ability to ship quality results, frequently.\n\n* Extensive experience with web development (HTML, CSS, plain JS) and a solid understanding of the HTTP protocol and the web browser security model.\n\n* Extensive experience with design tools, either as a designer yourself, or working with designers through platforms like Figma.\n\n* A solid understanding of standard development tools and processes, including Git and issue-management systems.\n\n\n## Rumble’s Benefits \n\nWe offer an extensive set of benefits including: \n\n* Competitive salaries and a stock option plan.\n\n* Top of the line medical, dental, vision, life and disability coverages with Rumble paying for 99% of the premium. \n\n* A flexible vacation policy.\n\n* 401(k) match program. \n\n## Applying\n\nTo apply for this role, please send your resume and information about the products you have worked on to [email protected] \n\n**We encourage under-represented applicants to apply, even if you don't think you fit 100% of the criteria (nobody ever does)!** \n\n#Salary or Compensation\n$70,000 — $160,000/year\n\n\n#Location\n🇺🇸 US-only


See more jobs at Rumble

# How do you apply?\n\n To apply for this role, please send your resume and information about the products you have worked on to [email protected] We recommend signing up for a free tier or trial account at https://www.rumble.run first to better understand the product and what we do.
Apply for this position

Sublime Security

 

Senior Software Engineer  


Sublime Security


golang

 

dev

 

senior

 

engineer

 

golang

 

dev

 

senior

 

engineer

 
San Francisco, United States - ** Why Sublime **Nation states, criminal organizations, and lone wolves are attempting to phish businesses and consumers 24/7/365. When they succeed it can be extraordinarily destructive, costing a single business $100M (1), disrupting coronavirus research (2), and even impacti...


See more jobs at Sublime Security

Sublime Security


Software Engineer


Sublime Security


golang

 

dev

 

engineer

 

infosec

 

golang

 

dev

 

engineer

 

infosec

 
San Francisco, United States - ** Why Sublime **Nation states, criminal organizations, and lone wolves are attempting to phish businesses and consumers 24/7/365. When they succeed it can be extraordinarily destructive, costing a single business $100M (1), disrupting coronavirus research (2), and even impacti...


See more jobs at Sublime Security

Previous remote InfoSec jobs

This job post is closed and the position is probably filled. Please do not apply.
WP White Security is a young development company that develops high-quality WordPress security and management plugins. Our plugins are installed on more than 150,000 websites and are used by world renowned businesses such as Disney, Amazon, and Intel!\n\nJoin our growing distributed team and develop plugins that help thousands of WordPress websites administrators from all-over the world! We are looking for a senior PHP / JavaScript / WordPress developer that can work during European time zone hours. If you love writing code, a good challenge, and are fond of the WordPress and open-source communities, we want to hear from you.\n\nEven though we have a very large customer base, we are still a small team. So there is a lot of room to grow within the company.\n\n## What will your job be?\n\nYou will work on the development of our WordPress plugins portfolio. Your tasks will span from designing new features (with the team), writing code and bug fixing, expecting that new and changed code is thoroughly tested and well documented. You will also help the other developers, conduct code reviews of their code, test their code, help our support team solve customer issues, and interact with the rest of the team for knowledge sharing and product work.\n\n## Who are we looking for?\n\n* Excellent verbal and written English\n* Organized, methodological and can work with very little or no supervision\n* 5+ years experience working as a PHP / WordPress plugin developer (mostly back end development)\n* Hands on experience with testing automation and writing testable code (unit testing) etc\n* Strong background in scalable database usage with MySQL\n* Good understanding of Linux, Apache, MySQL and PHP (LAMP) environments\n* Hard working and passionate – we are a young start-up\n* [BONUS] Good skills in react.js and jQuery\n* [BONUS] good understanding of both WordPress and application security\n\n## Benefits of working for us\n\n* Work from anywhere (during European time zone hours)\n* Job security and competitive salary\n* Work in a flat, small, and friendly organization\n* Paid educational materials (including but not limited to online courses and books)\n* Opportunities for paid travel to attend WordCamps\n* Long term engagement – we are looking for a committed candidate who within a few years can become a team lead and a source of knowledge\n\n**Compensation**\nThe salary for this position depends on your experience and technical skills. This is something we will discuss during the application process.


See more jobs at WP White Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Shopify


verified closed
🌏 Worldwide

Staff Data Security Developer


Shopify

🌏 Worldwide

devops

 

infrastructure

 

data

 

security

 

devops

 

infrastructure

 

data

 

security

 
This job post is closed and the position is probably filled. Please do not apply.
Shopify’s platform is growing at an incredible rate, generating vast amounts of data. We leverage the cloud in order to move fast and produce great results. While we operate a comprehensive data stack, we’ve still got a lot of work to do, and that’s where you can lean in. We face many challenges head-on to ensure that our data moves seamlessly throughout our infrastructure in a safe and secure manner, while providing new insights and features. \n\nWe’re looking for engineers with a background in infrastructure, security and cloud technologies, DevOps, and an SRE mindset to collaborate on these challenges and deploy platform services at a very large scale. You’ll need a curiosity of how our systems work under the hood, and how we can leverage them to grow and protect the hundreds of thousands of entrepreneurs that use Shopify.\n\n**You'll be working on:**\n* Ensuring that our data platform stays online, secure, and performant\n* Creating and deploying infrastructure around specific security requirements\n* Developing configuration management and automation tools\n* Building out our monitoring and analytics tooling to get insights about our platform usage\n* Building a world-class data analytics platform to help both internal and external customers, focusing on making the lives of our hundreds of thousands of merchants better\n\n**You’ll need to have:**\n* A systems-level approach; you’ve worked across the entire stack, from the OS all the way up to the application layer\n* Cloud Platform experience (GCP/AWS/Azure)\n* Technical leadership experience mentoring other engineers\n* Comfort with multiple languages; you’re a low-level generalist who is comfortable with multiple languages such as Go, Python and languages which target the JVM like Java, Scala or Kotlin\n* A passion for troubleshooting and finding the solution for the long-term; you don’t accept the easy solution as the only solution, and will dig to ensure that we put the long-term benefit of our merchants and stakeholders first\n* Well-founded opinions about writing code and approaching problems; you’re comfortable with automated testing, code refactoring, and software engineering best practices\n* Excitement for working with a remote team; you value collaborating on problems, asking questions, delivering feedback, and supporting others in their goals whether they are in your vicinity or entire cities apart\n\n**It'd be nice if you have experience:**\n* Working with data at petabyte scale\n* Securing a data platform and integrating security best practices at all phases of the development lifecycle\n* Implementing privacy compliance in a data stack - for example, CCPA, GDPR\n* Working with a modern data stack, including Spark, Beam, Presto, Hive, Airflow, and other big data tools and frameworks\n* Developing and orchestrating large Docker deployments with Kubernetes\n\nAt Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous people, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.\n\nShopify is now permanently remote and working towards a future that is digital by default. Learn more about what this can mean for you.\n\n#Location\n🌏 Worldwide


See more jobs at Shopify

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
This job post is closed and the position is probably filled. Please do not apply.
Aha! engineering is a mid-sized, fully remote team that is highly productive. We are centered around North American time zones so we can collaborate during the workday.\n\n**Our team**\n*  **We utilize [The Responsive Method](https://www.aha.io/company/the-responsive-method)**: The eight principles drive how we operate Aha! and serve customers and employees.\n*  **We move quickly**: We ship code multiple times a day. We believe in getting new features in front of customers and iteratively improving as we learn what works and what does not.\n*  **We collaborate:** We each bring unique experiences and skills to the table. Working together to share that knowledge benefits the entire team and helps us produce the best results for our customers.\n*  **We value product over process:** We want the team to have the time and focus to solve complex challenges. We aim to minimize the overhead introduced by heavyweight processes and excessive meetings.\n*  **We are happy:** it is important to us that you love your job and are happy at work. Learn more about our company [values](https://www.aha.io/company/culture). Check out our generous [benefits](https://www.aha.io/company/careers/benefits).\n\n**Our technology**\n\nOur sole product is the Aha! web application. It is a single-instance, multi-tenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), and memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.\n\nWe use React for rich client-side experiences on the front end. Some of the features we have built with React include:\n\n* Our fully collaborative [text editor](https://www.aha.io/blog/collaborative-writing): Supports multiple cursors and simultaneous editing by any number of users. We also published a [blog post](https://www.aha.io/engineering/articles/how-to-build-collaborative-text-editor-rails) explaining the underlying technology.\n* Our [presentation editor](https://www.aha.io/blog/product-roadmap-presentation-editor): Allows users to create presentations with slide themes, shapes, text, and embedded Aha! reports (which update live so the presentation is always current).\n* Our [Gantt chart](https://www.aha.io/blog/roadmap-gantt-chart): Supports scaling and scrolling to change the timeline, drag-and-drop, and quick actions to create records or sort the bars.\n* We embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new library or platform brings. We solve the problems in front of us, rather than prematurely optimizing to address issues that may never materialize.\n* We do most of our collaboration and planning in Aha! itself, which we find especially rewarding. We also utilize GitHub, Slack, and GoToMeeting for video calls.\n\n**Your experience**\nWe believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. You have strong problem-solving skills and experience working on important functionality for a cloud-based product. You are humble, eager to learn, and always willing to help others learn as well. You want to work with people who enjoy picking up a problem and solving it, regardless of the technologies and techniques involved.\n\nThe Aha! security team is part of the engineering team and is product focused. As a Senior Security Engineer, you can expect to spend the majority of your time working with Ruby on Rails and JavaScript code for security reviews, investigations, updates, and implementing security features.\n\n**Your work at Aha!**\nWe maintain security controls and perform security reviews on a broad range of features across the full stack. Your work will include:\n\n* Security code reviews that go above and beyond what can be found through scanning tools (which we use too!)\n* Cloud and network security reviews of Amazon Web Services infrastructure that is implemented via infrastructure as code\n* Monitoring third-party dependency vulnerability reports and applying fixes and mitigations\n* Sharing security findings and new developments internally for ongoing education\n* Participating in security monitoring, incident response, and investigations\n\nIf this sounds appealing, we would love to hear from you. A real human reviews every application. \n\n#Salary or Compensation\n$110,000 — $160,000/year\n\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!

 

closed
North America

Sr Security Engineer — Ruby on Rails  


Aha!

North America

security

 

ruby on rails

 

code review

 

infosec

 

security

 

ruby on rails

 

code review

 

infosec

 
This job post is closed and the position is probably filled. Please do not apply.
Aha! engineering is a mid-sized, fully remote team. We are centered around North American time zones so we can collaborate during the workday.\n\n# Our core values\n# \n* [The Responsive Method](https://www.aha.io/company/the-responsive-method): These 8 principles drive how we operate Aha! and serve customers and employees.\n* Moving quickly: We ship code multiple times a day. We believe in getting new features in front of customers and iteratively improving as we learn what works and what does not.\n* Product over process: We want our engineers to have the time and focus to solve complex challenges. We aim to minimize the overhead introduced by heavyweight processes and excessive meetings.\n* Collaboration: We each bring unique experiences and skills to the table. Working together to share that knowledge benefits the entire team and helps us produce the best results for our customers.\n# Who we're looking for\n# \nWe believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. We look for strong problem-solving skills and experience working on important functionality for a cloud-based product. We need people who are humble, eager to learn, and always willing to help others learn as well. We want to work with people who enjoy picking up a problem and solving it, regardless of the technologies and techniques involved.\n\nThe Aha! security team is part of the engineering team and is product focused. As a Senior Security Engineer, you can expect to spend the majority of your time working with Ruby on Rails and JavaScript code for security reviews, investigations, updates, and implementing security features.\n\n# Our technology\n# \nOur sole product is the Aha! web application. It is a single-instance, multi-tenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), and memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.\n\nWe use React for rich client-side experiences on the front end. Some of the features we have built with React include:\n\n* Our fully [collaborative text editor](https://www.aha.io/blog/collaborative-writing): Supports multiple cursors and simultaneous editing by any number of users. We also published a blog post explaining the underlying technology.\n* Our [presentation editor](https://www.aha.io/blog/product-roadmap-presentation-editor): Allows users to create presentations with slide themes, shapes, text, and embedded Aha! reports (which update live so the presentation is always current).\n* Our [Gantt chart](https://www.aha.io/blog/roadmap-gantt-chart): Supports scaling and scrolling to change the timeline, drag-and-drop, and quick actions to create records or sort the bars.\n\nWe embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new library or platform brings. We solve the problems in front of us, rather than prematurely optimizing to address issues that may never materialize.\n\nWe do most of our collaboration and planning in Aha! itself, which we find especially rewarding. We also utilize GitHub, Slack, and GoToMeeting for video calls.\n\n# What you’ll be doing\n# \nWe maintain security controls and perform security reviews on a broad range of features across the full stack. Your work will include:\n\n* Security code reviews that go above and beyond what can be found through scanning tools (which we use too!)\n* Cloud and network security reviews of Amazon Web Services infrastructure that is implemented via infrastructure as code\n* Monitoring third-party dependency vulnerability reports and applying fixes and mitigations\n* Sharing security findings and new developments internally for ongoing education\n* Participating in security monitoring, incident response, and investigations\n\nIf this sounds appealing, we would love to hear from you. A real human reviews every application, so please use the form to help us learn more about you.\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Doximity


verified closed
North America

Software Engineer Security


Doximity

North America

software engineer

 

security

 

health tech

 

hackerone

 

software engineer

 

security

 

health tech

 

hackerone

 
This job post is closed and the position is probably filled. Please do not apply.
Doximity is transforming the health care industry. Our mission is to help clinicians be more productive, informed, and connected. As a software engineer, you'll work within cross-functional delivery teams alongside other engineers, designers, and product managers in building software to help improve health care.  \n\nOur [team](https://www.doximity.com/about/company#theteam) brings a diverse set of technical and cultural backgrounds and we like to think pragmatically in choosing the tools most appropriate for the job at hand.\n\n**Here's How You Will Make an Impact**\n\n* Help maintain our private security bug bounty program hosted on [hackerone](https://www.hackerone.com/): this involves engaging security researchers, validating security finds, determining impact/risk, awarding bounties, and fixing or coordinating remediation efforts.\n* Help set good security posture; this includes finding bad security habits in applications and encapsulating good secure defaults into libraries/modules, creating training materials for application developers, etc.\n* Work side-by-side with the rest of the infrastructure, application, and data teams to empower all of engineering to move quickly while meeting security requirements.\n* Design and implement secure and easy-to-use tooling and abstractions for other teams to leverage.\n* Active involvement in the design, implementation, and maintenance of the development, staging, and production infrastructure.\n* Participate in an on-call rotation for the services owned by your team.\n* Help ensure the stability and uptime of services within the organization.\n* Create concise post-mortems in the event of an outage.\n* Write and maintain run-books for other engineers to leverage.\n* Ensure proper security, monitoring, alerting, and reporting.\n\n**What we’re looking for**\n\n* You’re a software engineer with more than 4 years of experience and a deep understanding of software engineering practices.\n* You either have experience with security or really want to dive in headfirst and learn.\n* You don’t shy away from:\n* Reading, reviewing, and implementing our implementation of the [oauth spec](https://tools.ietf.org/html/rfc6749).\n* Getting dirty with CORS, CSRF, XSS, etc\n* Our web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and a bit of Golang\n* You have experience working with Terraform and Chef (or similar tooling).\n* You are proficient with Linux/Unix, AWS, and Git.\n* You are able to maintain a minimum of 5 hours overlap with 9:30 to 5:30 PM Pacific time.\n* You can dedicate about two weeks per year for travel to company events.\n\n**Benefits & Perks**\n\n* Generous time off policy\n* Comprehensive benefits including medical, vision, dental, Life/ADD, 401k, flex spending accounts, commuter benefits, equipment budget, educational resources and conference access\n* Family support and planning benefits\n* Pre-IPO stock incentives\n* .. and much more! For a full list, see our [career page](https://work.doximity.com/)\n\n**About Doximity**\n\n* Here are [some of the ways we bring value to doctors](https://drive.google.com/file/d/1qimYh0mG3i1nTJe6jDCDepJt2i4o8MEB/view)\n* Our web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and Golang\n* Our data engineering stack run on Python, MySQL, Spark, and Airflow\n* Our production application stack is hosted on AWS and we deploy to production on average 50 times per day\n* We have over 350 private repositories in Github containing our applications, forks of gems, our own internal gems, and [open-source projects](https://github.com/doximity)\n* We have worked as a distributed team for a long time; we're currently about [65% distributed](https://blog.brunomiranda.com/building-a-distributed-engineering-team-85d281b9b1c)\n* Find out more information on the [Doximity engineering blog](https://technology.doximity.com/)\n* Our company [core values](https://work.doximity.com/)\n* Our [recruiting process](https://technology.doximity.com/articles/engineering-recruitment-process-doximity)\n* Our [product development cycle](https://technology.doximity.com/articles/mofo-driven-product-development)\n* Our [on-boarding & mentorship process](https://technology.doximity.com/articles/software-engineering-on-boarding-at-doximity)\n\nWe’re thrilled to be named the Fastest Growing Company in the Bay Area, and one of Fast Company’s Most Innovative Companies. Joining Doximity means being part of an incredibly talented and humble team. We work on amazing products that over 70% of US doctors (and over one million healthcare professionals) use to make their busy lives a little easier. We’re driven by the goal of improving inefficiencies in our $3.5 trillion U.S. healthcare system and love creating technology that has a real, meaningful impact on people’s lives. To learn more about our team, culture, and users, check out our careers page, company blog, and engineering blog. We’re growing fast, and there’s plenty of opportunities for you to make an impact—join us!\n\n*Doximity is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.*\n\n#Location\nNorth America


See more jobs at Doximity

# How do you apply?\n\n This job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.

Doximity


verified closed
North America

Software Engineer Security


Doximity

North America

security

 

devops

 

health care

 

hackerone

 

security

 

devops

 

health care

 

hackerone

 
This job post is closed and the position is probably filled. Please do not apply.
Doximity is transforming the healthcare industry. Our mission is to help doctors be more productive, informed, and connected. As a software engineer, you'll work within cross-functional delivery teams alongside other engineers, designers, and product managers in building software to help improve healthcare.  \n\nOur team brings a diverse set of technical and cultural backgrounds and we like to think pragmatically in choosing the tools most appropriate for the job at hand.\n\n**Here's How You Will Make an Impact**\n\nHelp maintain our private security bug bounty program hosted on [hackerone](https://www.hackerone.com/): this involves engaging security researchers, validating security finds, determining impact/risk, awarding bounties, and fixing or coordinating remediation efforts.\nHelp set good security posture; this includes finding bad security habits in applications and encapsulating good secure defaults into libraries/modules, creating training materials for application developers, etc.\nWork side-by-side with the rest of the infrastructure, application, and data teams to empower all of engineering to move quickly while meeting security requirements.\nDesign and implement secure and easy-to-use tooling and abstractions for other teams to leverage.\nActive involvement in the design, implementation, and maintenance of the development, staging, and production infrastructure.\nParticipate in an on-call rotation for the services owned by your team.\nHelp ensure the stability and uptime of services within the organization.\nCreate concise post-mortems in the event of an outage.\nWrite and maintain run-books for other engineers to leverage.\nEnsure proper security, monitoring, alerting, and reporting.\n\n**What we’re looking for**\n\nYou’re a software engineer with years of experience and a deep understanding of software engineering practices.\nYou either have experience with security or really want to dive in headfirst and learn.\nYou are not afraid of:\nReading, reviewing, and implementing our implementation of the oauth spec.\nGetting dirty with CORS, CSRF, XSS, etc\nYou’re proficient in:\nRuby, Python, or Golang. Not afraid to learn the rest.\nJavascript\nYou have experience working with Terraform and Chef (or similar tooling).\nYou are proficient with Linux/Unix, AWS, and Git.\nYou are self-motivated and able to manage yourself and your own queue.\nYou are a problem solver with a passion for simple, clean, and maintainable solutions.\nYou agree that concise and effective written and verbal communication is a must for a successful team.\nYou are able to maintain a minimum of 5 hours overlap with 9:30 to 5:30 PM Pacific time.\nYou can dedicate about two weeks per year for travel to company events.\n\n**Benefits & Perks**\n\nGenerous time off policy\nComprehensive benefits including medical, vision, dental, Life/ADD, 401k, flex spending accounts, commuter benefits, equipment budget, and continuous education budget\nPre-IPO stock incentives\n.. and much more! For a full list, see our career page\n\n**About Doximity**\n\nHere are some of the ways[ we bring value to doctors](https://drive.google.com/file/d/1qimYh0mG3i1nTJe6jDCDepJt2i4o8MEB/view)\nOur web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and Golang\nOur data engineering stack run on Python, MySQL, Spark, and Airflow\nOur production application stack is hosted on AWS and we deploy to production on average 50 times per day\nWe have over 350 private repositories in Github containing our applications, forks of gems, our own internal gems, and [open-source projects](https://github.com/doximity)\nWe have worked as a distributed team for a long time; we're currently [about 65% distributed](https://blog.brunomiranda.com/building-a-distributed-engineering-team-85d281b9b1c)\nFind out more information on the [Doximity engineering blog](https://technology.doximity.com/)\nOur [company core values](https://work.doximity.com/)\nOur [recruiting process](https://technology.doximity.com/articles/engineering-recruitment-process-doximity)\nOur [product development cycle](https://technology.doximity.com/articles/mofo-driven-product-development)\nOur [on-boarding & mentorship process](https://technology.doximity.com/articles/software-engineering-on-boarding-at-doximity)\n\nWe’re thrilled to be named the Fastest Growing Company in the Bay Area, and one of Fast Company’s Most Innovative Companies. Joining Doximity means being part of an incredibly talented and humble team. We work on amazing products that over 70% of US doctors (and over one million healthcare professionals) use to make their busy lives a little easier. We’re driven by the goal of improving inefficiencies in our $3.5 trillion U.S. healthcare system and love creating technology that has a real, meaningful impact on people’s lives. To learn more about our team, culture, and users, check out our careers page, company blog, and engineering blog. We’re growing fast, and there’s plenty of opportunities for you to make an impact—join us!\n\n*Doximity is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.*\n\n \n\n \n\n#Location\nNorth America


See more jobs at Doximity

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

PrintWithMe, Inc.


closed
🇺🇸 US-only

Software Engineer


PrintWithMe, Inc.

🇺🇸 US-only

python

 

aws

 

rails

 

tdd

 

python

 

aws

 

rails

 

tdd

 
This job post is closed and the position is probably filled. Please do not apply.
Are you looking for a flexible work environment where you can take real ownership of a product? Do you approach software development from a test-driven and security-minded point of view? If so, we have an exciting career opportunity for you!\n\n# Responsibilities\n * Develop software using TDD and Agile methodologies.\n* Pair (virtually) with our Lead Engineer regularly to solve interesting problems.\n* Help architect the infrastructure that runs our software using Infrastructure as Code and DevOps best practices.\n* Scale systems to meet increasing demand.\n* Improve the availability and resilience of existing systems.\n* Collaborate with our diverse team to solve problems across all departments in our company.\n* Interact directly with CEO during product road-mapping. Have a real voice and seat at the table. \n\n# Requirements\n*** Minimum of 3 years full-time software engineering experience. Required.**\n* While this position is Remote (U.S.), you must reside in the United States and be authorized to work.\n* You must be passionate about building high-quality software with user security and privacy in mind.\n* You have a learning mentality, constantly reading about and testing out new technologies.\n* You have proficiency in multiple programming languages and you have a pragmatic approach about choosing the correct language for the job.\n* Python is our primary language and experience with it is a plus.\n* You have experience managing AWS services in production environments, including ECS, RDS, EC2, and S3.\n* You are fluent in English.\n* We demonstrate high integrity in everything you do.\n* You must be available for certain meetings and pairing sessions weekly, but other than that, **scheduling your time to code is generally flexible. We are a very trusting environment.** \n\n#Salary or Compensation\n$90,000/year\n\n\n#Location\n🇺🇸 US-only


See more jobs at PrintWithMe, Inc.

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!


closed
North America

Security Engineerruby on Rails


Aha!

North America

security

 

ruby on rails

 

infosec

 

ruby

 

security

 

ruby on rails

 

infosec

 

ruby

 
This job post is closed and the position is probably filled. Please do not apply.
Are you a Security Engineer who is passionate about finding and fixing security vulnerabilities in a sophisticated SaaS platform? Do you want to work with cutting-edge visualization, collaboration, and social ideation technologies at the same time?\n\nAs a Senior Security Engineer at Aha!, you will have an excellent opportunity to join a self-funded and profitable company that is growing fast. Aha! was founded by a proven team of experts. More than 300,000 users worldwide trust our roadmap software to build products customers love.\n\n# Responsibilities\n **We are looking for someone who:**\n* Finds joy in breaking (and then fixing) software\n* Has experience with Ruby on Rails and Javascript based applications\n* Has experience with AWS\n* Has worked on compliance projects and security policy development\n* Has driven security initiatives or delivered security training\n* Wants to be great and work in a fast-moving, online environment where the end-user is key \n\n# Requirements\n**We are committed to being great, and we want someone who:**\n* Can work at a fast-paced company where the feedback cycle is measured in hours rather than weeks\n* Has a background of delivering superb work again and again\n* Is seeking a career-defining opportunity and a proven, results-oriented team that has sold multiple software companies\n* Is interested in collaborating with software engineers to grow their skills and career\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!


closed
North America

Security Engineer


Aha!

North America

ruby on rails

 

application security

 

infosec

 

ruby

 

ruby on rails

 

application security

 

infosec

 

ruby

 
This job post is closed and the position is probably filled. Please do not apply.
Are you a Security Engineer who is passionate about finding and fixing security vulnerabilities in a sophisticated SaaS platform? Do you want to work with cutting-edge visualization, collaboration, and social ideation technologies at the same time?\n\nAs a Senior Security Engineer at Aha!, you will have an excellent opportunity to join a self-funded and profitable company that is growing fast. Aha! was founded by a proven team of experts. More than 300,000 users worldwide trust our roadmap software to build products customers love.\n\n# Responsibilities\n * Can work at a fast-paced company where the feedback cycle is measured in hours rather than weeks\n* Has a background of delivering superb work again and again\n* Is seeking a career-defining opportunity and a proven, results-oriented team that has sold multiple software companies\n* Is interested in collaborating with software engineers to grow their skills and career \n\n# Requirements\n* Finds joy in breaking (and then fixing) software\n* Has experience with Ruby on Rails and Javascript based applications\n* Has experience with AWS\n* Has worked on compliance projects and security policy development\n* Has driven security initiatives or delivered security training\n* Wants to be great and work in a fast-moving, online environment where the end-user is key \n\n#Salary or Compensation\n$135,000/year\n\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

1Password


closed

DevOps Security Engineer


1Password


infosec

 

devops

 

engineer

 

devops

 

infosec

 

devops

 

engineer

 

devops

 
This job post is closed and the position is probably filled. Please do not apply.
Over 80,000 businesses and millions of people use 1Password to protect their most important information. We’re a kind, curious, and customer-focused team on a mission to build the world's most-loved password manager and give people more control over their data.\n\nAt 1Password, customer privacy and security come first and foremost; this commitment informs everything we do, and the Security Team is responsible for upholding this commitment. We are a passionate team that really cares about protecting our customers, and we’re looking for new team members that share this passion. \n\nAs a DevOps Security Engineer, you’ll be working as part of the Security Engineering team, helping us continue to raise the bar for security in our DevOps environment. This includes enhancing the security of our existing platform and assisting with the design and build of new platforms.\n\nWhen we say bring your whole self to work, we mean it. You'll join a diverse and inclusive community, built on trust, support and respect. Be yourself, find your people and share the things you love. As we continue to build our global team, we welcome all individuals and do not discriminate on the basis of gender identity, race, ethnicity, disability, sexual orientation, education, languages spoken, and veteran's status. \n


See more jobs at 1Password

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

By - Access Control Systems


closed

C++ Software Architect For The Next Generation High Security Access Control


By - Access Control Systems


infosec

 

architecture

 

dev

 

c

 

infosec

 

architecture

 

dev

 

c

 
This job post is closed and the position is probably filled. Please do not apply.
\nAre you passionate about working on singular and high-tech projects? Are you passionate about designing and shaping a product on an end-to-end basis? Are you excited to push the state-of-the-art on security software?\n\nThis is a unique opportunity to work with true innovation.\n\nBY Techdesign provides the most powerful and intuitive Access Control Systems, where hardware and software merge seamlessly in a unique solution that guarantees security of some of the most demanding enterprises. From banks to large corporate buildings, we have mastered the art of security.\n\nWith +40 years expertise, we are proud of our R+D team, we are committed to innovation and we can say out loud that we invest 20% of our anual sales on R+D. You will work with an innovative team drive by curiosity, ambition, continuous evolution and an urge for excellence. Facing an evolving market and many fascinating challenges in technology, we need your expertise to help us get to the next level. \n\nCome join us in our mission of developing a smarter and safer world and creating software and security systems that make a difference!\n\nWhat We Offer\n\n\n* Passionate and supportive working culture\n\n* Emphasis on professional and personal growth\n\n* Flat hierarchies\n\n* High profile team that is driven by the pursuit of excellent results\n\n* Part of By Techdesign, a company with a strong focus on innovation and R+D, where you will be constantly learning and constantly getting to work on new projects.\n\n* Attractive compensation for high qualified profiles\n\n* Employees are expected to be onsite, however, flexible working arrangements may be available\n\n\n\n\nWho We Are\n\nWe are a Spanish technology company, with 40 years’ experience designing, developing and manufacturing Access Control and Video-intercom systems and high-end security solutions. Leading brands and enterprises in every single market vertical use our unique systems to ensure the protection of their people and most valuable assets.\n\nIn our Madrid based R+D centre we develop software technology for all our solutions, from embedded software that runs inside readers or controllers to whole software web applications and APPs that manage high-demanding security sites.\n\nOur development language is C++. We are looking for people that are willing to design systems architecture for Linux, Windows and Mobile platforms, including specifications, development, testing and technical documentation.\n\nWhat we value the most:\n\n\n* Strong C++ skills (C++11, C++14, C++17)\n\n* More than 5 years of experience as Software Architect, designing end-to-end products\n\n* Experience in the security field or related fields will be extra valued\n\n* Object Oriented and Component Oriented Methodologies\n\n* Strong knowledge of development with unitary tests.\n\n* Expert level in TCP/IP stack (LAN and WAN environments)\n\n* Relational databases (MariaDB, MySQL, SQLite, SQL Server, Oracle, etc.) and non-relational databases (MongoDB, Cassandra, CouchDB, etc.) and ORM’s (QxOrm, Debea, EntityFramework, nHibernate, OrmLite, etc.) and replication.\n\n* Desing of Client / Server systems with REST and SOAP interfaceand web client-\n\n* Test-Driven Methodologies (TDD)\n\n* Design patterns and dependencies injection, abstraction and components reusing.\n\n* Framework Qt 5.3 or higher and Protocol Buffers.\n\n* High Quality Code development (memory leaks, performance, fault tolerant, etc.)\n\n* Project management (software projects) using Agile methodologies (SCRUM / Kanban)\n\n\n\n\nWe love people with…\n\n\n* Active ambition to become a technology leader\n\n* Eagerness to continuously grow and self-motivated\n\n* Analytical skills and self-organized\n\n* Energetic and willing to work in a team-oriented company\n\n* Top performer and proactive\n\n* Fluent in Spanish\n\n\n


See more jobs at By - Access Control Systems

# How do you apply?\n\n This job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.

Hopper

 

closed

Security Engineer  


Hopper


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
ABOUT HOPPER\n\nAt Hopper, we’re on a mission to build the most customer-centric travel company on earth. We are leveraging the power that comes from combining massive amounts of data and machine learning to build the world’s fastest-growing mobile first travel marketplace -- one that enables our customers to save money and travel better.\n\nHopper’s goal is to reduce traveler anxiety throughout all stages of the trip buying and taking process. By creating a transparent travel marketplace and unique, data-driven financial technology products focused on providing peace-of-mind, Hopper adds value along each step of the customer’s journey.\n\nHopper has launched several bespoke fintech products that leverage our immense first and third-party data to create products and value that do not exist elsewhere - including Refundable and Flexible Tickets and Price Freeze. Thanks to these offerings, Hopper’s revenue growth is up 112% despite the travel slowdown due to COVID-19.\n\nWith over $250M CAD in funding from leading investors in both Canada and the US, Hopper is primed to continue its acceleration to becoming the world’s fastest-growing end-to-end customer-centric travel offering.\n\nRecognized as one of the world’s most innovative companies by Fast Company three years in a row, Hopper has been downloaded over 50 million times and sees over 1 million new installs per month. The app has received high praise in the form of mobile accolades such as the Webby Award for Best Travel App of 2019. \n\nCome take off with us!\n\nTHE ROLE\n\nAs a Security Engineer, you will be a core member of Hopper's Information Security Team within Hopper's B2B partnerships group. This role represents a key position responsible for the continuous safeguarding of Hopper's data, assuring the trust of our customers and partners, and executing on the organization’s Information Security strategy.\n\nBENEFITS\n\n• Well-funded and proven startup with large ambitions, competitive salary and stock options\n• Dynamic and entrepreneurial team where pushing limits is everyday business\n• 100% employer paid medical, dental, vision, disability and life insurance plans\n• Access to a 401k (US) or Retirement Savings Plan (Canada)


See more jobs at Hopper

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Seamless.AI

 

closed

Cloud Security Engineer US  


Seamless.AI


infosec

 

cloud

 

engineer

 

infosec

 

cloud

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
The Opportunity\nThe Cloud Security Engineer will be responsible for a variety of tasks. The candidate must be able to work in a fast-paced environment, manage and execute upon security requirements for the company, and oversee agendas and budgets for projects. It is crucial this candidate is amplifying their individual contribution, their professional growth and their capability to work effectively with team members as well supporting the growth of any direct reports.\n\nAbout Seamless\nSeamless delivers the world’s best sales leads. Through our product, we help sales teams maximize revenue, increase sales, and easily acquire their total addressable market using artificial intelligence; by development of a robust real-time contact and company search engine as well as a suite of technically-advanced tools to support sales and lead generation. We have been recognized as one of Ohio’s fastest growing companies and has been awarded recently for Best Technology Company of the year in 2019 by NJTC, Best Place to Work in 2020, Top 50 Ohio-Based Startups by VentureOhio and Ranked in LinkedIn’s Top 50 Startups of 2020! \n\nThe Seamless Family\nWe have an amazing culture and work environment that anyone would want to be a part of. We encourage a culture of positivity. We thrive off of continuous feedback and do whatever it takes to help our team and customers be successful. You will grow as an individual, professionally, and be able to see and feel the impact you are making to the growth of Seamless every day.\n\n\nDisclaimer: This is a full-time remote position. We are headquartered out of Columbus, OH but currently open to remote or local candidates. We are open to assisting with relocation in the right circumstance. Visa Sponsorship is not included in our hiring package. Applicants will need to be authorized to work in the U.S.\n\nWe are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.\n\nNo Recruiters. This is an internal position our internal team is hiring for.


See more jobs at Seamless.AI

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

NowPow


closed

Security DevOps Engineer


NowPow


infosec

 

devops

 

engineer

 

devops

 

infosec

 

devops

 

engineer

 

devops

 
This job post is closed and the position is probably filled. Please do not apply.
\nNowPow, whose name is a play on knowledge is power, is a women-owned and led technology business based on Chicago's south side. NowPow's multi-sided platform is a personalized community referral management solution that enables care professionals - social workers, physicians, justice workers - to manage and close the loop on health and social service referrals and also directly supports patients, members, and clients in their own self care. NowPow helps people get the care they need, whether they are managing chronic health and social conditions or just staying well.\nThe Role:\nAs a Security and DevOps Engineer at NowPow, you will be responsible for NowPow's Azure environment and costs, NowPow's HIPAA compliant security program, and managing our build, automation, and test pipelines.\nYou will build tools to optimize and manage our Azure cloud environment. You will own NowPow's security program and document, certify, and explain the program to our customers while managing its activities (including automated scanning, penetration tests, and certification processes). You will own and manage our platform automation, including deployment/CI pipelines and build/test automation processes.\nAs a growing startup, you will need to own all things Azure for our teams and help us to identify missing skills and new processes as our systems grow. You will be responsible for our platform's security, monitoring, and costs.\nAn ideal candidate will have 2+ years of experience using Microsoft Azure as a hosting platform and expertise in using cloud infrastructure frameworks is required.\nWhat you'll do:\nMonitor and manage the NowPow Platform's Hosting Environment:\n* Monitor activity within the NowPow's Azure cloud environment\n* Optimize and monitor our costs and plan and implement cost saving initiatives with engineering leadership\n* Manage NowPow's system monitoring solutions and help us go from 99% uptime to five-nines (99.999% uptime)\n* Monitor and automate platform scaling to improve performance and optimize costs\n* Inventory and manage all cloud resources and archive and delete as needed\n* Evaluate advancements in cloud technologies and share with our teams\n\n\nRun the NowPow Platform Security Program:\n* Partner with our operations team on HIPAA security and privacy monitoring activities\n* Manage NowPow's recurring security activities (including automated scans and tests, penetration testing, etc.…)\n* Work with our Sales team on customer security review processes and RFP/RFI questions around security\n* Own and document overall platform security and review with customer IT teams as needed\n* Evaluate security compliance programs (such as HITRUST, SOC2, etc…) and work across departments to implement and manage\n\n\nSupport our Engineering, QA, Analytics, and Product Support teams:\n* Partner with the Architecture and R+D team to test new Azure features and build new solutions as needed\n* Automate more of the customer provisioning process with our Product Support team\n* Work with our QA team to update our automated testing pipelines and strategy\n* Coordinate with engineering to improve our CI build and test pipelines\n\n\nWhat will make you successful:\n* BS or MS in computer science, or equivalent.\n* 2+ years of DevOps experience with the Azure cloud infrastructure with extensive cloud infrastructure framework experience required\n* CI/CD experience with TeamCity, Jenkins, TFS, or other CI frameworks\n* Experience with deployment automation tools (like Octopus or Azure DevOps) is preferred\n* Scripting and environment automation experience required\n* Experience working with security compliance programs such as HITRUST, SOC2, ISO 27001, FedRAMP and PCI is preferred\n* Excellent verbal and written communication skills.\n* Comfortable adopting to new technologies quickly\n\n\nWhy NowPow?\nWe work at NowPow because we care! NowPowers are passionate about our mission and are excited about the opportunities and challenges we face. At NowPow, we cultivate a culture of collaboration and respect, where everyone is a valued team member.\nOur people and our culture are important to us and make working at NowPow special. We invest in the self-care of our team and provide competitive benefits to support this. We celebrate our successes every week with a company wide happy hour on Fridays and recognize those who went above and beyond in their work. Outside of work, we have fun through company events such as laser tag, ice skating and heading to the ballpark for beautiful weather and a baseball game!\nWe are looking for highly motivated and hard-working individuals to join our team and help us connect health care to self-care. Apply now to join our growing team!\nEqual Employment Opportunity\nNowPow is an Equal Opportunity Employer. NowPow evaluates applicants for employment on the basis of qualifications, merit, and work-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, genetic information, or any other characteristic protected by applicable federal, state or local laws. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, associate activities and general treatment during employment.


See more jobs at NowPow

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

DOCOMO Digital


closed

Senior Network Cloud Security Lead


DOCOMO Digital


infosec

 

cloud

 

exec

 

senior

 

infosec

 

cloud

 

exec

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nIf you’re an English speaking champion of all things Security both on prem and on Cloud then we would love to hear from you!\n\nDocomo Digital are looking for Security expert to bolster our defences, lead our security delivery and guide the team as we transition to pure Cloud infra.\n\nSo what’s the role?\n\n\n* Managing a team of highly skilled engineers with masterful skills with on prem\n\n* Configuring, supporting and evaluating security tools to defend DD data and infra\n\n* Using cutting edge technology to review architectural designs, evaluating compliance and robustness\n\n* Designing solutions, configuring or support Firewalls, Content Engines, Intruder Detection or Prevention System\n\n* Conducting security audits and providing recommendations to mitigate risks\n\n* Configuring, supporting of Infrastructure access control\n\n* Configuring and supporting anti-virus infrastructural software\n\n* Scripting and automation of network and security appliances provisioning\n\n* To maintain current knowledge on all new technology innovations on AWS/Azure and other cloud platforms, validate and share practical applications with the technology community.\n\n\n\n\nThe things you need…\n\n\n* Strong AWS /Azure infrastructure skills (Hybrid layout)\n\n* Strong networking skills\n\n* Extensive Python and Shell\n\n* Strong load balancing skills (F5 and ELB) and WAF (ASM on F5)\n\n* Strong scripting skills for F5 (irules)\n\n* Expert in firewalling (Fortigate in AWS/Azure, VPN Site to Site, ACLs, NAT, routing)\n\n* Hands-on cloud operational experience\n\n* Solid understanding of working in a zero-downtime environment\n\n\n


See more jobs at DOCOMO Digital

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Parity Technologies


closed

Security Operations Engineer


Parity Technologies


infosec

 

ops

 

engineer

 

infosec

 

ops

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\n\n* Design and implement secure cloud and on-premise infrastructure to validate on substrate based networks.\n\n* Work within systems that secure millions of dollars of cryptocurrency from motivated attackers.\n\n* Instrument high-signal alerts from production infrastructure events to provide early indicators of network attacks and compromises. Create playbooks of what to do in the case of such events. \n\n* Model and evaluate risks of slashing for validator nodes from an operational perspective and prioritize security efforts based on these risk assessments. \n\n* Monitor for unsafe and uncertain conditions and design fallback systems to support the stability of the network.\n\n* Work with infrastructure and core runtime engineers to design and implement hardened, layered systems.\n\n* Work with security engineers around securing digital assets in a production environment\n\n* Respond to security alerts and triage incident response management.\n\n* Work with core developer teams on security-critical projects, reviewing architecture designs and automating critical infrastructure tasks\n\n* Refine alerting rules to improve signal/noise ratio of operational health and security\n\n* Participate in an on-call rotation with colleagues in multiple time zones\n\n\n\n\n\nTo see how we use your data please see our Applicant Notice


See more jobs at Parity Technologies

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

GRIMM


closed

Lead Application System Security Analyst


GRIMM


exec

 

sys admin

 

infosec

 

analyst

 

exec

 

sys admin

 

infosec

 

analyst

 
This job post is closed and the position is probably filled. Please do not apply.
Thank you for considering GRIMM...\n\nChallenge Development Lead\nThe GRIMM AppSec team works with clients to assess and improve the security posture of applications and systems in partnership with client architects, developers, operators, and leadership. This includes formalized threat modeling, architecture review, source review, and where appropriate binary reverse engineering. Our goal is not to provide a compliance check box, but to actively work with our clients to improve their security, now and in the future. \n\nGRIMM is seeking a senior engineer to lead and support security assessment engagements. This is a customer-facing position; qualified applicants will need to be comfortable engaging with clients on their own to gather and refine requirements, discuss findings, present progress, and also to help establish and expand business relationships with our customers. \n\nAll members of our team are constantly learning about new topics and applying that knowledge to challenging problems.  We all share information and help guide each other as a team, and everyone has opportunity to work independently and direct their own activities.\n\nEducation and Certification\nA degree or comparable work experience is required in the fields of Computer Science, Computer Engineering, or a related discipline.  Degreed or certified candidates will not receive preferential consideration.  If a specific certification is required by a client GRIMM will cover certification costs.\n \nLocation\nThe AppSec team is 100% remote.  Some future (post-pandemic) projects may require travel to customer sites.  Travel will be less than 25%, though opportunities for additional travel may be available if desired.\n\nCompany Description\nGRIMM researches and develops the art of the possible in business modernization and computing technologies through cybersecurity, sensors, tools, analytics, frameworks, modeling and simulation, automated testing, cyber range Installation, Operations, and Maintenance (IOM), consulting, and intelligence. Our practices build on extensive experience in cyber mission support for national defense, and commercial service improvement and consulting. Our engineers and subject matter experts (SMEs) learned their trade from real-world engagements, not just textbooks. \n \nPosition Requirements:\nThe ideal candidate will have at least 5 years of experience in application security. They will need to be able to manage and lead all technical aspects of a client engagement.  A senior engineer must be able to oversee and mentor junior and mid level engineers.  \n\nThey must have a strong technical background in at least 3 of the following fields:\n* Threat Modeling\n* Source code analysis\n* Infrastructure security\n* Security design reviews\n* Web application security\n* Mobile application security\n* Cloud architecture security\n\nDesired Qualities:\nAdditional technical areas of expertise are desired as well such as:\n* Vulnerability analysis\n* Exploit development\n* Capture The Flag development\n* In-depth knowledge of an operating system\n\nOther desired traits include:\n* US Resident\n* Desire and aptitude for public speaking\n* Willingness to go to conferences and represent the company (speaking, running contests/exhibits, etc.)\n \nPerks:\nAbility to work from home, with some travel\nWork with a team of skilled people who think hacking is fun\nTake on a variety of high caliber technical challenges\nStrong benefits package\nMedical/dental/vision insurance premiums paid 100% by the company\n5% company match for 401K plan, no vesting period\n10 paid holidays and flexible vacation policy\n \nGRIMM promotes a Drug-Free Workplace, is an Equal Opportunity Employer (EOE) and an Affirmative Action Employer.\n\nGRIMM researches and develops the art of the possible in business modernization and computing technologies through cybersecurity, sensors, tools, analytics, frameworks, modeling and simulation, automated testing, cyber range Installation, Operations and Maintenance (IOM), consulting, and intelligence. Our practices build on extensive experience in cyber mission support for national defense, and commercial service improvement and consulting. Our engineers and subject matter experts (SMEs) learned their trade from real-world engagements, not just textbooks. \n\nWe promote a Drug-Free Workplace, are an Equal Opportunity Employer (EOE) and Affirmative Action Employer.


See more jobs at GRIMM

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

TigerConnect


closed

Security DevOps Engineer


TigerConnect


infosec

 

devops

 

engineer

 

devops

 

infosec

 

devops

 

engineer

 

devops

 
This job post is closed and the position is probably filled. Please do not apply.
\nLOCATION:       Santa Monica, CA\nTITLE:                DevOps Security Engineer\nREPORTS TO:   VP, DevSecOps\n\nAs an integral part of the operations team, the DevOps Security Engineer is passionate about security and wants to have a meaningful impact within the Healthcare space.  This individual will be part of a team charged with making sure TigerConnect is secure and stays at the top level of security and reliability in the industry. Join us and help manage/secure our AWS hosted infrastructure. Responsibilities will include hands-on security management, monitoring, discovery, and remediation of all security related issues while working cross functionally with other departments on company-wide initiatives and compliance.  \n\nThe DevOps Security Engineer will have at least 5+ years of commercial experience as a Security Engineer (including at least 3 years of current commercial experience as a DevOps Engineer) with specific focus on public cloud infrastructure, multi-tenant enterprise software security, compliance programs (HIPAA/HiTrust/FedRamp), and supporting production 24x7 highly available infrastructure with a DevOps mindset.   \n\nThe ideal candidate's background will include a strong emphasis on information security, infrastructure as code/automation, public cloud infrastructure, compliance, secure software development, and other security best practices.   \n\nWhat You'll Own:\n\n\n* Contribute to the design and integration of cyber security toolsets to enable more automated discovery, remediation, and alerting of system vulnerabilities.\n\n* Architect and integrate security tools into the CI/CD pipeline.\n\n* Architect, manage, and remediate findings from security tools, pen test reports, and compliance requirements.\n\n* Manage and maintain compliance and certifications (existing and new).\n\n* Help select and manage relationships with security vendors and partners.\n\n* Analyze and respond to production security notifications in a timely manner.\n\n* Foster DevSecOps culture and advocate for a security-first mindset amongst Security, QA, Development, and DevOps teams.\n\n* Deploying web and service-based applications in multiple instances of our PaaS.\n\n* Continually research, evaluate, and apply emerging technologies to improve security and the products.\n\n* Provide technical oversight to the development process including reviewing the technical design and the deployment architecture.\n\n* Work cross functionally with all departments to assist with security related issues as it relates to engineering, client care, and sales teams.\n\n* Willingness to take ownership, troubleshoot hands-on, and be on-call for security issues in a 24/7 environment.\n\n\n\n\nWhat You've Accomplished:\n\n\n* Experience in monitoring and responding to security events\n\n* Proven track record of creating secure cloud architectures for mission critical Internet-facing applications.\n\n* Expertise implementing and maintaining compliance (HIPAA, HI-TRUST, FEDRAMP)\n\n* Experience with build-time dependency management, unit testing and code-coverage tools, test automation techniques and tools.\n\n* Experience and understanding of microservices architecture, design patterns, and secure software development methodologies.\n\n* Experience building and managing infrastructure-as-code including automation/scripting tools and languages.  \n\n* Experience in DevOps culture and the ability to teach and profess is highly desired.\n\n* Ability to communicate security and risk-related concepts to technical and nontechnical audiences at both the executive and working level.\n\n\n\n\nWhat You Bring to the Table:\n\n\n* Background in monitoring and securing cloud environments\n\n* Linux and configuration management tools (Chef and Terraform)\n\n* Strong public cloud experience (AWS)\n\n* Security certifications are a plus (CCSP, CISSP, AWS Security)\n\n* Security policy development, implementation and enforcement.\n\n* Integrating security into a CI/CD pipeline\n\n* SSL certificate and key management policies\n\n* Scripting in either Python, Ruby, or Bash.\n\n\n


See more jobs at TigerConnect

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

Full Stack Developer


Contrast Security


full stack

 

dev

 

infosec

 

digital nomad

 

full stack

 

dev

 

infosec

 
This job post is closed and the position is probably filled. Please do not apply.
\nContrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\n\nAbout the Position\n\nContrast is looking for an architect enthusiastic and proficient in front-end technologies such as ReactJS and AngularJS and server-side API development written in Java/Spring interested in pursuing a life changing experience in the field of application security and continuous delivery. We are an exciting, young team that is growing leaps and bounds each month. This person should take a wholistic view of our application architecture with sincere attention to quality, performance, scalability, security and maintainability.\n\nThis team is tasked with the unique opportunity to advance our runtime and pre-compile code analysis capabilities. This includes providing enhanced techniques to improve the accuracy, findings and reporting of code analysis. It will also include driving and leading the next generation of product and offerings to make the Contrast platform the choice for code analysis tools among developers and security professionals.\n\nIdeal candidates have a background building highly scalable and responsive Single Page Applications (SPAs) using ReactJS, CSS/Bootstrap, visualization libraries such as D3, HighCharts or AMCharts, as well as other SVG based visualization plugins. We write a lot of GraphQL to interact with our REST layer to improve performance and data interaction.\n\nOur engineering team has a strong spirit of entrepreneurship. Every member of the team has joined us over our 6 year history because he/she wants to be part of a high-performing team and go through the startup experience. We look for candidates that share similar goals and beliefs about the work and the team they want to be a part of.\n\nResponsibilities\n\n\n* Collaborate with UX, Product and Engineering to architect elegant APIs, Data Models and Re-usable JS functions\n\n* Provide overarching design of testability and acceptance.\n\n* Define and direct team in the area of Performance, Scalability and Security.\n\n* Build and maintain highly scalable server-side UI processes for the purpose of data collection, manipulation, data pruning, trending and analytics\n\n* Build web-based interfaces and applications and contribute to our platforms, style guide, APIs and libraries.\n\n* Design and development of a rich user interface for mission critical high-availability analytics application using front end technologies like TypeScript, Javascript, ES6, HTML, CSS, SASS, and D3.\n\n* Experience with at least one of the following frameworks: AngularJS, ReactJS, Ember.js\n\n* Execute performance analysis and optimization of page render, data transfers and page load optimizations.\n\n* Proficient designing highly tuned and efficient automated build pipelines.\n\n* Participate in constant collaboration with teammates in the form of pair programming, group code reviews and pull requests prior to commit.\n\n* Work with design and product teams to build amazing, jaw-dropping features.\n\n* Give back to the Open Source Community whenever humanly possibly.\n\n* Deploys: our engineers deploy multiple times a day to our AWS infrastructure.\n\n* Technical support: Our engineers don't just release code in the wild. When our customer have issues, we have to jump in and give them help.\n\n\n\n\nAbout You\n\n\n* Experience architecting modern, scalable and high-performing full-stack web applications\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You have experience working in Java/Spring to design and implement robust and scalable APIs.\n\n* Stellar visual skills and attention to detail.\n\n* You have extensive HTML5, CSS3 (Less), and JavaScript Framework (ReactJS) experience.\n\n* Experience with TypeScript and GraphQL.\n\n* Data management experience with MySQL and ElasticSearch\n\n* Have an eye for quality and have an interest in using tools/frameworks like Enzyme, Prettier, ReactTestRenderer, Jest, JUnit, StoryBook, etc...\n\n* AWS Services: S3, EC2, CloudFront, Lambda.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* Your code is clean, your designs are elegant and you are constantly refactoring.\n\n* Multiple years experience working in Enterprise or Commercial Software development.\n\n* Own your work. Whether a nasty bug or an awesome feature, you put your name on every line of code.\n\n\n\n\nWhat We Offer\n\n\n* Competitive compensation package (salary + equity)\n\n* A fun and dynamic environment where you work with other like minded people on products which make a real difference to the security of our customers\n\n* In-office lunches\n\n* Medical, dental and vision benefits\n\n* Flexible paid time off\n\n* 401K\n\n\n\n\nIf you're amazing but missing some of these, we'd love for you to apply anyway. Please include a link to your Github or BitBucket account, as well as any links to some of your projects if available. Email: [email protected] We are changing the world of software security. Do it with us.   We believe in what we do and are passionate about helping our customers secure their business. We work hard, and we have fun doing it. Solve the impossible. Easy = boring. If you’re looking for a fun work environment and like a challenge, you’ll love Contrast Security.


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Platform.sh


closed

Security Engineer


Platform.sh


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nTo reinforce our commitment to customers’ privacy and security, for its PaaS solution, Platform.sh is looking for a Security Engineer with a taste for Python and Go, excellent Linux system understanding, outstanding written English skills, experience working on PCI and/or SOC 2 compliance, and a real hunger for the challenges of building compliant distributed systems. If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.\n\nWe are targeting engineers that like writing documentation and can function in a high performing, multithreaded, 100% cloud-based, remote environment.\n\nSecurity, privacy, and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red-tape and constraints to a well-oiled machine where everything is automated and where every constraint becomes a feature making the product better.\n\nThis role reports to our Security Operations Manager, and works in close interaction with our CTO, VP of Infrastructure, VP of Engineering, our Data Protection Officer, and our Customer Support teams.\n\nIn a given day you might:\n\n\n* Act as a technical liaison between the Security department and our product, engineering, support, and operations staff.\n\n* Create documentation and processes in English to help satisfy compliance requirements and/or internal process questions.\n\n* Evaluate, deploy, and create systems and tools that will enhance our efficiency.\n\n* Support our data protection officer and compliance team with information requests, pen-testing coordinations, internal and external vulnerability scanning, disaster recovery, and related activities.\n\n* Execute our security incident management process.\n\n* Ensure all systems and services in our environment are securely designed, configured, managed, and monitored.\n\n* Work with external auditors to answer questions on PCI and SOC 2.\n\n* Participate in an on-call rotation, the majority of which is during normal working hours.\n\n\n\n\nQualifications\n\nMinimum Qualifications:\n\n\n* Experience with Linux (preferably Debian-based)\n\n* Markdown\n\n* Experience implementing PCI, SOC 2, or related\n\n* Operate largely independently (go take that hill) with management support\n\n* Able to juggle several requests at the same time\n\n* Experience securing cloud services (AWS in particular)\n\n* Sysadmin experience\n\n* Experience with git-based workflows\n\n* Proficient in Python or Golang\n\n* Experience with containerization technologies (LXC/LXD, Docker)\n\n* Working knowledge of\n\n\n\n* Patch and Vulnerability Management process\n\n* Principle of Least Privilege\n\n* Incident response\n\n* Identity and Access Management\n\n* IPTABLES\n\n* Encryption: TLS, SSH, Disk, etc.\n\n* Ticketed change control\n\n* Snapshot-based backups\n\n\n\n* CISSP, CISM, Security+, GCED, GICSP, GCIH, SSCP, or CASP+ Certification or similar\n\n* Excellent written English skills\n\n\n\n\nPreferred Qualifications:\n\n\n* AWS, Google, and/or Azure certifications\n\n* Experience with performing vendor security reviews\n\n* Experience with Puppet\n\n* Knowledge of Magento Ecommerce, Symfony, Drupal, eZ Platform, or Typo3\n\n* Relational database skills\n\n* Public speaking experience\n\n* Ability to speak French or German\n\n* Ability to kick ass in Chess or beat Zork without using a map\n\n* Can bravely take on new challenges like a Gryffindor, analyze problems like Ravenclaw, protects our infrastructure and client data like a Slytherin, and talks with clients like a Hufflepuff.\n\n\n\n\nSound Like a Good Fit? We’d love to talk to you!  \n\n* This is a remote job \n\nWe are a worldwide distributed team and are looking for a candidate who can perform well working remotely. To be an effective performer here at Platform.sh, you’ll need to be able to effectively collaborate across time zones while operating with a high level of independence and autonomy.


See more jobs at Platform.sh

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

ShapeShift


closed

Senior Software Security Engineer


ShapeShift


infosec

 

dev

 

senior

 

engineer

 

infosec

 

dev

 

senior

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nPOSITION OVERVIEW\n\nShapeShift is seeking a Senior Software Security Engineer to help identify risks and mitigate them for this growing organization. The Software Security Engineer will be scanning, researching, hacking, and advising developers on security, in addition to altering source code to resolve security vulnerabilities. The ideal candidate will possess a keen understanding of how tweaking one parameter can vastly change the security outcomes of an information system. This position offers a unique opportunity to think with a black hat but wear a white hat for an exciting cryptocurrency startup.\n\nThis is a full-time, exempt position that reports directly to the CISO.\n\nYour desire to make a real impact on an organization and the world grows by the day. The ideal candidate will be open to daily changes in workflow and protocol (and force us to improve workflows). As a start-up in an evolving space, there are new challenges that require new solutions every day.\n\nGOALS OF POSITION\n\n\n* Stay abreast with daily CVE announcements and 0-day vulnerabilities\n\n* Provide strong software engineering experience to ShapeShift’s Security team.\n\n* Work with Site Reliability Engineers and IT administrators to mitigate any vulnerabilities found with ShapeShift's systems.\n\n* Provide security guidance and advice to software engineers on best practices for storing, securing, and accessing secrets in their application development. \n\n* Participate in architecture design discussions for ShapeShift's upcoming feature enhancements and new products/services, ensuring best practices in security are followed in each phase of development, and ensuring security risks are understood and mitigated in the design choices.\n\n* Execute and automate approved penetration tests, vulnerability scans, and related intelligence gathering about the existing security posture of development and production systems.\n\n* Manage internal TLS Certificate Authority, issuing and revoking internal server and client certificates where necessary.\n\n* Collect and organize security-related metrics for reporting to ShapeShift’s CISO.\n\n* Maintain ShapeShift's existing Information Security Policy, ensuring it is up-to-date with ShapeShift's requirements. \n\n* Providing security training to all new staff, and security refreshers to existing staff.\n\n* Oversee the provisioning of cryptographic keys and security hardware for new staff.\n\n* Can research, understand, and implement security enhancements to ShapeShift systems independently, and communicate changes to management in a timely fashion.\n\n\n\n\nSUCCESS METRICS OF POSITION\n\n\n* Concerns and risks are brought to the attention of the CISO in a timely manner\n\n* Staff receive your assessments and recommendations on improving/maintaining security in a timely manner\n\n* Staff are able to rely on you to educate them on security and answer their questions\n\n* Ability to contribute security enhancements to ShapeShift’s codebase.\n\n* Senior Security Engineer is able to meet deadlines independently\n\n\n\n\nWHAT YOU BRING TO THE TABLE\n\n\n* "Jack of All Trades" mindset, knowledgeable in many areas\n\n* "Geek to English translator" - ability to train/teach security concepts to non-security staff in easy-to-understand language\n\n* Strong "Google-fu" - ability to quickly find and learn concepts that aren't already known\n\n* Knowledge and experience that can be relied upon by others in the Security department\n\n* Ability to be flexible while working in a dynamic startup environment\n\n* Desire to make the world a better and safer place\n\n\n\n\nREQUIRED EDUCATION & EXPERIENCE\n\n\n* 7+ years of full-stack engineering experience or equivalent \n\n* Strong competency with Javascript and/or TypeScript\n\n* Strong competency with modern software development tools (git, jira, IDEs)\n\n* Experience performing source code review\n\n* Experience resolving application level vulnerabilities\n\n* Experience working with GPG / PGP\n\n* Experience with TLS, cryptographic certificates and PKI\n\n* Experience performing vulnerability scanning (i.e. Metasploit, Nessus, or similar)\n\n* Securing and administering services/daemons according to best practices\n\n* Experience working with Linux and open source technologies\n\n* At least 4 years experience in a security-focused role\n\n\n\n\nPREFERRED EDUCATION & EXPERIENCE\n\n\n* Experience securing cloud-based service providers, such as DigitalOcean, Azure, and AWS\n\n* Experience with deployment automation tools such as CircleCI, Terraform, etc.\n\n* Experience with penetration testing\n\n* Experience with charting, graphing, and presenting data visually\n\n* Experience working with cryptocurrencies and blockchains\n\n* Familiarity with Agile Development Methodologies \n\n* Familiarity with hardware and firmware security \n\n* Security certifications such as: CISSP, CISA, OSCP, Pentest+, Security+ would be an asset\n\n* Experience with Open Source Software\n\n\n


See more jobs at ShapeShift

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Balena


closed

Head Of Security


Balena


infosec

 

infosec

 
This job post is closed and the position is probably filled. Please do not apply.
\nBeing a Head of Security at balena\n\nOur users trust us to provide critical infrastructure for their distributed IoT fleets, and our engineers work hard to protect each of these devices from attacks. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team.\n\nAs a Head of Security, you will learn how our complex interdependent systems are built and run. You will dig deep into diagnostics & debugging surfaces, logs, and reports to identify areas of risk and strategies to minimize vulnerabilities. You will develop and deploy security controls and concepts stretching from cloud- based apps to systems running on embedded devices, and lead initiatives to create new frameworks and roadmaps. You will influence infrastructure and product decisions and, above all, establish and promote a culture of shared responsibility for security.\n\nResponsibilities\n\n\n* Analyze weaknesses and attack patterns, and architect solutions to address them\n\n* Construct a comprehensive threat model that includes a variety of actors and security contexts\n\n* Define standards and streamline workflows for managing incidents, recovery, and vulnerability reports\n\n* Implement, tune, and enhance security auditing, monitoring, and notification systems\n\n* Perform checks to ensure our production pipeline is secure — from developer machines to servers\n\n* Design and review security-related product features, like automated vulnerability scanning and audit logs\n\n* Be a key resource for peers on support, share knowledge and mentor others on best practices\n\n\n\n\nRequirements\n\n\n* Strong technical background in software development, operations and/or information security\n\n* Experience writing high-quality code and debugging production systems\n\n* Working knowledge of Linux operating system internals\n\n* Awareness of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles\n\n* Ability to manage ambiguity, push through friction, and independently make critical trade-off decisions\n\n* Continuous improvement mindset and desire to make yourself and others more effective\n\n* Willingness to constantly build on your knowledge of the platform and new technologies\n\n* Excellent communication skills and fluency in English\n\n\n\n\nBonus points\n\n\n* Proficiency in at least one high-level language (we use Typescript and Javascript)\n\n* Knowledge of state of the art authentication standards such as OIDC\n\n* Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols\n\n* Background in leading teams and working across functions to build secure products\n\n* Experience with IoT, embedded SW, dev tools, or balena as a user/contributor\n\n* Contributions to OSS projects and community involvement\n\n\n\n\nMake sure to let us know if any of these items apply to you! If possible, please also share a sample of your work or examples of projects (URL or attachment).


See more jobs at Balena

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Balena


closed

Lead Security Engineer


Balena


infosec

 

exec

 

engineer

 

infosec

 

exec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nBeing a Lead Security Engineer at balena\n\nOur users trust us to provide critical infrastructure for their distributed IoT fleets, and our engineers work hard to protect each of these devices from attacks. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team.\n\nAs a Lead Security Engineer, you will learn how our complex interdependent systems are built and run. You will dig deep into diagnostics & debugging surfaces, logs, and reports to identify areas of risk and strategies to minimize vulnerabilities. You will develop and deploy security controls and concepts stretching from cloud-based apps to systems running on embedded devices, and lead initiatives to create new frameworks and roadmaps. You will influence infrastructure and product decisions and, above all, establish and promote a culture of shared responsibility for security.\n\nResponsibilities\n\n\n* Analyze weaknesses and attack patterns, and architect solutions to address them\n\n* Construct a comprehensive threat model that includes a variety of actors and security contexts\n\n* Define standards and streamline workflows for managing incidents, recovery, and vulnerability reports\n\n* Implement, tune, and enhance security auditing, monitoring, and notification systems\n\n* Perform checks to ensure our production pipeline is secure — from developer machines to servers\n\n* Design and review security-related product features, like automated vulnerability scanning and audit logs\n\n* Be a key resource for peers on support, share knowledge and mentor others on best practices\n\n\n\n\nRequirements\n\n\n* Strong technical background in software development, operations and/or information security\n\n* Experience writing high-quality code and debugging production systems\n\n* Working knowledge of Linux operating system internals\n\n* Awareness of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles\n\n* Ability to manage ambiguity, push through friction, and independently make critical trade-off decisions\n\n* Continuous improvement mindset and desire to make yourself and others more effective\n\n* Willingness to constantly build on your knowledge of the platform and new technologies\n\n* Excellent communication skills and fluency in English\n\n\n\n\nBonus points\n\n\n* Proficiency in at least one high-level language (we use Typescript and Javascript)\n\n* Knowledge of state of the art authentication standards such as OIDC\n\n* Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols\n\n* Background in leading teams and working across functions to build secure products\n\n* Experience with IoT, embedded SW, dev tools, or balena as a user/contributor\n\n* Contributions to OSS projects and community involvement\n\n\n\n\nMake sure to let us know if any of these items apply to you! If possible, please also share a sample of your work or examples of projects (URL or attachment).


See more jobs at Balena

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SUSE


closed

Security Engineer


SUSE


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nSUSE is a growing company, with great products, a culture that fosters openness and friendship, and where many opportunities exist.\n\nProduct security is the most important building block of the global IT ecosystem.\n\nOur SUSE Security Team has over two decades of experience working on pro-active and reactive security to make our products and solutions outstanding. Using the latest technologies allows us to respond to hyped and very urgent vulnerabilities like ShellShock or BootHole. The race is still on-going and we need you to stay ahead and win.\n\nLocation: EMEA (Remote)\n\nKey Responsibilities:\n\n\n* Product security for our enterprise and community products\n\n* Security incident management, evaluation, assessment, fixing of vulnerabilities\n\n* Secure product and tools development, supporting development teams\n\n* Security testing, manual and automatic\n\n* Writing patches\n\n* Working in projects and teams\n\n* Communication with external and internal customers\n\n\n\n\nCandidate Profile:\n\n\n* An academic degree (Master/Bachelor or comparable) or IT specialist (Fachinformatiker)\n\n* Self-motivated and self-organised\n\n* Very good understanding of the Linux operating system\n\n* Programming skills in C and at least one scripting language (bash, perl, ruby, python, ...)\n\n* Experience with application security\n\n* Familiarity with basic security concepts (e.g. code analysis, binary formats, encryption)\n\n* Familiarity with security analysis tools is a bonus (e.g. IDA, gdb)\n\n* Knowledge of network security (TCP/IP, SSH, TLS/SSL) is a plus\n\n* Pronounced quality awareness, customer-oriented approach - Enthusiastic about security and improving knowledge in this area\n\n* Good communication skills and meticulous working style\n\n* Good knowledge of English\n\n\n\n\nWhat makes us different:\n\n\n* You will find and can connect to highly skilled engineers at SUSE\n\n* We provide many different products and endless opportunities to learn\n\n* We help our employees to develop\n\n* Our work environment is creative and productive\n\n* You can work with and within an international team\n\n* Our working hours are as flexible as possible\n\n* We organize regular events (hackathons, workshops, outdoor events, ...) to build up relationships and friendship within and across teams\n\n* At SUSE the opinion of the employee matters!\n\n\n\n\nIf you are successful for this position you'll have to pass pre-employment checks before joining us. The content of these checks may vary by country and position.


See more jobs at SUSE

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Automattic


closed

Security Research Engineering


Automattic


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nJetpack is expanding its security team to provide crucial malware protection to WordPress websites. As a Security Researcher you will research and identify vulnerable and malicious code and help the team to develop methods to scan, prevent and remove malware attacks. If you have a knack for solving puzzles and a desire to document and create solutions, this is a great role for you!\n\nThe Security Engineer position might be a good fit if you:\n\n\n* Have a love for securing and protecting websites and applications!\n\n* Understand security threats, vulnerabilities, and common attack vectors such as XSS, injection, hijacking, social engineering, and so on, and how to mitigate them.\n\n* Have a deep understanding of networking protocols like TCP/IP, as well as HTTP/HTTPS\n\n* Are familiar with large scale systems, CDN based content delivery, WAF protection, Data partitioning, and Database Replication.\n\n* Are highly collaborative and love participating in code reviews and discussions about architecture or design.\n\n* Are open, and able, to travel 3-4 weeks per year to meet up with your teammates in person.\n\n\n\n\nExtra Credit:\n\n\n* Experience with penetration testing and associated tools\n\n* Previous experience with malware detection systems\n\n* Reported vulnerabilities in the past\n\n* Know your way around WordPress and its file and database structures.\n\n* Have experience writing and debugging WordPress plugins and themes.\n\n\n\n\n\nSpeaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company:\n\n\n* Leadership – we offer a variety of leadership options to those who have interest, including becoming a team lead and managing releases.\n\n* Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books and conferences.\n\n* Architecture – we encourage developers to develop expertise in the systems they work with, guide their evolution and mentor other developers working on them.\n\n* Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process improvements.\n\n\n\n\nDiversity & Inclusion at Automattic\n\nWe’re improving diversity in the tech industry. At Automattic, we want people to love their work and show respect and empathy to all. We welcome differences and strive to increase participation from traditionally underrepresented groups. Our D&I committee involves Automatticians across the company and drives grassroots change. For example, this group has helped facilitate private online spaces for affiliated Automatticians to gather and helps run a monthly D&I People Lab series for further learning. Diversity and Inclusion is a priority at Automattic, though our dedication influences far more than just Automatticians: We make our products freely available and translate our products into and offer customer support in numerous languages. We require unconscious bias training for our hiring teams and ensure our products are accessible across different bandwidths and devices. Learn more about our dedication to diversity and inclusion and our Employee Resource Groups.\n\nCurious who works in engineering at Automattic? Meet our JavaScript Engineers – Lena and Riad.\n\nHow to apply\n\nDoes this sound exciting? If yes, click the Apply button below and fill out our application form. We are looking to having you in the process with us.


See more jobs at Automattic

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

CrowdStrike


closed

Software Engineer Cloud Security


CrowdStrike


golang

 

infosec

 

dev

 

cloud

 

golang

 

infosec

 

dev

 

cloud

 
This job post is closed and the position is probably filled. Please do not apply.
Sunnyvale, United States - At CrowdStrike we’re on a mission - to stop breaches. Our groundbreaking technology, services delivery, and intelligence gathering together with our innovations in machine learning and behavioral-based detection, allow our customers to not only defend themselves, but do so in a...


See more jobs at CrowdStrike

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SpotMe


closed

Information Security Analyst


SpotMe


infosec

 

analyst

 

infosec

 

analyst

 
This job post is closed and the position is probably filled. Please do not apply.
\nSpotMe is the leader in enterprise engagement platforms for virtual and hybrid events. Our mission is to challenge the status quo to create greater experiences for customers and employees. SpotMe is used by over 2 million users and 80 Fortune 500 brands like L’Oréal, SAP and Pfizer.\n\nThis is a new and exciting time. Virtual is the way people work, meet, and interact. With SpotMe Anywhere, we are not following trends, we are shaping them.\n\nBehind the magic stands a curious, diligent, and humble team of professionals from 30 nationalities. A team that feels a deep pride in the work they do, a team that stayed positive and quickly adapted to the new world. In 8 weeks, we shipped a new product and we have been experiencing a 15x demand since our launch.  \n\nIf working with our team in shaping the future sounds like the opportunity you're looking for then let us get to know you by submitting your resume. You will be free to decide when you want to work from home, and when you come to the office. In fact, you can work from anywhere you want in Europe or the USA.\n\nIn this role, you will be providing support in maturing and optimizing information security and compliance across SpotMe global operations, and reporting directly to the CEO. \n\nResponsibilities:\n\n\n* Responsible for SpotMe’s information security programs and strategic projects to further strengthen SpotMe information security governance\n\n* Responsible for the design, implementation, review and audit of new and existing security controls\n\n* Responsible for the ISO27001 certification\n\n* Manage SpotMe’s existing security compliance and audit programs (including SOC 2 reporting, penetration testing, network & vulnerability scanning) as well as customer-initiated audits\n\n* Respond to information security and data privacy due diligence requests from customers\n\n* Conduct risk assessments with internal parties and with 3rd party vendors; monitor and support reporting on risk reduction activities; drive corrective actions to mitigate vulnerability risks\n\n* Support executive and technology management with organization, process and architecture recommendations; define the organizational security posture, best practices, mailing lists and threat intelligence feeds reviews, as well as input to security governance and policy \n\n* Conduct internal audits to ensure that compliance towards established standards is maintained\n\n* Foster a security culture with the teams and deliver annual internal training programs\n\n* Govern disaster recovery (DR) and business continuity (BC) plans and related procedures \n\n* Maintain documentation of projects, plans and actions taken towards information security \n\n* Report to executive and engineering teams on governance and policy violations \n\n\n\n\nRequired skills and experience:\n\n\n* 3+ years of experience in information security, auditing or consulting with high-growth technology businesses\n\n* Understanding of, and implementation experience with ISO 27001:2013 and AICPA SOC 2 attestation standards\n\n* Understanding of, and compliance experience with the EU General Data Protection Regulation (GDPR)\n\n* Knowledge of common vulnerability frameworks and system, application and database hardening techniques and practices \n\n* Knowledge of networking standards (Ethernet, WLAN, TCP/IP, DNS) and Linux networking tools \n\n* CISSP certification or equivalent is required\n\n* Excellent English in verbal and written communications\n\n\n\n\nYour personality:\n\n\n* Keen to deliver to the highest existing standard with an uncompromised attention to detail\n\n* Deliver on time and to specification levels\n\n* Confident, proactive, self-starter, organized\n\n* Collaborative approach to problem-solving\n\n* This is an independent role that requires a team player for implementation\n\n* Willing and able to take responsibility for his/her actions and for the team delivery\n\n* Curios and open minded\n\n* Excellent listening and communication skills, as well as willingness to help others\n\n* Possesses a solid dose of common sense\n\n\n\n\nDo you want to join us in this exciting adventure? Please do not hesitate to reach out to us.


See more jobs at SpotMe

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

NS8


closed

Cloud Security Engineer


NS8


infosec

 

cloud

 

engineer

 

infosec

 

cloud

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nDevSecOps Engineers at NS8 have a dual responsibility to uphold and create security standards across all of our environments as well as collaborate with other infrastructure teams to operate a production environment. The DevSecOps team’s responsibility is to “shift left” security, reliability, and availability matters early into the development process for the entire engineering org. Accordingly, the DevSecOps team has 3 focuses, Infrastructure, Security, and Test/QA.\n\nWe value quality work and an attitude to design and review carefully, thoughtfully, and proactively. We are looking for a DevSecOps Engineer who is passionate about high quality code and processes, automated testing, and continuous integration and monitoring and who will maintain high standards through code reviews and daily interactions.\n\nResponsibilities:\n\n\n* Implement SAST/DAST/IAST/RAST, IDS/ADS, SIEM/SOAR and other DevSecOps systems, both vendor and open-source, that deploy and run in Kubernetes clusters and in Concourse CI/CD\n\n* Write Policy-as-Code that ensure various systems are compliant, encrypted, and follow least privilege and zero trust models\n\n* Harden networks, containers, orchestrators, and cloud infrastructure more broadly.\n\n* Proactively assess vulnerabilities, model threats, and write automated penetration tests\n\n* Respond to and forensically analyze security incidents in a production environment, ensuring all compliance requirements and guidelines are followed\n\n* Code review with an eye for correctness, standards-compliance, security holes, new attack vectors, increased attack surface, etc\n\n\n\n\nRequirements: \nExperience with specific technologies listed is not required. We may prefer candidates who know the specific technologies, but we are also open to input on some of these.\n\n\n* Threat modeling and penetration testing experience\n\n* IDS/ADS, SIEM/SOAR, and forensics experience. We use or are looking to implement tools like Sysdig Falco as well as vendors like Aqua Security, Twistlock/Prisma, StackRox, and/or Splunk.\n\n* Experience responding to security incidents and following required reporting and resolution protocols\n\n* Compliance experience, e.g. NIST, SOC-2, SOX, PCI, etc.\n\n* Experience with vulnerability assessments, implementing SAST/DAST/IAST/RAST, and integrating security tooling into CI/CD pipelines. We are using or looking to implement tools like Anchore, Clair, Trufflehog, etc. Cloud. We are migrating to Concourse from CircleCI and some AWS CodeBuild.\n\n* Policy-as-Code experience. We are using or looking to implement tools like Open Policy Agent (OPA), cloud-custodian, terraform-compliance, etc.\n\n* Experience encrypting, hardening, segmenting networks. We are using or looking to implement tools like VPC, Security Groups, WAF, Kubernetes L4 & L7 NetworkPolicy, Istio AuthzPolicy, Istio mTLS, and Cilium encrypted networking.\n\n* Experience writing production code in at least one language. Most of our engineering teams use TypeScript, with some sprinkles of Java, Python, Go, Shell, etc.\n\n\n\n\nPreferred: \nThese experiences are not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.\n\n* Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.\n\n* Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.\n\n* Experience implementing and influencing a DevSecOps workflow for other teams\n\n* Experience working in an Agile/Kanban environment with GitFlow style development on a Remote / distributed team.\n\n* Experience with any of the DevSecOps Team’s other focuses: Infrastructure (linkme) and/or Test/QA (linkme)\n\n\n\n\nVery Preferred: \nThese experiences are also not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Experience running and securing untrusted, 3rd-party workloads.\n\n* Experience with kernel security and hardening containers and orchestrators. Tools such as distroless, gVisor, kata-containers and SELinux, AppArmor, and seccomp more broadly as well as kube-bench and Polaris.\n\n* Experience with PKI management\n\n\n


See more jobs at NS8

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

vast limits


closed

Security Engineer Windows Endpoints


vast limits


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nWir sind eine erfolgreiche Softwarefirma, die organisch weiter wachsen möchte. Wir sind inhabergeführt, nicht fremdfinanziert und haben spannende Unternehmenskunden in über 30 Ländern.\n\nWir sind der Überzeugung, dass Micromanagement tödlich ist für Kreativität und Produktivität. Wir bieten eine offene Arbeitskultur, in der die Mitarbeiter ihren Arbeitsort frei wählen können und sich den Tag selbst einteilen.\n\nWir entwickeln Software für die Unternehmens-IT, weil wir den Markt kennen und die Bedürfnisse von Fachabteilungen und Mitarbeitern verstehen. Wir wissen, wie IT-Profis arbeiten und welche Werkzeuge sie verwenden. Wir wissen auch, wie komplex ein großer Teil der Unternehmenssoftware ist. Wir wollen dazu beitragen, dass sich das ändert.\n\nUnser Produkt uberAgent bietet tiefe Einsichten in User Experience und Security von physischen PCs und virtuellen Desktops. Mit Hilfe dieser Informationen optimieren unsere Kunden die Geschwindigkeit, Sicherheit und Stabilität der Endgeräte ihrer Mitarbeiter.\n\nDie Kombination aus einfacher Bedienung und wertvollen Metriken macht uberAgent zu einem Produkt, mit dem sehr gerne gearbeitet wird. Insofern passt es perfekt zu Splunk, einer leistungsfähigen und gleichzeitig benutzerfreundlichen Big Data-Plattform, die von uberAgent für Datenspeicherung und -visualisierung verwendet wird.\n\nDeine Aufgaben\n\nWir leben Qualität. Zusammen mit Deinen Kollegen bietest Du Kunden und Partnern Betreuung auf höchstem Niveau bei allen technischen und vertrieblichen Fragen.\n\nDies umfasst:\n\n\n* Kontakt zu Partnern halten\n\n* Webinare für Interessenten durchführen\n\n* Technische und vertriebliche Anfragen bearbeiten\n\n* Vorträge auf Konferenzen halten\n\n* Blog- und KB-Artikel verfassen\n\n* Unsere Entwickler unterstützen\n\n\n\n\nDas wünschen wir uns\n\nDie einzigen Qualifikationen, die uns wirklich wichtig sind, sind der Drang, das bestmögliche Resultat zu erzielen und der Wunsch, jeden Tag etwas dazuzulernen.\n\nDaneben erwarten wir:\n\n\n* Langjährige Erfahrung mit Security in großen Unternehmen\n\n* Sehr gute Kenntnisse in Windows-Interna\n\n* Eigenständiges Arbeiten\n\n* Hang zur Perfektion\n\n* Sehr gute Deutsch- und Englischkenntnisse\n\n* Hauptwohnsitz in Deutschland\n\n\n\n\nZusätzlich freuen wir uns über:\n\n\n* Gute Kenntnis eines oder mehrerer SIEMs (z.B. Splunk)\n\n* Erfahrung mit Pentesting, Hacking, Threat Hunting\n\n* Erfahrung mit Automatisierung, Skripting, Programmierung\n\n* Community-Engagement, Bloggen (bitte schicke uns Links)\n\n\n


See more jobs at vast limits

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

OliBank


closed

Security Developer


OliBank


infosec

 

dev

 

digital nomad

 

infosec

 

dev

 
This job post is closed and the position is probably filled. Please do not apply.
\nAbout us:\n\nAt OliBank we are working on unique solutions and challenging problems all around financial technology. This position will help us build a brand new product that will revolutionize business banking. Our mission is to create prosperity around the world by breaking down all barriers of trade and commerce. At OliBank, we are looking for more top talent to help us fulfill this vision. \n\nThe experience of working remotely at OliBank is unlike anywhere else. We focus heavily on active team collaboration; hence your team members will never be from far away time zones. No midnight meetings or choppy calls because we recruit only from just a handful of countries to keep everyone connected. We provide high-quality video equipment to make it feel like we are next to each other. Working at OliBank is like working with an office-based high-performance team but without the commute. All developer meetings are held in spoken Spanish, and team collaboration is highly valued.\n\nEngineering at OliBank is not like a soulless outsourced sweatshop. You are valued as a team member from day one with long-term career prospects. If you are looking to be challenged, to grow, and to be able to contribute, this might just be the best place for you.\n\nWe believe that there is work, and then there is work that you were born to do. The kind of work that defines who you are and that you can be proud of. The kind of work you’d sacrifice a night or a weekend for. That is the kind of work we do at OliBank. People don’t come here for safety, they come for the journey. They want to create something big and meaningful that reaches hundreds of millions of people.\n\nWe are looking for an exceptional JavaScript Developer for our Product & Innovation team to join in our accelerated growth.\n\nWhat’s needed from you: \n\n\n* Expert knowledge of JavaScript working with a reputable company\n\n* 100% Self-starter mentality  \n\n* Willingness to put in the work and be part of an elite hard-working team\n\n\n\n\nWhat is the platform built with?\n\nThe product is built with node.js, vue.js , storybook and MongoDB. Platforms are Cloudflare, AWS and Mongo Atlas, the more you can tick off from this list the better. You will be working with the most current frameworks available.\n\nIf hired then you will be working directly with an innovative team that consists of full-stack, front-end, and backend developers with outstanding programming and problem-solving skills, so you will be picking up new skills in no time. \n\nThe ideal candidate:\n\n- Is flexible and a true self-starter, doesn't take anything for granted and a boss is not necessarily needed to get the job done while being precise and getting the work done right.\n\n- Has a proven track record of delivering high-quality work and showing a high level of responsibility for all tasks.\n\n- If asked, capable of providing references from past co-workers and managers. 


See more jobs at OliBank

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Mastery Logistics Systems


closed

Security Engineer


Mastery Logistics Systems


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nAbout the Role\n\nThe transportation industry has no shortage of complex problems requiring creative solutions to scale efficiently. Enterprise grade security is at the foundation of everything we do.  Mastery’s security team is dedicated to keeping our customer data safe. \n\nResponsibilities:\n\n\n* Partner with engineering and operations teams to provide security at every layer of the software development life cycle\n\n* Design, implement, and operate a highly automated and scalable vulnerability management program\n\n* Work with vendors to select and implement new security technologies\n\n* Conduct internal risk assessments and develop mitigation strategies\n\n* Work directly with the compliance team to implement controls that align with industry standard frameworks\n\n* Author policies, processes, and standards\n\n\n\n\nRequirements:\n\n\n* 3+ years of practical experience in an information security role\n\n* Strong written and verbal communication skills\n\n* Excellent analytical, decision-making, and problem solving skills\n\n* Preferred AWS, Azure, GCP cloud computing experience\n\n* Understanding of basic networking, hosting, and containerization technologies\n\n* CISA, CISM, CISSP, or GIAC certifications a plus\n\n\n\n\n\nBenefits\n\nMastery takes great pride in providing our employees a robust and highly competitive benefit package. Our benefits include Medical, Dental and Vision insurance covering 90% of premium costs. Company paid life insurance for 1x salary. Legal, AD&D, Additional Life and other employee assistance benefits. We have a 401k savings plan with a 4% match. We provide opportunities for professional growth and development. We fully support our work from home initiative as we do our part to combat the Covid 19 crisis. We have a manage your life and schedule Paid Time Off program. We are fully devoted to finding creative perks and benefits since we cannot currently enjoy our cool office culture. Our philanthropic partner is St. Jude Children’s Research Hospital.\n\n\nWe are an equal opportunity employer and actively seek a diverse community of professionals. Veterans, Women, non-binary, people of color, LGBTQIA, we welcome all to apply!


See more jobs at Mastery Logistics Systems

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

TaxJar


verified closed

Security Engineer


TaxJar


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nTaxJar is the leading technology solution for busy eCommerce sellers to manage sales tax and is trusted by more than 20,000 businesses. \n\nWe know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To achieve this, we provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, award-winning place to work. We have many different backgrounds and lifestyles, and everything we do is guided by our core values:\n\n\n* We do the right thing for our customers\n\n* We're a team, built on trust\n\n* We're proud to be remote\n\n* We're in control of our own destiny\n\n\n\n\n\nWe’re a happy team and we all really love what we do. We’re fast-growing, fully-distributed, talented, and driven. We live all across the US, working from our homes, local libraries, co-working spaces, airstreams - pretty much anywhere we can and do accomplish great work. We've created a space where high-achievers can succeed, but are also safe to fail. We're profitable and focused on growing TaxJar sustainably, and we believe a diverse team can create better solutions for our customers.\n\nWe’re looking for people who:\n\n\n* Are based in the US\n\n* Value working remotely\n\n* Excel at communication and collaboration\n\n* Highly value working with people they like and respect\n\n* Are open and accountable\n\n* Are confident with their skills and who love being part of a team (we’re peers here, no egos please) but are also comfortable working asynchronously\n\n* Want to make a positive impact at TaxJar and who aren’t afraid to fail\n\n\n\n\n\nTaxJar is looking for an exceptional and highly skilled Security Engineer who lives by TaxJar’s values and has a demonstrated track record of securing the SDLC process. TaxJar’s Security Team is responsible for partnering with Engineering teams to build and deploy secure products for our customers. This involves maturing the Secure Development Lifecycle, training developers in secure practices, working with our Operations team to scale and automate security, and innovating new ways to help developers secure themselves.\n\nAs a Security  Engineer for TaxJar you will:\n\n\n* Proactively perform security assessments and reviews (threat models/code reviews/pentests) against TaxJar’s products and services.\n\n* Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications\n\n* Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities\n\n* Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)\n\n* Be responsible for the Identity access management (IAM) for all users and roles in AWS\n\n* Integrate security best practices into the SDLC process and the CI/CD pipeline\n\n* Act as a technical leader for the security team and work with engineering teams to improve security practices\n\n* Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened\n\n* Perform security reviews of the architecture\n\n* Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls\n\n\n\n\n\nRequirements:\n\n\n* 4-6 years of experience in Application/Product Security preferably in SaaS\n\n* 2-4 years of experience within Cloud Security in AWS\n\n* Strong understanding  of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices\n\n* Pentesting, threat modeling, and architecture review experience\n\n* Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.\n\n* Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must\n\n* Working knowledge of the OWASP Top 10 security risks and remediation techniques\n\n* Previous programming experience in languages such as Python, Ruby, or Elixir\n\n* Experience with operating systems and hardening (Linux, OS X, and Windows) a plus\n\n* Knowledge of container security such as Docker and Kubernetes a plus\n\n* Certifications such as CISSP, GSEC, CEH or CISM highly desired\n\n* Agile, humble, trustworthy, and a team player\n\n\n\n\n\nBenefits:\n\n\n* Excellent health, vision and dental benefits\n\n* Flexible vacation\n\n* Company holidays, plus mandatory Birthday holiday\n\n* 12 weeks paid parental leave for all employees\n\n* 4 hours volunteer time per month\n\n* Biannual all-company in person summits (paid for by us, of course!)\n\n* $250 Home office stipend\n\n* 401k Plan\n\n* Equity in a profitable company\n\n* Monthly perks reimbursement ($100 a month to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)\n\n\n\n\n\n\nPlease visit www.TaxJar.com/jobs for a full list of our amazing benefits for full-time employees, and to learn more about our values and how we work. You can learn more about our hiring process here.\n\nIf you send us a referral for someone who may be a great candidate for this role, we'll pay you $1,000 if we hire them. To refer someone, please email their full name to [email protected] and add “Candidate Referral - [Job Title]” to the subject line once the individual has applied for a role.


See more jobs at TaxJar

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Carve Systems


closed

Software Deconstruction Engineer Aka. InfoSec Consultant


Carve Systems


infosec

 

consulting

 

dev

 

engineer

 

infosec

 

consulting

 

dev

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nUpdate April 2020: If you are interested in what you read below, please apply and we'll get you started on the process. The process starts with a technical puzzle that should take around an hour and will give you an idea of exactly what we mean by software deconstruction. Got questions? You'll get a short intro call right after the puzzle. This is the best place to raise any questions you might have. Carve just hired someone and we are anticipating a late-summer, early-fall 2020 opportunity for the next great candidate. If you are a great candidate and have a different schedule we can talk about that right up front. Thanks ...the Carve team.\n\nThis job is only listed on Stack Overflow: https://stackoverflow.com/jobs/268907/software-deconstruction-engineer-aka-infosec-carve-systems\n\nWhat's the job?\n\n\n* Information security consulting: assessing the security of software and hardware systems.\n\n* Understanding how systems are built and learning how to break them.\n\n* Working with our experienced team on short-to-medium term engagements.\n\n\n\n\nWhat would you do?\n\nEvery two to three weeks you'll get a new project to work on. A typical project will involve:\n\n\n* Recon: Digging into the functionality, design, and implementation of the software system or device.\n\n* Probing: Searching for implementation weaknesses which could indicate a security issue. This is a combination of tools that we use, tools that we build, and manual probing. For device projects this can include firmware extraction, analysis, and hardware interfacing.\n\n* Extending: Now that you've found a weakness... how far can you extend your access into the system?\n\n* Writing: Now that you've hacked your way in you'll need to write-up your findings and work with the developers to make sure they understand what the problem is and how to fix it.\n\n\n\n\nIf you enjoy puzzles and technical variety you'll find this job very enjoyable.\n\nWho are we looking for?\n\n\n* You do not need to have information security experience. If you've got the right technical background and problem solving skills we can train you in the dark arts of infosec.\n\n* People who enjoy writing code, solving problems with code, and learning how computers work at a fundamental level.\n\n* This is not a "travel every week" type of consultant. We do sometimes work at a client site but most of the time we do our projects remotely.\n\n\n\n\nWe’re hiring for all experience levels: from zero career experience to information security veterans.\n\nSkills & Requirements\n\n\n* Deep experience in software and computers. You may have earned this experience with a degree, career as a software developer, or perhaps you've invested in a technical hobby that took you deep into the rabbit hole.\n\n* Technical writing skills (English)\n\n* Resident of the USA and able to be employed in the USA.\n\n\n\n\nWe encourage remote candidates to reply *if* they are residents of the USA.


See more jobs at Carve Systems

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Shogun Labs


closed

Security Engineer


Shogun Labs


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nWe Are…\n\nShogun, and we're on a mission to help people create the best eCommerce experiences in the world.\n\nWe were in the Winter 2018 batch of Y-Combinator, we just raised a Series A investment, we have over 14,000 active paying clients, and we're preparing to launch a new product in 2020 (you can read more in TechCrunch).\n\nOur teams are fully distributed and global (check out our team page)! We have no office, so we are looking for team members that are comfortable with and motivated by the opportunity to work remotely.\n\n\n\nYou Are…\n\nA self-motivated and passionate Ruby Engineer looking to join our engineering team and help secure our applications and cloud infrastructure.\n\nWe're looking for a talented programmer who is interested in security and eager to help resolve vulnerabilities as they arise, build security processes and tooling, and investigate threats.\n\n\nIn This Role You Will...\n\n\n* Learn from your teammates and help other engineers develop more secure software via design input and code review.\n\n* Contribute to the implementation of secure development practices.\n\n* Resolve security vulnerabilities in the application layer, including those reported through our bug bounty program at Federacy.\n\n* Deliver well-engineered, scalable solutions that improve our defense-in-depth.\n\n* Author and implement an information security policy.\n\n\n\n\n\n\nYou Have...\n\n\n* 5+ years software engineering experience.\n\n* 3+ years of Ruby on Rails, including security responsibilities.\n\n* Proven knowledge of authentication and authorization.\n\n\n\n\n\n\nNice-to-Haves...\n\n\n* Experience with Go, Javascript, MongoDB, and/or Redis.\n\n* Experience securing a cloud platform (AWS, GCP, Azure, etc.).\n\n* Clear and precise written and interpersonal communication skills.\n\n* Effective time management and organizational skills.\n\n* Penetration and vulnerability testing experience.\n\n\n\n\n\n\nWe Offer\n\n\n* Competitive salary\n\n* Benefits (vary by location)\n\n* A highly skilled and dedicated team that is fun to work with.\n\n* Remote work – We are a fully distributed team that works from anywhere with good internet. (+13 countries just on the engineering team!)\n\n* Occasionally, we hire on a full time contractor basis to begin with. Team members enjoy the same opportunities for great compensation, full time positions, and consideration, regardless of location.\n\n\n\n\n\n\nTry Out Shogun\n\nIf you want, you can use Shogun to get a feel for the product. We'd love to hear what you think. Here is how:\n\n* Create a Shopify Developer Account: https://developers.shopify.com\n\n* Create a development store: https://help.shopify.com/en/partners/dashboard/development-stores\n\n* Install Shogun on your development store: https://apps.shopify.com/shogun\n\n* Create a couple of pages. We will take a look.\n\n \n\n\n\nShogun supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity/expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical or mental disability, or any other protected class


See more jobs at Shogun Labs

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Numbrs


closed

Security Engineer


Numbrs


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nNumbrs is reshaping the future of the workplace. We are a fully remote company, at which every employee is free to live and work wherever they want.\n\nNumbrs was founded with the vision to revolutionise banking. Therefore from day one Numbrs has always been a technology company, which is driven by a strong entrepreneurial spirit and the urge to innovate. We live and embrace technology.\n\nAt Numbrs, our engineers don’t just develop things – we have an impact. We change the way how people are managing their finances by building the best products and services for our users.\n\nNumbrs engineers are innovators, problem-solvers, and hard-workers who are building solutions in big data, mobile technology and much more. We look for professional, highly skilled engineers who evolve, adapt to change and thrive in a fast-paced, value-driven environment.\n\nJoin our dedicated technology team that builds massively scalable systems, designs low latency architecture solutions and leverages machine learning technology to turn financial data into action. Want to push the limit of personal finance management? Join Numbrs.\n\nJob Description\n\nYou are responsible for planning, developing, and monitoring all information security aspects of the organisation and our large scale micro-service based distributed systems. From establishing security policies, implementing active defense-in-depth strategies, to conducting reviews of software and infrastructure, you are leading a security-first organisation without compromise. You enjoy learning new things and keep yourself up to date on the latest security threats and defenses. You are a great teammate who thrives in a dynamic environment with rapidly changing priorities.\n\nAll candidates will have\n\n\n* a Bachelor's or higher degree in a technical field of study or equivalent work experience\n\n* a minimum of 3 years security work experience\n\n* experience in establishing organisation wide security policies and procedures in a regulated environment\n\n* experience in penetration testing web-based apps, mobile apps and back-end infrastructure\n\n* experience implementing modern crypto systems and securing sensitive data in motion and at rest\n\n* experience in security auditing of back-end distributed systems and infrastructure\n\n* good knowledge of at least one modern programming language, such as Go, Java, C++, or Python\n\n* hands-on experience with performing code and design reviews\n\n* excellent troubleshooting and creative problem-solving abilities\n\n* excellent interpersonal skills, English written and oral communication\n\n\n\n\nIdeally, candidates will also have\n\n\n* experience with the management of personal data according to the GDPR\n\n* hands-on experience in securing and monitoring Amazon Web Services infrastructure\n\n* good understanding of modern authorisation protocols like OAuth2 and OpenID Connect\n\n* good German written and oral communication skills\n\n\n\n\nLocation: Remote


See more jobs at Numbrs

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Clevertech


closed

Systems Security Engineer


Clevertech


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nWe know that during this time there are concerns around the actuality of hiring needs, we want to assure you that this job is posted for a need that we are eagerly looking to fill. We would love to see your application! Clevertech is a leading consultancy that is on a mission to build transformational digital solutions for the world’s most innovative organizations. Enterprise companies turn to Clevertech to help them launch innovative digital products that interact with hundreds of millions of customers, transactions, and data points.\n\nRequirements\n\n\n* Experience securing data including platform, AWS, installable, back office\n\n* 7+ years experience with network and data security\n\n* CISSP or other industry certification is a plus\n\n* Clearly communicate complex concepts verbally in English\n\n\n\n\nOur Benefits\n\nWe know that people do their best work when they’re taken care of. So we make sure to offer great benefits.\n\n\n* Competitive Vacation Package\n\n* Annual Financial Allowance for YOUR development\n\n* Flexible Family Leave\n\n* Clevertech Gives Back Program\n\n* Clevertech U (Leadership Program, Habit Building, New Skills Training)\n\n* Clevertech Swag\n\n* Strong Clevertech Community\n\n\n\n\nHow We Work\n\nAre you curious about what it's like to work at Clevertech? Check out our YouTube channel  to hear directly from Clevertech developers.\n\nPeople join Clevertech to make an impact. To grow themselves. To be surrounded by developers who they can learn from. We've found that innovation comes from an exchange of knowledge across all of our teams. To put people on the path for success, we nurture a culture built on trust, collaboration, and personal growth. You will work in small feature-based cross-functional teams and be empowered to take ownership. We make a point of constantly evolving our experience and skills. We value diverse perspectives and fostering personal growth by challenging everyone to push beyond our comfort level and try something new. The result? Meaningful work. Getting Hired\n\nWe hire people from a variety of backgrounds who are respectful, collaborative, and introspective. Members of the tech team, for example, come from diverse backgrounds having worked as copy editors, graphic designers, and photographers prior to joining Clevertech. Our hiring process focuses not only on your skills but also on your professional and personal ambitions. We want to get to know you. We put a lot of thought into the interview process in order to get a holistic understanding of you while being mindful of your time. You will solve problems derived from the work we do on a daily basis followed by thoughtful discussions around potential fit. Whatever the outcome, we want you to have a great candidate experience.\n\nAPPLY FOR THIS POSITION


See more jobs at Clevertech

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Sonatype


closed

Senior Security Researcher Applications


Sonatype


infosec

 

senior

 

infosec

 

senior

 
This job post is closed and the position is probably filled. Please do not apply.
\nThe Senior Security Researcher will investigate and analyze vulnerabilities in open-source software. Sonatype is looking for a passionate, driven and talented developer to provide high-quality security data from researching software vulnerabilities.  This is not a development position but relies on development experience to help navigate complex architectures and threat vectors in open-source software. This high-quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family.   If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with the great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals. Key Areas of Focus\n\n\n* Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software\n\n* Document attack capabilities\n\n* Provide detection and remediation guidance\n\n* Aid in ideas and prototypes for new tooling\n\n* Collaborate with other team members toward shared product goals\n\n* Improve Sonatype products by providing valuable security data\n\n* Work with technology and business team members to define and refine requirements in an agile development environment\n\n\n\n\nRequired Background\n\n\n* 5+ years of experience in application security or development experience in Java, C#, Python, JavaScript, C/C++ or Ruby\n\n* Excellent oral and written communication skills\n\n* Excellent organizational skills and detail-oriented\n\n* Ability to work independently and as part of a team\n\n\n\n\nDesired Background\n\n\n* Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field\n\n* Knowledge of application security such as the OWASP Top 10 or Sans 25\n\n* Knowledge of different languages such as Python, Ruby, and scripting\n\n* Knowledge of different operating systems such as *NIX, Windows\n\n* Application vulnerability assessment or penetration testing experience\n\n* Knowledge of open-source environments like Github is a plus\n\n\n


See more jobs at Sonatype

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

CrowdStrike


closed

Engineering Manager Cloud Security


CrowdStrike


infosec

 

exec

 

cloud

 

engineer

 

infosec

 

exec

 

cloud

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nAbout the Role\n\nCrowdStrike is seeking a Senior Manager, SecOps Engineering.  This critical role in the organization will be responsible for leading one or more key areas of the cloud platform. You will help drive and deliver on the technical strategy and roadmap. CrowdStrike is growing rapidly and you will be instrumental in the hiring, retaining and growth of our world class engineers. You will work cross functionally with your peers in the engineering organization as well as leaders in sales and product. We are a remote first company so you must bring your excellent verbal and written communication skills to bear when you are working with your engineering teams and cross functional teams across the globe.\n\nWhat you will need\n\n\n* MS in Computer Science or related field, or equivalent work experience\n\n* Experience in Golang and/or container and container orchestration technologies\n\n* Demonstrated track record of building a strong core engineering team and engineering team management\n\n* 10+ years of software engineering experience in all phases of a software development lifecycle\n\n* 1+ years of hands-on management experience leading engineering teams \n\n* Experience with shipping high quality software in a cloud environments\n\n* Solid grounding in the technology of at least one cloud environment (AWS, Azure, GCP)\n\n* Broad grounding in all aspects of distributed systems development: understanding of distributed systems concepts, authN/Z (OAuth2, etc.) and API development\n\n* Solid design and problem solving skills with demonstrated passion for engineering excellence, quality, security and performance\n\n* Strong cross-group collaboration and interpersonal communication skills working with a variety of roles including engineering, product management, support and sales engineering\n\n* Demonstrated ability to attract and hire talent and grow the team rapidly\n\n* Experience working with remote teams and individuals while ensuring agility and code velocity\n\n* Ability to communicate and articulate crisply at all levels from executive staff to engineers\n\n* Broad general knowledge of the high-technology industry gained in larger enterprise software environments enhanced by ongoing awareness of R&D practices/technology advances\n\n\n\n\nBonus Points\n\n\n* Experience with hybrid cloud environments\n\n* Exposure to/experience with cybersecurity and intelligence.\n\n\n


See more jobs at CrowdStrike

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Fidel


closed
Lisbon

Senior Security Engineer


Fidel

Lisbon

infosec

 

senior

 

engineer

 

infosec

 

senior

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nFidel’s mission is to democratize access to financial data globally so that consumers are in control of their data. Our technology makes transactional data accessible through a single access point for global businesses like Avios, Klarna and the Royal Bank of Canada. We have a record of fast growth and our key investors include Horizon Ventures and Innovate UK.\n\n\nWe recently closed our Series A round, raising $18M from top-tier VCs, including Nyca Partners and QED Investors. We currently have offices in London and Lisbon — and we’re only getting started.\n\n\nIn this exciting period of growth, both within the UK and internationally, we are now looking for an experienced Senior Security Engineer who wants to be part of this journey.\n\n\n\n\nWhat you’ll do:\n\n\n* Identify and define system security requirements;\n* Prepare and document standard operating procedures and protocols;\n* Configure and troubleshoot security infrastructure devices;\n* Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks;\n* Ensure that the company knows as much as possible, as quickly as possible about security incidents;\n* Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement;\n\n\n\n \n\n#Salary or Compensation\n - /year\n\n\n#Location\nLisbon


See more jobs at Fidel

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SemanticBits


closed

Security Engineer


SemanticBits


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nSemanticBits is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.\n\nThe selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.\n\nResponsibilities:\n\n\n* Collaborating with various teams to secure new platforms/applications\n\n* Implementing platform security and framework improvements\n\n* Implementing analysis and monitoring tools\n\n* Working with engineering and QA teams to build tools and scale security in a continuous deployment environment\n\n* Assessing the security of applications, APIs, and platforms via penetration testing and code reviews\n\n* Document System Security plan and Contingency Plans for related projects\n\n\n\n\nRequired Qualifications:\n\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience\n\n* At least 5 years of experience in the following;\n\n\n\n* NIST 800-53 security controls\n\n* Penetration Testing\n\n* System Hardening (blue team)\n\n* Programming/Scripting (java, node, python, etc)\n\n* Incident Response\n\n\n\n* Strong knowledge to perform below tests:\n\n\n\n* Penetration testing\n\n\n\n* Static Analysis/Static Application Security Testing\n\n* Vulnerability Assessment/Scanning\n\n* Dynamic Analysis/Dynamic Application Security Test (DAST)\n\n* Malicious Software Analysis\n\n\n\n\n\n* Strong foundation in one or more of the following:\n\n\n\n* Data management security\n\n* Authentication\n\n* Applied cryptography\n\n* Linux security\n\n* Network & Cloud security\n\n\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardware\n\n* Understanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n\n\n\nOne or more of the following certifications is preferred;\n\nOSCP, OSCE, OSWE, CISSP, GPEN, GXPN \n\nNice to Have: \n\n\n* Strong engineering background \n\n* Application architecture experience \n\n* Experience working in the healthcare industry\n\n* Federal Government contracting work experience\n\n* Prior experience working remotely full-time\n\n\n\n\nPhysical and emotional requirements for the job:\n\nThis position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations. \n\n\n\n\n\nBenefits:\n\n\n* Generous base salary\n\n* Three weeks of PTO\n\n* Excellent health benefits program (Medical, dental and vision)\n\n* 401k retirement plan. We contribute 3% of base salary irrespective of employee's contribution\n\n* 100% paid short-term and long-term disability\n\n* 100% paid life insurance\n\n* FSA\n\n* Casual working environment\n\n* Flexible office hours\n\n* New laptop (Mac or PC - your choice)\n\n\n\n\nSemanticBits, LLC is an equal opportunity, affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law. We are also a veteran-friendly employer.


See more jobs at SemanticBits

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

American Farm Bureau Insurance Services


closed

Chief Information Security Officer System Security Supervisor


American Farm Bureau Insurance Services


sys admin

 

infosec

 

admin

 

sys admin

 

infosec

 

admin

 
This job post is closed and the position is probably filled. Please do not apply.
\nPOSITION OBJECTIVE: Position is responsible for overseeing the System Security Department. Safeguard the organization’s computer network and systems, conducting day-to-day security monitoring, identifying weaknesses, and recommending and implementing improvements. Manages the day-to-day information security operations by working closely with team members to ensure directed objectives are met. To implement and maintain corporate network communication strategies and security to assist the organization and its customers effectively and securely.\n\nREPORTS TO: Information Systems Director\n\nDUTIES and RESPONSIBILITIES:\n\n· Manages the process of log collection via our Security Information and Event Management tool; conducts appropriate monitoring and log analysis, to ensure threats are identified and mitigated.\n\n· Conducts vulnerability assessments for AFBIS utilizing available tooling, builds and provides reports to peers and the IS Director, ensures findings are followed up on and remediated.\n\n· Conducts routine security risk assessments, maintains and tracks the resolution of all risks to completion, including assigning specific risks to self or others based on the need.\n\n· Evaluate and recommend new and emerging security solutions and best practices, works to ensure our Cybersecurity program complies with applicable standards / regulations.\n\n· Conduct forensics around security incidents as applicable\n\n· Directly manages specific information security tooling, including encryption tools, mail monitoring tools, anti-malware tools, and digital loss prevention tools.\n\n· Oversees the security hardening on all AFBIS devices exposed to the network through MDM and other tools.\n\n· Conducts security research in keeping abreast of latest security issues and tools.\n\n· Oversees installing, maintenance and support of hardware and software that assists the organization to better utilize the network, computers, and security.\n\n· Manage, review, and develop VPN for customers and employees to securely connect to AFBIS.\n\n· Keep employees and customers informed by communicating security status that could involve them.\n\n· Researches current hardware and software products to make recommendations to the Information Systems Director for methods to provide employees and customers with the best possible solutions for communications.\n\n· Ordering, tracking, and invoice approval for AFBIS purchases.\n\n· Evaluate employee performance.\n\n· Oversee and coordinate employees\n\n· Other duties as assigned.\n\nRELATIONSHIPS: Works on a daily basis with other team members of the Information Systems Department. Works with other AFBIS team members and staff as needed. Works with vendors and customers as required. Participate as an employee and representative of AFBIS, Inc. in a professional and courteous manner.\n\n\nNOTE: The preference is for this position to be based in the AFBIS, Inc. Office in Fargo, ND. Remote candidates will be considered.


See more jobs at American Farm Bureau Insurance Services

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Defiant


closed

Security Analyst Forensics Remediation


Defiant


infosec

 

analyst

 

infosec

 

analyst

 
This job post is closed and the position is probably filled. Please do not apply.
\nDefiant is a small, dynamic, fast-growing, and profitable company with loyal customers who love our products and services. We are the global leader in WordPress security, protecting over 3 million websites.\n\nWe're seeking a Security Analyst to work on a contract basis from your home office in Australia or New Zealand from approximately 9-5 AEST Monday through Friday.\n\nCompany Culture\n\nYou'll work with a talented and highly-motivated team that is friendly, fast-moving, self-managing, and highly capable with a sense of humor. Our team's family time is important; we won't typically require long hours when we can avoid it, which is almost always. Our entire team works remotely using Slack for casual interaction, ­so you can live practically anywhere you have a good Internet connection. There's no micro-­management here—we trust that you will see tasks through to completion and communicate with your fellow team members when needed or ask for help when needed.\n\nAt Defiant, ‘trust’ is the attribute we value most highly among our team members. We need to know that you can grab a task, communicate clearly with stakeholders, and see the task to completion with superb attention to detail.\n\nWe use apps like Slack, FogBugz, GitHub, and Google Apps for our workflow.\n\nJob Description\n\nWe are looking for security analysts to join our forensics team. You will assist our customers to investigate how their site was hacked and to repair their site and remove all traces of the intrusion. In addition to this you will also collect evidence from intrusions that will help improve our threat detection. You will need to determine how the intrusion occurred and then collect all IOC’s (indicators of compromise) and share this data with our product team in a structured way.\n\nGeneral requirements:\n\n\n* You must be highly technical and be comfortable with a wide range of open source tools.\n\n* Excellent written and verbal communication skills.\n\n* You must work well in a team.\n\n* You must be nimble, be able to come up with creative solutions to challenging problems and must have a mature approach to problem solving.\n\n* Attention to detail.\n\n\n\n\n\n\n\nRequirements\n\n\nThe specific skills we require for this position are:\n\n\n* A solid understanding of regular expressions. You need to be able to write expressions on the fly to match and remove only malicious code (which is often polymorphic) without affecting any legitimate code.\n\n* At least 5 years of experience administering LAMP systems.\n\n* Ability to program in PHP and JavaScript. Other languages like Python a strong plus.\n\n* Understanding of SQL and ability to use the MySQL client.\n\n* Experience investigating hacked websites, determining how the intrusion occurred and removing the intrusion and restoring the site to a fully functional state.\n\n* An understanding of all major vulnerability types and the ability to explain them to a customer.\n\n* Ability to analyze web log files and determine how an intrusion occurred.\n\n* Must be able to use Linux shell tools like grep, find and any other utility that can assist with investigation and remediation.\n\n* Experience with WordPress required.\n\n* You must be well versed in information security and any certifications you already have in penetration testing or forensics are a strong plus.\n\n\n\n\nAll positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing working relationship.\n\nAll offers are contingent on successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a offer of work with the company.\n\n\n\n\nBenefits\nFull-time telecommuting with a company that has been 100% remote for over 5 years. \n\nDiversity at Defiant\n\nWe value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.\n\nHIRING PROCESS\n\nWe have a unique process that we use when it comes to hiring our forensic and remediation team. It works as follows:\n\n* The initial step is to fill in the form provided in this application. This is very important because we look at your answers to this form before we look at any other part of your application. The way you answer our form will largely determine if your application moves on to the next step.\n\n* If approved, we will ask you to answer a set of questions to further measure your aptitude in the required skills as well as your written communication.\n\n* If you perform well on the questions, you will move on to a final phone interview via Skype.\n\n* If you are successful, you will join our fast-paced team and start contributing valuable research to Wordfence and the larger online community. All Security Analyst positions start on a paid 3 week trial contract that is available part-time (at least 15 hours per week) with flexible hours.\n\n


See more jobs at Defiant

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Loadsmart

 

closed

Security Engineer  


Loadsmart


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nWho we are: Loadsmart aims to move more with less. We combine great people and innovative technology to more efficiently move freight throughout North America. Our focus is on designing and building the best tools for our team and our customers, using machine learning algorithms to connect cargo with trucks. By better matching supply and demand, we reduce wasted fuel and lost time, cutting out empty miles for motor carriers and providing instant booking for shippers. \n\nWho you are: You believe in game-changing innovations and are excited about reimaging a 700 billion dollar industry.  You take your impact seriously. You are passionate about building solutions that create sustainable, resilient, long-lasting value. You are a first-rate site reliability engineer, with experience and a proven ability to think about deploying software development projects.\n\nThe role: We are looking for a Security Engineer to work remotely based in Brazil or in Florianopolis with Loadsmart. You need to be obsessed about security, both technical and non technical aspects of it. You should have experience and proven ability to analyze, propose and implement safer systems and processes.\n\nKey Responsibilities:\n\n\n* Take a leadership role in driving internal security projects.\n\n* Do regular risk assessment over important assets of the company.\n\n* Build security plans, coordinate among involved people and execute.\n\n* Do regular security tests and code reviews to look for possible threats.\n\n* Assess security aspects of new architectural proposals.\n\n* Analyze non software security threats.\n\n* Document operational procedures and protocols regarding security. \n\n* Maintain disaster recovery plans and train staff on security procedures.\n\n* Generate security reports whenever needed.\n\n\n\n\n Qualifications:\n\n\n* Proved experience as a security engineer or related\n\n* Advanced Linux and networking experience\n\n* Programming experience with Python and at least one more programming language\n\n* Experience with AWS\n\n* Experience with relational databases (PostgreSQL) or columnar databases (Vertica, Redshift, Greenplum) a plus\n\n* Good communication and project management skills\n\n* BS or MS in Computer Science or related field\n\n\n


See more jobs at Loadsmart

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

IOVLABS


closed

Applications Security Engineer


IOVLABS


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nWe are seeking a Security Engineer !\n\nWe’re looking for a person who is passionate, analytical, and hard-working, with an interest in cryptocurrencies and the blockchain ecosystem. \n\nAs part of our IOV Labs Security Team, you will help to research attacks and defense techniques and develop innovative tools to help automate detection and response tasks. You will also work in close collaboration with internal development teams to develop new capabilities to improve the security of web and decentralized applications, its users, and the company's infrastructure. We’re looking for an offensive security engineer who wants to challenge themselves on the defensive side of the table.\n\nMain Responsibilities:\n\n\n* Develop and deploy security tools, monitoring, and detection infrastructure.\n\n* Investigate security incidents.\n\n* Conduct research on attack techniques to better predict and prevent future attacks.\n\n* Interact with internal teams, contribute to the secure design of new products and features.\n\n* Review source code for security weaknesses.\n\n\n\n\nExperience & Skills Required\n\n\n* Significant experience in application and network security.\n\n* Knowledge of Java, Python, Javascript, Go.\n\n\n\n\nOther Desired Skills\n\n\n* Experience with cryptocurrency networks\n\n* Knowledge of C/C++, Rust.\n\n* Experience with virtual and containerized environments\n\n* Experience conducting vulnerability research\n\n* Experience mitigating network attacks\n\n* Experience in incident detection, incident response, and forensics\n\n\n\n\nType\n\n\n* Full time & remote !!\n\n\n\n\n Join our team to be part of the next technological revolution and help us build the Internet of the Future.


See more jobs at IOVLABS

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Ascension


closed

Security Architect


Ascension


infosec

 

architecture

 

infosec

 

architecture

 
This job post is closed and the position is probably filled. Please do not apply.
\nWhat You Will Do\n\nThe Cloud IAM Architect provides technical leadership in the planning, design and implementation phases of Cloud IAM. Associate in this role will work cross-functionally to help implement and operationalize some of the most advanced cloud architectures running in the Cloud.\n\nResponsibilities:\n\n\n* \n\nWork with various cloud providers (AWS, Azure, Google) to create, maintain and enforce policies and procedures that govern the IAM roles in all cloud infrastructures.\n\n\n* \n\nProvide day to day and escalated support for cloud and on-premise identity systems (Active Directory, Azure AD, G Suite/Google Cloud Identity.\n\n\n* \n\nSubject matter expert for cloud identity and access management processes and procedures for GCP and Azure cloud infrastructures\n\n\n* \n\nImplements policies and procedures based on cloud governance and best practices.\n\n\n* \n\nWork alongside engineering teams to implement solutions for infrastructure and POCs, deliver technical expertise and establish best practices to manage Cloud Identities and Access.\n\n\n* \n\nDesigns and supports application authentication methods across Ascension. \n\n\n* \n\nExamples include OAuth, SAML, LDAP (Azure AD, OID, Optimal, G Suite). \n\n\n* \n\nCreate and maintain a new IAM approval process using IdentityIQ (SailPoint) to automate and simplify the approval process for granting access to cloud resources. \n\n\n* \n\nAssists with decisions based on the highest degree of technical complexity and thorough understanding of the implications across the organization.\n\n\n* \n\nTranslates application and end user system requirements into technical requirements.\n\n\n* \n\nAnalyzes and solves complex problems, making recommendations as needed, applying creative, in-depth technical and theoretical knowledge.\n\n\n* \n\nDefines strategies for networking, server platform, desktop services, and security required to support Clinical Foundation Suite environment\n\n\n* \n\nLeads orientation and planning review sessions with the local Information Technology project managers.\n\n\n* \n\nAssists the national technical program manager in the development and maintenance of the standard project plan template.\n\n\n* \n\nThe candidate must have knowledge of multiple technology platforms and architecture.\n\n\n\n\n\nQualifications\nEducation:\n\n\n* \n\nBachelor's degree preferred or equivalent experience\n\n\n\n\n\nWork Experience:\nRequired\n\n\n* \n\n5-7 years of experience in Information Security\n\n\n* \n\nCloud Identity and Access Management to create and manage permissions for Google Cloud (GCP) resources.\n\n\n* \n\nIn-depth understanding of Identity and Access Management (IAM) concepts and processes\n\n\n* \n\nDesigning and developing Cloud-specific security policies, standards and procedures.\n\n\n* \n\nDesigning and enforcing IAM policies to support Data Governance and DLP \n\n\n* \n\nKnowledge and understanding of network and security fundamentals, protocols, and technologies\n\n\n* \n\nAdvanced Information Security technical skills and understanding of information security practices and policies\n\n\n* \n\nHands on design, implementation, configuration, integration and deployment experience in the Cloud technologies\n\n\n\n\n\nPreferred\n\n\n* \n\n3+ years of experience deploying, building, and maintaining applications on Google Cloud Platform (GCP).\n\n\n* \n\nExperience protecting PII information using encryption and data masking/sub-setting technologies.\n\n\n* \n\nKnowledge in requirement gathering, creating SOPs, documentation and reporting\n\n\n* \n\nDemonstrated experience in leading cross functional initiatives along with demonstrated experience interacting with and influencing decision-making by non-analytical business audiences\n\n\n* \n\nExperience in integrating provisioning systems with PeopleSoft ERP\n\n\n* \n\nWorking knowledge of all aspects of the security audit process\n\n\n* \n\nGCP Professional Cloud Architect or Professional Cloud Developer certification\n\n\n\n\n\nWhat You Will Need\n\nEducation:\n\n\n* Diploma \n\n\n* High school diploma/GED with 2 years of experience, or Associate's degree, or Bachelor's degree required\n\n\n\n\n\n\n\n\nWork Experience:\n\n\n* 1 year of experience required. 4 years of experience preferred. 2 years of leadership or management experience preferred.\n\n\n\n\nEqual Employment Opportunity


See more jobs at Ascension

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Open-Xchange


closed

Platform Security Engineer EU


Open-Xchange


infosec

 

engineer

 

infosec

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nThis position will support our SaaS email platform, providing service to large customers for tens of millions of end users.Core competencies required include platform security, automated deployment, virtualization and internet protocols. You will be expected to provide quick resolution of difficult technical problems. This position will also be responsible for major contributions to technical architecture, documentation and systems project management. \n\nWe can only employ people from the following countries: Germany, Austria, Netherlands, Finland, Italy, Spain, and France.\n\n\n Your key responsibilities / Your passion\n\n\n* Review and evaluate current security standards based upon best practices and latest technologies\n\n* Server configuration and management using IaC (Terraform, Ansible, Chef)\n\n* Define and implement platform architecture and binding security concepts/policies at a deeply technical level both internally and externally\n\n* Ensure the security requirements of our customers and that the requirements for our security certifications (ISO 27001) are met and documented correctly\n\n*  Assist with an overall security concept for our container platform approach\n\n* Work closely together with our platform architecture experts, with a particular focus on the security of the platform\n\n* Assit in providing security related feedback for mission-critical software such as Dovecot, LDAP, Galera, Cassandra, OX AppSuite with a particular focus on hardening\n\n* Prepare system security reports by collecting, analyzing, and summarizing data and trends\n\n* Maintain security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs\n\n* Document architecture and essential function methodologies\n\n* Collaboration with global operations teams\n\n\n\n\n\n \n Your background / What you bring to the table\n\n\n* Bachelor or master degree in computer science or comparable +10 years job experience\n\n* 3+ years experience in the area of Operations security\n\n* 8+ years experience working with Linux\n\n* Strong experience with configuring, validating and securing environments utilizing firewalls and iptables\n\n* Experience and understanding of hardening Linux-based environments with heterogenous applications\n\n* Knowledge of Internet, authentication, and authorization protocols (HTTP, LDAP, SAML, OAuth/Openid Connect), Privileged Identity Management, Identity Federation\n\n* Knowledge of symmetric and asymmetric encryption technologies, including concepts such as Forward Secrecy, Padding Modes, Elliptic Curves\n\n* Strong Experience with Linux kernel tuning, TCP/IP, Mcast and strong networking fundamentals\n\n* Experience with configuring and operating a Host-based IDS such as OSSEC across a large platform\n\n* Deep understanding of encryption technologies, including keeping cipher suite configurations up-to-date at the OS and application level\n\n* Experience with security incident response\n\n* Solid understanding of networking concepts: the OSI model, TCP, IP, routing, firewalls, load balancers\n\n* Interest in learning new technologies and working with proof of concepts to promote new technologies\n\n* Excellent written and verbal communication skills; willingness to present technical information to a group\n\n* Understanding of multi-tiered applications\n\n* Experience with logging technologies such as Graylog, ELK stack, or Splunk\n\n* Design operation concepts, implementation of IaC automation and provide documentation \n\n* Lead and assist in areas of technical innovations and security improvements\n\n* Some domestic and international travel will be required\n\n\n\n\n\n Our offer to you\n\n\n* Exciting work on a modern open-source cloud software in an internationally operating company\n\n* Plenty of scope for your own ideas and design decisions\n\n* Flexible working hours and the ability to work from home\n\n* Equipped with the up-to-date hardware\n\n* Trainings and continuous personal development\n\n* Flat hierarchies with an "Open Door" philosophy\n\n\n


See more jobs at Open-Xchange

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Auth0


closed

Software Engineering Manager Product Security


Auth0


infosec

 

product manager

 

dev

 

exec

 

infosec

 

product manager

 

dev

 

exec

 
This job post is closed and the position is probably filled. Please do not apply.
\nAuth0 is a pre-IPO unicorn. We are growing rapidly and looking for exceptional new team members to add to our teams and will help take us to the next level. One team, one score. \n\nWe never compromise on identity. You should never compromise yours either. We want you to bring your whole self to Auth0. If you’re passionate, practice radical transparency to build trust and respect, and thrive when you’re collaborating, experimenting and learning – this may be your ideal work environment.  We are looking for team members that want to help us build upon what we have accomplished so far and make it better every day.  N+1 > N.\n\nAuth0 is a security company and Auth0's Security organization is in the privileged position of supporting a security-first culture for a company that wants to make the Internet safer. The Product Security team mission is to ensure that Auth0 products are as secure as our customers trust them to be. We partner closely with our Engineering and Product teams to embed security into every stage of the product life cycle.\n\nWe are looking for a Software Engineering Manager with a passion for both building and breaking things to solve security problems in partnership with our Engineering teams. You will have a chance to apply your skills and passion to improve the security of our product on a daily basis.\n\nIn this role you will:\n\n\n\n\n* Mentor and develop your team of security engineers by supporting their goal setting and career growth.\n\n* Foster a collaborative culture between Security and Product Delivery teams.\n\n* Work in partnership with other engineering and product managers to improve security posture of Auth0 products and systems.\n\n* Work to build defensive controls using early software lifecycle tools and techniques.\n\n\n\n\n\n\nOur ideal candidate will have:\n\n\n\n\n* Experience in people management and technical leadership roles.\n\n* Significant past experience in security or software engineering.\n\n* Strong understanding of Web application security.\n\n* Familiarity with secure development practices, security testing techniques, and threat modeling.\n\n* Ability to explain complex security issues and their impact to diverse audiences.\n\n\n\n\n\n\nAlso nice if you have:\n\n\n\n\n* Experience with identity protocols such as OpenID Connect or SAML.\n\n* Experience with JavaScript (Node.js) or Go development.\n\n\n\n\n\n\nYou can learn more about our hiring process here. Auth0’s mission is to help developers innovate faster. Every company is becoming a software company and developers are at the center of this shift. They need better tools and building blocks so they can stay focused on innovating. One of these building blocks is identity: authentication and authorization. That’s what we do. Our platform handles 2.5B logins per month for thousands of customers around the world. From indie makers to Fortune 500 companies, we can handle any use case.\n\nWe like to think that we are helping make the internet safer.  We have raised $210M to date and are growing quickly. Our team is spread across more than 35 countries and we are proud to continually be recognized as a great place to work. Culture is critical to us, and we are transparent about our vision and principles. \n\nJoin us on this journey to make developers more productive while making the internet safer!


See more jobs at Auth0

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

DHIS2


closed

Security Software Engineer


DHIS2


infosec

 

dev

 

engineer

 

digital nomad

 

infosec

 

dev

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
\nAt DHIS 2 we are making a positive impact on the world. DHIS 2 software engineers develop a platform used to improve health care at a global scale. We work directly with end-users in order to understand how our system is being used. DHIS 2 developers work in small teams and have great impact on the product. We are seeking a security software engineer who is passionate about creating secure, reliable software systems.\n\nDHIS 2 is a web-based, open source data platform used by governments, international development agencies and NGOs in more than 90 countries worldwide. It is currently recognized as the world's most widely adopted e-health information platform. The system is used to improve access and use of information within health, education, sanitation, nutrition, disaster relief and other domains. The platform has become a global standard within international development and has a huge impact on the way health systems are being managed.\n\nDHIS 2 is changing the way developing countries and NGOs manage their health systems and programs through a world class data platform. We work on projects with global reach and scale, such as:\n\n\n* Disease surveillance and monitoring in collaboration with the Centers for Disease Control and Prevention (CDC). DHIS 2 is used to notify the right people about possible disease outbreaks so that action can be taken in time.\n\n\n\n\n\n* HIV/AIDS control in collaboration with PEPFAR, the largest initiative ever for combating a single disease. DHIS 2 is used to collect data and provide analytics and insights into how funding can be spent most effectively.\n\n\n\n\n\n* Health information management systems with more than 60 ministries of health worldwide, including South Africa, Tanzania, Ghana and Cambodia. DHIS 2 is used to collect and analyze data for areas such as service utilization, family planning and immunization.\n\n\n\n\n\n* Program monitoring and evaluation with more than 70 NGOs such as Medecins Sans Frontieres, Save the Children, and PSI. DHIS 2 is used to analyse the impact of programs, improve planning and guide resource utilization.\n\n\n\n\nAt DHIS 2 you will be specialize in building and maintaining a secure and reliable software platform. You will play a key role in the software design, implementation and testing, where you apply security thinking and best-practices to the process. You will advise, train and encourage fellow engineers to adopt secure software development practices, as well as writing source code on your own. The role encourages you to research and identify security flaws and attack vectors in the source code base, as well as ensuring these will be corrected. You will help defining and implementing an organization-wide security strategy.\n\nAt our team you will be part of the software design process and have great influence on the end product. We give you the vision and the challenge - you have the freedom to choose your own approach to problem solving. And of course, you can pick your hardware, tools and software of choice.\n\nOur platform is built API-first with an extensible app architecture. We do continuous delivery and short iterations. You can find our source code on GitHub. Check out the backend repository and a typical front-end app repository.\n\nTo learn more about how it is to work at DHIS 2, have a look at this video.\n\n\n\nSkills\n\n\n* Experience with secure software engineering practices.\n\n* Knowledge about application security risks including OWASP top 10.\n\n* Experience with Java development (Java 8) and Maven.\n\n* Experience with PostgreSQL, MySQL or other relational databases.\n\n* Working proficiency and communication skills in verbal and written English.\n\n\n\n\n\n\nNice-to-have skills\n\n\n* Relevant security certifications.\n\n* Work experience from similar role.\n\n\n\n\n\nLocation\n\nFor this position we accept both remote, partly remote and on-site work at our Oslo offices.


See more jobs at DHIS2

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

OneMain Financial


closed

InfoSec IT Project Manager


OneMain Financial


infosec

 

exec

 

infosec

 

exec

 
This job post is closed and the position is probably filled. Please do not apply.
\nOneMain Financial is a successful and fast-growing financial services company. Due to company growth, we are looking for an experienced IT Project Manager to join our team.  The IT Project Manager will be responsible for concurrently managing complex projects, focused on the implementation of technology and information security initiatives. The ideal candidate will be self-motivated, outgoing, and enthusiastic.  They will thrive on learning new things while proactively identifying innovative solutions to problems.\n\nRole may be located at one of the following offices Baltimore, MD or Evansville, IN.  We will consider a remote location for the right candidate. \n\nResponsibilities:\n\n\n* Define project scope, goals and deliverables that support company objectives in collaboration with management and stakeholders.\n\n* Manage technical projects, utilizing established project tools and methodologies, with minimal guidance.\n\n* Develop and manage comprehensive project plans and associated project documents.\n\n* Proactively address changes in project scope, identify potential risks and devise contingency plans.\n\n* Coordinate resources (team members, equipment and consultants) across multiple projects and departments. \n\n* Effectively communicate project expectations to team members and stakeholders in a timely and clear fashion.\n\n* Compile and report project status across the organization.\n\n* Manage vendor selection process and coordinate vendor efforts throughout the project.\n\n* Coach, train, mentor, and direct the work of less experienced team members.\n\n\n\n\nQualifications: \n\n\n* Bachelor’s Degree, or equivalent professional experience\n\n* 5 years of experience including experience managing technology or information security projects.\n\n* Strong knowledge of Information Security in an enterprise environment\n\n* Highly motivated self-starter with proficiency in managing competing priorities.\n\n* Demonstrated understanding of the flexibility required in real world implementations.\n\n* Able to conform to shifting priorities and demands through analytical and problem-solving capabilities.\n\n* Ability to influence others to gain consensus.\n\n* Able to work on cross-functional, inter-department project teams with tight deadlines and heavy workloads.  \n\n* Attention to detail and strong organizational skills, to handle concurrent projects.\n\n* Excellent communication skills and experience interacting with business and technical individuals at all levels.\n\n* Technical background with broad knowledge of computer systems, networking and information security concepts.\n\n* Strong computer skills, and experience with Microsoft Office applications required.\n\n* Strong presentation skills and experience delivering training (a plus).\n\n* Working knowledge of Agile, DevOps, CI/CD and ITIL (a plus).\n\n* Act independently with general supervision.\n\n* May include travel.\n\n\n\n\nNote: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.\n\nBenefits:\n\nAt OneMain, we understand that for our team members to be their best, they need the right opportunities and benefits.  Our comprehensive benefits package for full-time and some part-time employees includes health and well-being options for team members and dependents, up to 4% matching 401(k), tuition reimbursement, continuing education, incentive pay, paid time off, paid volunteer time and more.\n\n Our Company:\n\nOneMain Financial is the country’s largest lending-exclusive financial company.  With nearly 1,600 branches across 44 states, we proudly offer safe, affordable and transparent installment loans to millions of hard-working people. Our customers turn to us to meet important financial needs, including debt consolidation, medical expenses, household bills, home improvements and auto purchases. OneMain is constantly innovating to serve customers when, where and how they want by investing in our technical digital capabilities. Our steadfast commitment to doing the right thing extends to our customers, our employees and the communities where we live and work – a mission that hasn’t changed for more than 100 years.


See more jobs at OneMain Financial

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

HashiCorp


closed

Test Infrastructure Engineer Security Products


HashiCorp


golang

 

infosec

 

testing

 

engineer

 

golang

 

infosec

 

testing

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - Test Infrastructure Engineer, Security ProductsREMOTEAbout HashiCorpHashiCorp is a fast-growing startup that solves development, operations, and security challenges in infrastructure so organizations can focus on business-critical tasks.  We build tools to ease these de...


See more jobs at HashiCorp

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

User Research International


closed

Paid Research Study For Security Analysts Administrators Engineers


User Research International


infosec

 

infosec

 
This job post is closed and the position is probably filled. Please do not apply.
\nUser Research International is a research company based out of Redmond, Washington. Working with some of the biggest companies in the industry, we aim to improve your experience via paid research studies. Whether it be the latest video game or productivity tools, we value your feedback and experience. We are currently conducting a research study called IT Security Study. We are looking Security Analyst, Administrators, Engineers and/or Consultants with Proofpoint, Barracuda or Mimecast portal experience. This study is a one-time Remote Study via an online meeting. We’re offering $200 for participation in this study. Session lengths are 90 minutes. These studies provide a platform for our researchers to receive feedback for an existing or upcoming products or software. We have included the survey link for the study below. Taking the survey will help determine if you fit the profile requirements. Completing this survey does not guarantee you will be selected to participate.  If it's a match, we'll reach out with a formal confirmation and any additional details you may need.\n\nI have summarized the study details below. In order to be considered, you must take the survey below. Thank you!\n\nStudy: IT Security Study\n\nLocation: Remote via web meeting\n\nDuration: 90 Minutes\n\nGratuity: $200\n\nDates: May 19th – 27th  \n\nSurvey: IT Security Study


See more jobs at User Research International

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

User Research International


closed

Paid Research Study For Security Developers Engineers


User Research International


infosec

 

infosec

 
This job post is closed and the position is probably filled. Please do not apply.
\nUser Research International is a research company based out of Redmond, Washington. Working with some of the biggest companies in the industry, we aim to improve your experience via paid research studies. Whether it be the latest video game or productivity tools, we value your feedback and experience. We are currently conducting a research study called Incident Management Study. We are looking for Security Devs/Engineers with software security experience who use Microsoft Azure, BitBucket, GitLab and/or SourceForge. This study is a one-time Remote Study via an online meeting. We’re offering $100 for participation in this study. Session lengths are 75 minutes. These studies provide a platform for our researchers to receive feedback for an existing or upcoming products or software. We have included the survey link for the study below. Taking the survey will help determine if you fit the profile requirements. Completing this survey does not guarantee you will be selected to participate.  If it's a match, we'll reach out with a formal confirmation and any additional details you may need.\n\nI have summarized the study details below. In order to be considered, you must take the survey below. Thank you!\n\nStudy: Incident Management Study\n\nLocation: Remote via web meeting\n\nDuration: 75 Minutes\n\nGratuity: $100\n\nDates: May 19th – 20th\n\nSurvey:  Incident Management Study


See more jobs at User Research International

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

User Research International


closed

Paid Research Study For Information Security Admins Anddata Privacy Officers


User Research International


infosec

 

infosec

 
This job post is closed and the position is probably filled. Please do not apply.
\nUser Research International is a research company based out of Redmond, Washington. Working with some of the biggest companies in the industry, we aim to improve your experience via paid research studies. Whether it be the latest video game or productivity tools, we value your feedback and experience. We are currently conducting a research study called Data and Security Study. We are looking for currently employed Information Security Admins and/or Data Privacy Officers/Specialists. This study is a one-time Remote Study via an online meeting. We’re offering $200 for participation in this study. Session lengths are 90 mins. These studies provide a platform for our researchers to receive feedback for an existing or upcoming products or software. We have included the survey link for the study below. Taking the survey will help determine if you fit the profile requirements. Completing this survey does not guarantee you will be selected to participate.  If it's a match, we'll reach out with a formal confirmation and any additional details you may need.\n\nI have summarized the study details below. In order to be considered, you must take the survey below. Thank you!\n\nStudy: Data and Security Study\n\nGratuity: $200\n\nSession Length: 90 mins\n\nLocation: Remote\n\nDates: Available dates are located within the survey\n\nSurvey: Data and Security Study


See more jobs at User Research International

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

User Research International


closed

Paid Research Study For Security Engineers Lead Developers


User Research International


infosec

 

exec

 

infosec

 

exec

 
This job post is closed and the position is probably filled. Please do not apply.
\nUser Research International is a research company based out of Redmond, Washington. Working with some of the biggest companies in the industry, we aim to improve your experience via paid research studies. Whether it be the latest video game or productivity tools, we value your feedback and experience. We are currently conducting a research study called the Development Security Study. We are looking for currently employed Full-Time Leads/Engineers/Developers who manage the security of the software development process. This study is a one-time Remote Study via an online meeting. We’re offering $125 for participation in this study. Session lengths are 45 minutes. These studies provide a platform for our researchers to receive feedback for an existing or upcoming products or software. We have included the survey link for the study below. Taking the survey will help determine if you fit the profile requirements. Completing this survey does not guarantee you will be selected to participate.  If it's a match, we'll reach out with a formal confirmation and any additional details you may need.\n\nI have summarized the study details below. In order to be considered, you must take the survey below. Thank you!\n\nStudy: Development Security Study \n\nGratuity: $125\n\nSession Length: 45 minutes \n\nLocation: Remote \n\nDates: Available dates are located within the survey\n\nSurvey: Development Security Study


See more jobs at User Research International

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SemanticBits

 

closed

Security Analyst  


SemanticBits


infosec

 

analyst

 

infosec

 

analyst

 
This job post is closed and the position is probably filled. Please do not apply.
\nSemanticBits is looking for a Security Analyst to keep our business, users, and data safe by assuring the security of our applications and platforms. This position requires collaboration within the security team and our delivery teams to ensure compliance with security requirements. This role is heavily focused on compliance, policy, and documentation and will support security engineers with system hardening and penetration testing. The ideal candidate will have experience with either Federal Government Security Control Assessment (SCA) or the Payment Card Industry (PCI) Security Standard.\n\n\nResponsibilities:\n\n\n* Document System Security Plan and Contingency Plans for related projects\n\n* Responsible for documenting and evaluating security policies\n\n* Ensure security systems are up to date and create documentation and planning for all security-related information; including incident response and disaster recovery plans\n\n* Review policies and procedures for compliance with applicable standards and identify areas of improvement for finding remediation\n\n* Interact with senior level management, including the ISSO\n\n\n\n\nRequired Qualifications:\n\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience\n\n* CISSP certification\n\n* At least 5 years of experience in the following;\n\n\n\n\n* NIST 800-53 security controls\n\n* Penetration Testing\n\n* System Hardening (blue team)\n\n* Programming/Scripting (java, node, python, etc)\n\n* Incident Response\n\n\n\n\n* Strong knowledge of and ability to perform the below tests:\n\n\n\n\n* Penetration testing\n\n* Static Analysis/Static Application Security Testing\n\n* Vulnerability Assessment/Scanning\n\n* Dynamic Analysis/Dynamic Application Security Test (DAST)\n\n* Malicious Software Analysis\n\n\n\n\n* Strong foundation in one or more of the following:\n\n\n\n\n* Data management security\n\n* Authentication\n\n* Applied cryptography\n\n* Linux security\n\n* Network & Cloud security\n\n\n\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardware\n\n* Understanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n* Flexible and willing to accept a change in priorities as necessary\n\n\n\n\n\nNice To Have:\n\n\n* Strong engineering background \n\n* Application architecture experience\n\n\n\n\n\nPhysical and emotional requirements for the job:\n\n\n* This position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations.\n\n\n


See more jobs at SemanticBits

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

HashiCorp


closed

Senior Golang Engineer Security


HashiCorp


golang

 

infosec

 

senior

 

engineer

 

golang

 

infosec

 

senior

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - About the RoleWe are looking for an experienced engineer to join the Vault team and focus on secure storing, sharing, creating, and handling of privileged systems management within Vault. You will help design, prototype, and implement core features while ensuring the...


See more jobs at HashiCorp

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
178ms