FeedbackIf you find a bug, or have feedback, put it here. Please no job applications in here, click Apply on the job instead.Thanks for the message! We will get back to you soon.

[Spam check] What is the name of Elon Musk's company going to Mars?

Send feedback
Open Startup
RSS
API
Health InsurancePost a job

find a remote job
work from anywhere

Get a  email of all new Remote 🔷 InfoSec Jobs

Subscribe
×

👉 Hiring for a Remote 🔷 InfoSec position?

Post a job
on the 🏆 #1 Remote Jobs board

Remote Health by SafetyWing


Global health insurance for freelancers & remote workers

Optiv

 This job is getting a pretty high amount of applications right now (11% of viewers clicked Apply)

cyber security

 

security

 

opsec

 

operational security


Optiv is hiring a Remote Consultant Attack & Penetration Threat Management

At Optiv, we’re on a mission to help our clients make their businesses more secure. We’re one of the fastest growing companies in a truly essential industry.\n\nIn your role at Optiv, you’ll be inspired by a team of the brightest business and technical minds in cybersecurity. We are passionate champions for our clients, and know from experience that the best solutions for our clients’ needs come from working hard together. As part of our team, your voice matters, and you will do important work that has impact, on people, businesses and nations. Our industry and our company move fast, and you can be sure that you will always have room to learn and grow. We’re proud of our team and the important work we do to build confidence for a more connected world.\n\nWho we are looking for:\n\nAn Attack & Penetration Consultant is a highly skilled penetration tester capable of performing complex assessments while maintaining a business focus and meeting client requirements. This position will work both independently and as part of a team to perform Security Assessments including vulnerability assessments, penetration tests, wireless security assessments, and social engineering. An Attack & Penetration Consultant also contributes to the development and continuous improvement of the Security Assessment practice through a various team and industry contributions.\n\nIf you are seeking a culture that supports growth, fosters success and moves the industry forward, find your place at Optiv! As a market-leading provider of cyber security solutions, Optiv has the most comprehensive ecosystem of security products and partners to deliver unparalleled services. Our rich and successful history with our clients is based on trust, serving more than 12,000 clients of varying sizes and industries, including commercial, government and education. We have the proven expertise to plan, build, and run successful security programs across Risk Management, Cyber Digital Transformation, Threat Management, Security Operations - Managed Services and Identity and Data Management.\n\nWith Optiv you can expect:\n\n• A company committed to championing Diversity, Equality and Inclusion through Affinity groups including but not limited to, Women's Network, Optiv Pride, Black Employee Network, and Veterans Support Network.\n• Work/life balance. We offer “Recharge” a flexible, time-off program that encourages eligible employees to take the time they need to recharge \n• Professional training resources, including tuition reimbursement\n• Creative problem-solving and the ability to tackle unique, complex projects\n• Volunteer Opportunities. “Optiv Chips In” encourages employees to volunteer and engage with their teams and communities. \n• The ability and technology necessary to productively work remote/from home (where applicable)\n\nOptiv is an equal opportunity employer. All qualified applicants for employment will be considered without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, status as an individual with a disability, veteran status, or any other basis protected by federal, state, or local law.


See more jobs at Optiv

Apply for this job

This month's Remote 🔷 InfoSec Jobs

Doyensec LLC



🇺🇸 US-only
 
💰 $90k - $140k

engineer


Doyensec LLC is hiring a Remote Application Security Engineer

At Doyensec, we believe that quality is the natural product of passion and care. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security.\n\nWe are a small highly focused team. We concentrate on application security and do fewer things better. We don’t care about your education, background and certifications. If you are really good and passionate at building and breaking complex software, you’re the right candidate.\n\nWe are looking for an experienced security engineer to join our consulting team. We perform gray-box security testing on complex web and mobile applications. We need someone who can hit the ground running. If you’re good at “crawling around in the ventilation ducts of the world’s most popular and important applications”, you probably have the right skillset for the job.\n\nWe offer a competitive salary in a supportive and dynamic environment that rewards hard work and talent. We are dedicated to providing research-driven application security and therefore invest 25% of your time exclusively to research where we build security testing tools, discover new attack techniques, and develop countermeasures.\n\n**Responsibilities:**\n\n* Security testing of web and mobile (iOS, Android) applications\n* Vulnerability research activities, coordinated and executed with Doyensec’s founders\n* Partner with customers to ensure the project’s objectives are achieved \n\n**Requirements:**\n\n* Ability to discover, document and fix security bugs\n* You’re passionate about understanding complex systems and can have fun while doing it\n* Eager to learn, adapt, and perfect your work\n \n\n#Salary and compensation\n$90,000 — $140,000/year\n\n\n#Location\n🇺🇸 US-only


See more jobs at Doyensec LLC

Previous Remote 🔷 InfoSec Jobs

Rumble


verified closed
🇺🇸 US-only
 
💰 $70k - $160k

software

 

golang

 

full stack

 

networking

This job post is closed and the position is probably filled. Please do not apply.
## Why Rumble? \n\nRumble brings together the best of IT, security and networking technology to deliver amazing network discovery and asset inventory capabilities for modern enterprises.\n\nAn accurate network inventory is a fundamental building block of all security programs, yet most inventory products do a poor job of network-based discovery because they only see it as a stepping stone to the “real” product features. Legacy products work by sending sensitive credentials to every asset on the network and fail to handle today’s hybrid environments. Without a solid inventory, most companies struggle with attack surface reduction, network management, and incident response. \n\nRumble Network Discovery is a product of Rumble, Inc. We are a fully virtual, high-growth startup based in the United States. Our founders each have over 20 years of experience growing companies in the information security industry, including Rapid7, Veracode, BreakingPoint Systems, and PGP. \n\nRumble has already proven its market fit. Rumble appeals to companies of all shapes and sizes; we have customers that range from museums to Fortune 500 technology companies. We serve the low-end of the market through eCommerce and the mid-market and enterprise segment through inside sales. \n\n## The Opportunity\n\nWe're building the engineering team to lead Rumble into the future. Our work is a mix of Go development, low-level protocol research, standard web technologies, PostgreSQL, and a mix of cloud technologies and integrations. Our platform is cloud-agnostic, can be self-hosted, and builds from a single repository. We ship daily and focus on incremental delivery with fast turnaround for customer requests and bug fixes. We bootstrapped to product market fit and recently raised a $5m venture capital round to accelerate our growth. The company was cash-flow positive in 2020.\n\nWe’re looking for senior engineers that are excited about research-driven product development and want to help build a company focused on happy customers and product-led growth.\n\nWe're a fully remote company but you need to be located in the US, with US citizenship or permanent residency for healthcare, payroll, and legal reasons.\n\n\n## Position Summary\n\nWe're searching for a senior front-end engineer to grow our team! You will contribute to all stages of development, deployment, support, operations, and product planning. This position reports directly to the CEO today and will split into functional teams once the team expands. This is a growth opportunity for future engineering leadership as well as long-term individual contributors. \n\n## What Success Looks Like\n\n* Contribute your skills and knowledge to building, supporting, and operating an amazing product experience for our customers.\n\n* Self-task and coordinate with the rest of the engineering team to move the product forward and solve customer challenges.\n\n* Work with customers to identify bugs, understand gaps in product functionality, and flag opportunities for improvement.\n\n* Work closely and communicate effectively with functional teams across the company to keep our customer experience aligned with product and sales operations.\n\n\n## To be successful in this role, you ideally have\n\n* A strong track record of building products that customers love. \n\n* 5+ years of experience in programming-heavy front-end engineering roles with a demonstrated ability to ship quality results, frequently.\n\n* Extensive experience with web development (HTML, CSS, plain JS) and a solid understanding of the HTTP protocol and the web browser security model.\n\n* Extensive experience with design tools, either as a designer yourself, or working with designers through platforms like Figma.\n\n* A solid understanding of standard development tools and processes, including Git and issue-management systems.\n\n\n## Rumble’s Benefits \n\nWe offer an extensive set of benefits including: \n\n* Competitive salaries and a stock option plan.\n\n* Top of the line medical, dental, vision, life and disability coverages with Rumble paying for 99% of the premium. \n\n* A flexible vacation policy.\n\n* 401(k) match program. \n\n## Applying\n\nTo apply for this role, please send your resume and information about the products you have worked on to [email protected] \n\n**We encourage under-represented applicants to apply, even if you don't think you fit 100% of the criteria (nobody ever does)!** \n\n#Salary and compensation\n$70,000 — $160,000/year\n\n\n#Location\n🇺🇸 US-only


See more jobs at Rumble

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
This job post is closed and the position is probably filled. Please do not apply.
WP White Security is a young development company that develops high-quality WordPress security and management plugins. Our plugins are installed on more than 150,000 websites and are used by world renowned businesses such as Disney, Amazon, and Intel!\n\nJoin our growing distributed team and develop plugins that help thousands of WordPress websites administrators from all-over the world! We are looking for a senior PHP / JavaScript / WordPress developer that can work during European time zone hours. If you love writing code, a good challenge, and are fond of the WordPress and open-source communities, we want to hear from you.\n\nEven though we have a very large customer base, we are still a small team. So there is a lot of room to grow within the company.\n\n## What will your job be?\n\nYou will work on the development of our WordPress plugins portfolio. Your tasks will span from designing new features (with the team), writing code and bug fixing, expecting that new and changed code is thoroughly tested and well documented. You will also help the other developers, conduct code reviews of their code, test their code, help our support team solve customer issues, and interact with the rest of the team for knowledge sharing and product work.\n\n## Who are we looking for?\n\n* Excellent verbal and written English\n* Organized, methodological and can work with very little or no supervision\n* 5+ years experience working as a PHP / WordPress plugin developer (mostly back end development)\n* Hands on experience with testing automation and writing testable code (unit testing) etc\n* Strong background in scalable database usage with MySQL\n* Good understanding of Linux, Apache, MySQL and PHP (LAMP) environments\n* Hard working and passionate – we are a young start-up\n* [BONUS] Good skills in react.js and jQuery\n* [BONUS] good understanding of both WordPress and application security\n\n## Benefits of working for us\n\n* Work from anywhere (during European time zone hours)\n* Job security and competitive salary\n* Work in a flat, small, and friendly organization\n* Paid educational materials (including but not limited to online courses and books)\n* Opportunities for paid travel to attend WordCamps\n* Long term engagement – we are looking for a committed candidate who within a few years can become a team lead and a source of knowledge\n\n**Compensation**\nThe salary for this position depends on your experience and technical skills. This is something we will discuss during the application process.


See more jobs at WP White Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Shopify


verified closed
🌏 Worldwide

devops

 

infrastructure

 

data

 

security

This job post is closed and the position is probably filled. Please do not apply.
Shopify’s platform is growing at an incredible rate, generating vast amounts of data. We leverage the cloud in order to move fast and produce great results. While we operate a comprehensive data stack, we’ve still got a lot of work to do, and that’s where you can lean in. We face many challenges head-on to ensure that our data moves seamlessly throughout our infrastructure in a safe and secure manner, while providing new insights and features. \n\nWe’re looking for engineers with a background in infrastructure, security and cloud technologies, DevOps, and an SRE mindset to collaborate on these challenges and deploy platform services at a very large scale. You’ll need a curiosity of how our systems work under the hood, and how we can leverage them to grow and protect the hundreds of thousands of entrepreneurs that use Shopify.\n\n**You'll be working on:**\n* Ensuring that our data platform stays online, secure, and performant\n* Creating and deploying infrastructure around specific security requirements\n* Developing configuration management and automation tools\n* Building out our monitoring and analytics tooling to get insights about our platform usage\n* Building a world-class data analytics platform to help both internal and external customers, focusing on making the lives of our hundreds of thousands of merchants better\n\n**You’ll need to have:**\n* A systems-level approach; you’ve worked across the entire stack, from the OS all the way up to the application layer\n* Cloud Platform experience (GCP/AWS/Azure)\n* Technical leadership experience mentoring other engineers\n* Comfort with multiple languages; you’re a low-level generalist who is comfortable with multiple languages such as Go, Python and languages which target the JVM like Java, Scala or Kotlin\n* A passion for troubleshooting and finding the solution for the long-term; you don’t accept the easy solution as the only solution, and will dig to ensure that we put the long-term benefit of our merchants and stakeholders first\n* Well-founded opinions about writing code and approaching problems; you’re comfortable with automated testing, code refactoring, and software engineering best practices\n* Excitement for working with a remote team; you value collaborating on problems, asking questions, delivering feedback, and supporting others in their goals whether they are in your vicinity or entire cities apart\n\n**It'd be nice if you have experience:**\n* Working with data at petabyte scale\n* Securing a data platform and integrating security best practices at all phases of the development lifecycle\n* Implementing privacy compliance in a data stack - for example, CCPA, GDPR\n* Working with a modern data stack, including Spark, Beam, Presto, Hive, Airflow, and other big data tools and frameworks\n* Developing and orchestrating large Docker deployments with Kubernetes\n\nAt Shopify, we are committed to building and fostering an environment where our employees feel included, valued, and heard. Our belief is that a strong commitment to diversity and inclusion enables us to truly make commerce better for everyone. We strongly encourage applications from Indigenous people, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities.\n\nShopify is now permanently remote and working towards a future that is digital by default. Learn more about what this can mean for you.\n\n#Location\n🌏 Worldwide


See more jobs at Shopify

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
This job post is closed and the position is probably filled. Please do not apply.
Aha! engineering is a mid-sized, fully remote team that is highly productive. We are centered around North American time zones so we can collaborate during the workday.\n\n**Our team**\n*  **We utilize [The Responsive Method](https://www.aha.io/company/the-responsive-method)**: The eight principles drive how we operate Aha! and serve customers and employees.\n*  **We move quickly**: We ship code multiple times a day. We believe in getting new features in front of customers and iteratively improving as we learn what works and what does not.\n*  **We collaborate:** We each bring unique experiences and skills to the table. Working together to share that knowledge benefits the entire team and helps us produce the best results for our customers.\n*  **We value product over process:** We want the team to have the time and focus to solve complex challenges. We aim to minimize the overhead introduced by heavyweight processes and excessive meetings.\n*  **We are happy:** it is important to us that you love your job and are happy at work. Learn more about our company [values](https://www.aha.io/company/culture). Check out our generous [benefits](https://www.aha.io/company/careers/benefits).\n\n**Our technology**\n\nOur sole product is the Aha! web application. It is a single-instance, multi-tenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), and memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.\n\nWe use React for rich client-side experiences on the front end. Some of the features we have built with React include:\n\n* Our fully collaborative [text editor](https://www.aha.io/blog/collaborative-writing): Supports multiple cursors and simultaneous editing by any number of users. We also published a [blog post](https://www.aha.io/engineering/articles/how-to-build-collaborative-text-editor-rails) explaining the underlying technology.\n* Our [presentation editor](https://www.aha.io/blog/product-roadmap-presentation-editor): Allows users to create presentations with slide themes, shapes, text, and embedded Aha! reports (which update live so the presentation is always current).\n* Our [Gantt chart](https://www.aha.io/blog/roadmap-gantt-chart): Supports scaling and scrolling to change the timeline, drag-and-drop, and quick actions to create records or sort the bars.\n* We embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new library or platform brings. We solve the problems in front of us, rather than prematurely optimizing to address issues that may never materialize.\n* We do most of our collaboration and planning in Aha! itself, which we find especially rewarding. We also utilize GitHub, Slack, and GoToMeeting for video calls.\n\n**Your experience**\nWe believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. You have strong problem-solving skills and experience working on important functionality for a cloud-based product. You are humble, eager to learn, and always willing to help others learn as well. You want to work with people who enjoy picking up a problem and solving it, regardless of the technologies and techniques involved.\n\nThe Aha! security team is part of the engineering team and is product focused. As a Senior Security Engineer, you can expect to spend the majority of your time working with Ruby on Rails and JavaScript code for security reviews, investigations, updates, and implementing security features.\n\n**Your work at Aha!**\nWe maintain security controls and perform security reviews on a broad range of features across the full stack. Your work will include:\n\n* Security code reviews that go above and beyond what can be found through scanning tools (which we use too!)\n* Cloud and network security reviews of Amazon Web Services infrastructure that is implemented via infrastructure as code\n* Monitoring third-party dependency vulnerability reports and applying fixes and mitigations\n* Sharing security findings and new developments internally for ongoing education\n* Participating in security monitoring, incident response, and investigations\n\nIf this sounds appealing, we would love to hear from you. A real human reviews every application. \n\n#Salary and compensation\n$110,000 — $160,000/year\n\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Aha!

 This job is getting a pretty high amount of applications right now (14% of viewers clicked Apply)

closed
North America

security

 

ruby on rails

 

code review

 
This job post is closed and the position is probably filled. Please do not apply.
Aha! engineering is a mid-sized, fully remote team. We are centered around North American time zones so we can collaborate during the workday.\n\n# Our core values\n# \n* [The Responsive Method](https://www.aha.io/company/the-responsive-method): These 8 principles drive how we operate Aha! and serve customers and employees.\n* Moving quickly: We ship code multiple times a day. We believe in getting new features in front of customers and iteratively improving as we learn what works and what does not.\n* Product over process: We want our engineers to have the time and focus to solve complex challenges. We aim to minimize the overhead introduced by heavyweight processes and excessive meetings.\n* Collaboration: We each bring unique experiences and skills to the table. Working together to share that knowledge benefits the entire team and helps us produce the best results for our customers.\n# Who we're looking for\n# \nWe believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. We look for strong problem-solving skills and experience working on important functionality for a cloud-based product. We need people who are humble, eager to learn, and always willing to help others learn as well. We want to work with people who enjoy picking up a problem and solving it, regardless of the technologies and techniques involved.\n\nThe Aha! security team is part of the engineering team and is product focused. As a Senior Security Engineer, you can expect to spend the majority of your time working with Ruby on Rails and JavaScript code for security reviews, investigations, updates, and implementing security features.\n\n# Our technology\n# \nOur sole product is the Aha! web application. It is a single-instance, multi-tenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), and memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.\n\nWe use React for rich client-side experiences on the front end. Some of the features we have built with React include:\n\n* Our fully [collaborative text editor](https://www.aha.io/blog/collaborative-writing): Supports multiple cursors and simultaneous editing by any number of users. We also published a blog post explaining the underlying technology.\n* Our [presentation editor](https://www.aha.io/blog/product-roadmap-presentation-editor): Allows users to create presentations with slide themes, shapes, text, and embedded Aha! reports (which update live so the presentation is always current).\n* Our [Gantt chart](https://www.aha.io/blog/roadmap-gantt-chart): Supports scaling and scrolling to change the timeline, drag-and-drop, and quick actions to create records or sort the bars.\n\nWe embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new library or platform brings. We solve the problems in front of us, rather than prematurely optimizing to address issues that may never materialize.\n\nWe do most of our collaboration and planning in Aha! itself, which we find especially rewarding. We also utilize GitHub, Slack, and GoToMeeting for video calls.\n\n# What you’ll be doing\n# \nWe maintain security controls and perform security reviews on a broad range of features across the full stack. Your work will include:\n\n* Security code reviews that go above and beyond what can be found through scanning tools (which we use too!)\n* Cloud and network security reviews of Amazon Web Services infrastructure that is implemented via infrastructure as code\n* Monitoring third-party dependency vulnerability reports and applying fixes and mitigations\n* Sharing security findings and new developments internally for ongoing education\n* Participating in security monitoring, incident response, and investigations\n\nIf this sounds appealing, we would love to hear from you. A real human reviews every application, so please use the form to help us learn more about you.\n\n#Location\nNorth America


See more jobs at Aha!

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Doximity


verified closed
North America

software engineer

 

security

 

health tech

 

hackerone

This job post is closed and the position is probably filled. Please do not apply.
Doximity is transforming the health care industry. Our mission is to help clinicians be more productive, informed, and connected. As a software engineer, you'll work within cross-functional delivery teams alongside other engineers, designers, and product managers in building software to help improve health care.  \n\nOur [team](https://www.doximity.com/about/company#theteam) brings a diverse set of technical and cultural backgrounds and we like to think pragmatically in choosing the tools most appropriate for the job at hand.\n\n**Here's How You Will Make an Impact**\n\n* Help maintain our private security bug bounty program hosted on [hackerone](https://www.hackerone.com/): this involves engaging security researchers, validating security finds, determining impact/risk, awarding bounties, and fixing or coordinating remediation efforts.\n* Help set good security posture; this includes finding bad security habits in applications and encapsulating good secure defaults into libraries/modules, creating training materials for application developers, etc.\n* Work side-by-side with the rest of the infrastructure, application, and data teams to empower all of engineering to move quickly while meeting security requirements.\n* Design and implement secure and easy-to-use tooling and abstractions for other teams to leverage.\n* Active involvement in the design, implementation, and maintenance of the development, staging, and production infrastructure.\n* Participate in an on-call rotation for the services owned by your team.\n* Help ensure the stability and uptime of services within the organization.\n* Create concise post-mortems in the event of an outage.\n* Write and maintain run-books for other engineers to leverage.\n* Ensure proper security, monitoring, alerting, and reporting.\n\n**What we’re looking for**\n\n* You’re a software engineer with more than 4 years of experience and a deep understanding of software engineering practices.\n* You either have experience with security or really want to dive in headfirst and learn.\n* You don’t shy away from:\n* Reading, reviewing, and implementing our implementation of the [oauth spec](https://tools.ietf.org/html/rfc6749).\n* Getting dirty with CORS, CSRF, XSS, etc\n* Our web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and a bit of Golang\n* You have experience working with Terraform and Chef (or similar tooling).\n* You are proficient with Linux/Unix, AWS, and Git.\n* You are able to maintain a minimum of 5 hours overlap with 9:30 to 5:30 PM Pacific time.\n* You can dedicate about two weeks per year for travel to company events.\n\n**Benefits & Perks**\n\n* Generous time off policy\n* Comprehensive benefits including medical, vision, dental, Life/ADD, 401k, flex spending accounts, commuter benefits, equipment budget, educational resources and conference access\n* Family support and planning benefits\n* Pre-IPO stock incentives\n* .. and much more! For a full list, see our [career page](https://work.doximity.com/)\n\n**About Doximity**\n\n* Here are [some of the ways we bring value to doctors](https://drive.google.com/file/d/1qimYh0mG3i1nTJe6jDCDepJt2i4o8MEB/view)\n* Our web applications are built primarily using Ruby, Rails, Javascript (Vue.js), and Golang\n* Our data engineering stack run on Python, MySQL, Spark, and Airflow\n* Our production application stack is hosted on AWS and we deploy to production on average 50 times per day\n* We have over 350 private repositories in Github containing our applications, forks of gems, our own internal gems, and [open-source projects](https://github.com/doximity)\n* We have worked as a distributed team for a long time; we're currently about [65% distributed](https://blog.brunomiranda.com/building-a-distributed-engineering-team-85d281b9b1c)\n* Find out more information on the [Doximity engineering blog](https://technology.doximity.com/)\n* Our company [core values](https://work.doximity.com/)\n* Our [recruiting process](https://technology.doximity.com/articles/engineering-recruitment-process-doximity)\n* Our [product development cycle](https://technology.doximity.com/articles/mofo-driven-product-development)\n* Our [on-boarding & mentorship process](https://technology.doximity.com/articles/software-engineering-on-boarding-at-doximity)\n\nWe’re thrilled to be named the Fastest Growing Company in the Bay Area, and one of Fast Company’s Most Innovative Companies. Joining Doximity means being part of an incredibly talented and humble team. We work on amazing products that over 70% of US doctors (and over one million healthcare professionals) use to make their busy lives a little easier. We’re driven by the goal of improving inefficiencies in our $3.5 trillion U.S. healthcare system and love creating technology that has a real, meaningful impact on people’s lives. To learn more about our team, culture, and users, check out our careers page, company blog, and engineering blog. We’re growing fast, and there’s plenty of opportunities for you to make an impact—join us!\n\n*Doximity is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.*\n\n#Location\nNorth America


See more jobs at Doximity

# How do you apply?\n\n This job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.

Atlassian

 This job is getting a pretty high amount of applications right now (11% of viewers clicked Apply)

closed

dev

 

senior

 

backend

This job post is closed and the position is probably filled. Please do not apply.
Atlassian is continuing to hire with all interviewing and on-boarding done virtually due to COVID-19. All new and existing Atlassians will continue to work from home until it’s safe to return to our offices. When our offices re-open, we will provide the choice to work from home or return to work in an office unless a job requirement makes it necessary for a particular role to be performed at an Atlassian office.\n\nAtlassian helps teams everywhere change the world through the power of software and we are looking for a well-rounded developer to join Atlassian's security development team. This team is responsible for building and operating mature software systems to improve the entire company's security posture. As an Engineer, you’ll be part of a team responsible for crafting, implementing, monitoring, scaling, and optimizing the code that powers platform services.\nIf you are a strong software developer interested in developing your info security expertise, this role is a rare opportunity to do just that!\n\nAtlassian is a company that lives and breathes our values, as we seek to unleash the potential of every team. We offer 40 hours per year of paid leave for doing non-profit work so that you can Be the Change You Seek in the world as well as at work, in addition to unlimited vacation time to help you Build with Heart and Balance. As part of the wider security organization, we will expect you to speak at conferences, make open source contributions, and lead cross-team initiatives all designed to drive security forward not only inside Atlassian but across the industry with uncomfortable openness.\n\n\nMore about our benefits\n\nWhether you work in an office or a distributed team, Atlassian is highly collaborative and yes, fun! To support you at work (and play) we offer some fantastic perks: ample time off to relax and recharge, flexible working options, five paid volunteer days a year for your favourite cause, an annual allowance to support your learning & growth, unique ShipIt days, a company paid trip after five years and lots more.\n\nMore about Atlassian\n\nCreating software that empowers everyone from small startups to the who’s who of tech is why we’re here. We build tools like Jira, Confluence, Bitbucket, and Trello to help teams across the world become more nimble, creative, and aligned—collaboration is the heart of every product we dream of at Atlassian. From Amsterdam and Austin, to Sydney and San Francisco, we’re looking for people who want to write the future and who believe that we can accomplish so much more together than apart. At Atlassian, we’re committed to an environment where everyone has the autonomy and freedom to thrive, as well as the support of like-minded colleagues who are motivated by a common goal to: Unleash the potential of every team.\n\nAdditional Information\n\nWe believe that the unique contributions of all Atlassians is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.\n\nAll your information will be kept confidential according to EEO guidelines.\n\nIf your experience looks a little different from what we’ve identified and you think you can rock the role, we’d love to learn more about you.\n\nLearn more about Atlassian’s culture, interviewing flow, and hiring process by checking out our Candidate Resource Hub.


See more jobs at Atlassian

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

PayPay Corporation


closed

product manager

 

engineer

 

exec

This job post is closed and the position is probably filled. Please do not apply.
\nPayPay is looking for a Product Security Engineer to work on our payment system to deliver the best payment experience for our customers.\n\n\n\n\n* Security architecture reviews of existing and upcoming projects.\n\n* Acting as both a builder and a breaker by creating tools to help engineers write more secure code and performing penetration tests of public and internal applications.\n\n* Working in a fast paced environment where projects and prioritization may change frequently, security will always remain.\n\n* Participate in setting up a Bug Bounty program, writing proof of concepts, assessing risk, communication with external reporters.\n\n* Implementing and maintaining technologies for security, such as vulnerability testing, logging, monitoring and incident responses.\n\n\n\n\nTech Stack We select the best combination of tech at times. \n| Python, Golang\n| MySQL/AuoraDB, DynamoDB, ELK, Kafka, Redis, TiDB\n| AWS, GCP, TCP Networking, SSL/TLS, Key Management Systems, Certificate Authorities\n|Snyk, SonarQube, Dome9\n|PlantUML, miro.com\n|Slack, Zoom\n\nQualifications\n\n\n* 3+ years of experience as a Security Engineer.\n\n* Experience with Linux internals and hardening\n\n* Must have experience in programming languages and frameworks such as Python and Bash\n\n* Comfortable with identifying and advising on remediation for Application Security vulnerabilities\n\n* Up to date with the latest developments in security\n\n* Development of Proof of Concept exploits\n\n\n\n\nPreferred Qualifications\n\n\n* CVE Contributions\n\n* Open Source tools contributions\n\n* Published papers / blogs / articles\n\n\n\n\nHiring Process\n\n* Application Review (1-2 weeks)\n\n\n\n* HR and Team will review your resume\n\n\n\n* Code challenge (online)\n\n\n\n* Coding Test will be sent via Hirevue system\n\n* It takes 3-4 hours (max) to complete\n\n* If you need to extend the due date, please contact HR\n\n\n\n* Interviews (online)\n\n\n\n* 2-3 rounds of online interview(s)\n\n* Live Coding could be requested\n\n* Please make sure the reason you applied to PayPay (Why Fintech? Why Startup? Why PayPay?)\n\n\n\n* Job Offer\n\n\n\n*Relocation to Japan\n\n\n* Due to the current COVID-19 situation, we cannot sponsor working VISA to Japan. However as a temporary solution, you may be able to start working with us as an individual contractor. Please discuss with your recruiter about this opportunity.\n\n* Once the COVID-19's over, we will ask all employees in overseas to relocate to Japan. We will fully support your relocation.\n\n\n\n\nOther Information\n\n[Corporate Blog] https://about.paypay.ne.jp/corporate-blog\n\n[Product Blog] https://blog.paypay.ne.jp\n\n[LinkedIn] https://www.linkedin.com/company/paypay-corp/


See more jobs at PayPay Corporation

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Sublime Security


closed

golang

 

dev

 

senior

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - ** Why Sublime **Nation states, criminal organizations, and lone wolves are attempting to phish businesses and consumers 24/7/365. When they succeed it can be extraordinarily destructive, costing a single business $100M (1), disrupting coronavirus research (2), and even impacti...


See more jobs at Sublime Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Sublime Security


closed

golang

 

dev

 

engineer

 
This job post is closed and the position is probably filled. Please do not apply.
San Francisco, United States - ** Why Sublime **Nation states, criminal organizations, and lone wolves are attempting to phish businesses and consumers 24/7/365. When they succeed it can be extraordinarily destructive, costing a single business $100M (1), disrupting coronavirus research (2), and even impacti...


See more jobs at Sublime Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

1Password


closed

devops

 

engineer

 

devops

This job post is closed and the position is probably filled. Please do not apply.
Over 80,000 businesses and millions of people use 1Password to protect their most important information. We’re a kind, curious, and customer-focused team on a mission to build the world's most-loved password manager and give people more control over their data.\n\nAt 1Password, customer privacy and security come first and foremost; this commitment informs everything we do, and the Security Team is responsible for upholding this commitment. We are a passionate team that really cares about protecting our customers, and we’re looking for new team members that share this passion. \n\nAs a DevOps Security Engineer, you’ll be working as part of the Security Engineering team, helping us continue to raise the bar for security in our DevOps environment. This includes enhancing the security of our existing platform and assisting with the design and build of new platforms.\n\nWhen we say bring your whole self to work, we mean it. You'll join a diverse and inclusive community, built on trust, support and respect. Be yourself, find your people and share the things you love. As we continue to build our global team, we welcome all individuals and do not discriminate on the basis of gender identity, race, ethnicity, disability, sexual orientation, education, languages spoken, and veteran's status. \n


See more jobs at 1Password

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

By - Access Control Systems


closed

architecture

 

dev

 

c

This job post is closed and the position is probably filled. Please do not apply.
\nAre you passionate about working on singular and high-tech projects? Are you passionate about designing and shaping a product on an end-to-end basis? Are you excited to push the state-of-the-art on security software?\n\nThis is a unique opportunity to work with true innovation.\n\nBY Techdesign provides the most powerful and intuitive Access Control Systems, where hardware and software merge seamlessly in a unique solution that guarantees security of some of the most demanding enterprises. From banks to large corporate buildings, we have mastered the art of security.\n\nWith +40 years expertise, we are proud of our R+D team, we are committed to innovation and we can say out loud that we invest 20% of our anual sales on R+D. You will work with an innovative team drive by curiosity, ambition, continuous evolution and an urge for excellence. Facing an evolving market and many fascinating challenges in technology, we need your expertise to help us get to the next level. \n\nCome join us in our mission of developing a smarter and safer world and creating software and security systems that make a difference!\n\nWhat We Offer\n\n\n* Passionate and supportive working culture\n\n* Emphasis on professional and personal growth\n\n* Flat hierarchies\n\n* High profile team that is driven by the pursuit of excellent results\n\n* Part of By Techdesign, a company with a strong focus on innovation and R+D, where you will be constantly learning and constantly getting to work on new projects.\n\n* Attractive compensation for high qualified profiles\n\n* Employees are expected to be onsite, however, flexible working arrangements may be available\n\n\n\n\nWho We Are\n\nWe are a Spanish technology company, with 40 years’ experience designing, developing and manufacturing Access Control and Video-intercom systems and high-end security solutions. Leading brands and enterprises in every single market vertical use our unique systems to ensure the protection of their people and most valuable assets.\n\nIn our Madrid based R+D centre we develop software technology for all our solutions, from embedded software that runs inside readers or controllers to whole software web applications and APPs that manage high-demanding security sites.\n\nOur development language is C++. We are looking for people that are willing to design systems architecture for Linux, Windows and Mobile platforms, including specifications, development, testing and technical documentation.\n\nWhat we value the most:\n\n\n* Strong C++ skills (C++11, C++14, C++17)\n\n* More than 5 years of experience as Software Architect, designing end-to-end products\n\n* Experience in the security field or related fields will be extra valued\n\n* Object Oriented and Component Oriented Methodologies\n\n* Strong knowledge of development with unitary tests.\n\n* Expert level in TCP/IP stack (LAN and WAN environments)\n\n* Relational databases (MariaDB, MySQL, SQLite, SQL Server, Oracle, etc.) and non-relational databases (MongoDB, Cassandra, CouchDB, etc.) and ORM’s (QxOrm, Debea, EntityFramework, nHibernate, OrmLite, etc.) and replication.\n\n* Desing of Client / Server systems with REST and SOAP interfaceand web client-\n\n* Test-Driven Methodologies (TDD)\n\n* Design patterns and dependencies injection, abstraction and components reusing.\n\n* Framework Qt 5.3 or higher and Protocol Buffers.\n\n* High Quality Code development (memory leaks, performance, fault tolerant, etc.)\n\n* Project management (software projects) using Agile methodologies (SCRUM / Kanban)\n\n\n\n\nWe love people with…\n\n\n* Active ambition to become a technology leader\n\n* Eagerness to continuously grow and self-motivated\n\n* Analytical skills and self-organized\n\n* Energetic and willing to work in a team-oriented company\n\n* Top performer and proactive\n\n* Fluent in Spanish\n\n\n


See more jobs at By - Access Control Systems

# How do you apply?\n\n This job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.

Hopper

 This job is getting a pretty high amount of applications right now (14% of viewers clicked Apply)

closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
ABOUT HOPPER\n\nAt Hopper, we’re on a mission to build the most customer-centric travel company on earth. We are leveraging the power that comes from combining massive amounts of data and machine learning to build the world’s fastest-growing mobile first travel marketplace -- one that enables our customers to save money and travel better.\n\nHopper’s goal is to reduce traveler anxiety throughout all stages of the trip buying and taking process. By creating a transparent travel marketplace and unique, data-driven financial technology products focused on providing peace-of-mind, Hopper adds value along each step of the customer’s journey.\n\nHopper has launched several bespoke fintech products that leverage our immense first and third-party data to create products and value that do not exist elsewhere - including Refundable and Flexible Tickets and Price Freeze. Thanks to these offerings, Hopper’s revenue growth is up 112% despite the travel slowdown due to COVID-19.\n\nWith over $250M CAD in funding from leading investors in both Canada and the US, Hopper is primed to continue its acceleration to becoming the world’s fastest-growing end-to-end customer-centric travel offering.\n\nRecognized as one of the world’s most innovative companies by Fast Company three years in a row, Hopper has been downloaded over 50 million times and sees over 1 million new installs per month. The app has received high praise in the form of mobile accolades such as the Webby Award for Best Travel App of 2019. \n\nCome take off with us!\n\nTHE ROLE\n\nAs a Security Engineer, you will be a core member of Hopper's Information Security Team within Hopper's B2B partnerships group. This role represents a key position responsible for the continuous safeguarding of Hopper's data, assuring the trust of our customers and partners, and executing on the organization’s Information Security strategy.\n\nBENEFITS\n\n• Well-funded and proven startup with large ambitions, competitive salary and stock options\n• Dynamic and entrepreneurial team where pushing limits is everyday business\n• 100% employer paid medical, dental, vision, disability and life insurance plans\n• Access to a 401k (US) or Retirement Savings Plan (Canada)


See more jobs at Hopper

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Seamless.AI


closed

cloud

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
The Opportunity\nThe Cloud Security Engineer will be responsible for a variety of tasks. The candidate must be able to work in a fast-paced environment, manage and execute upon security requirements for the company, and oversee agendas and budgets for projects. It is crucial this candidate is amplifying their individual contribution, their professional growth and their capability to work effectively with team members as well supporting the growth of any direct reports.\n\nAbout Seamless\nSeamless delivers the world’s best sales leads. Through our product, we help sales teams maximize revenue, increase sales, and easily acquire their total addressable market using artificial intelligence; by development of a robust real-time contact and company search engine as well as a suite of technically-advanced tools to support sales and lead generation. We have been recognized as one of Ohio’s fastest growing companies and has been awarded recently for Best Technology Company of the year in 2019 by NJTC, Best Place to Work in 2020, Top 50 Ohio-Based Startups by VentureOhio and Ranked in LinkedIn’s Top 50 Startups of 2020! \n\nThe Seamless Family\nWe have an amazing culture and work environment that anyone would want to be a part of. We encourage a culture of positivity. We thrive off of continuous feedback and do whatever it takes to help our team and customers be successful. You will grow as an individual, professionally, and be able to see and feel the impact you are making to the growth of Seamless every day.\n\n\nDisclaimer: This is a full-time remote position. We are headquartered out of Columbus, OH but currently open to remote or local candidates. We are open to assisting with relocation in the right circumstance. Visa Sponsorship is not included in our hiring package. Applicants will need to be authorized to work in the U.S.\n\nWe are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.\n\nNo Recruiters. This is an internal position our internal team is hiring for.


See more jobs at Seamless.AI

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

NowPow


closed

devops

 

engineer

 

devops

This job post is closed and the position is probably filled. Please do not apply.
\nNowPow, whose name is a play on knowledge is power, is a women-owned and led technology business based on Chicago's south side. NowPow's multi-sided platform is a personalized community referral management solution that enables care professionals - social workers, physicians, justice workers - to manage and close the loop on health and social service referrals and also directly supports patients, members, and clients in their own self care. NowPow helps people get the care they need, whether they are managing chronic health and social conditions or just staying well.\nThe Role:\nAs a Security and DevOps Engineer at NowPow, you will be responsible for NowPow's Azure environment and costs, NowPow's HIPAA compliant security program, and managing our build, automation, and test pipelines.\nYou will build tools to optimize and manage our Azure cloud environment. You will own NowPow's security program and document, certify, and explain the program to our customers while managing its activities (including automated scanning, penetration tests, and certification processes). You will own and manage our platform automation, including deployment/CI pipelines and build/test automation processes.\nAs a growing startup, you will need to own all things Azure for our teams and help us to identify missing skills and new processes as our systems grow. You will be responsible for our platform's security, monitoring, and costs.\nAn ideal candidate will have 2+ years of experience using Microsoft Azure as a hosting platform and expertise in using cloud infrastructure frameworks is required.\nWhat you'll do:\nMonitor and manage the NowPow Platform's Hosting Environment:\n* Monitor activity within the NowPow's Azure cloud environment\n* Optimize and monitor our costs and plan and implement cost saving initiatives with engineering leadership\n* Manage NowPow's system monitoring solutions and help us go from 99% uptime to five-nines (99.999% uptime)\n* Monitor and automate platform scaling to improve performance and optimize costs\n* Inventory and manage all cloud resources and archive and delete as needed\n* Evaluate advancements in cloud technologies and share with our teams\n\n\nRun the NowPow Platform Security Program:\n* Partner with our operations team on HIPAA security and privacy monitoring activities\n* Manage NowPow's recurring security activities (including automated scans and tests, penetration testing, etc.…)\n* Work with our Sales team on customer security review processes and RFP/RFI questions around security\n* Own and document overall platform security and review with customer IT teams as needed\n* Evaluate security compliance programs (such as HITRUST, SOC2, etc…) and work across departments to implement and manage\n\n\nSupport our Engineering, QA, Analytics, and Product Support teams:\n* Partner with the Architecture and R+D team to test new Azure features and build new solutions as needed\n* Automate more of the customer provisioning process with our Product Support team\n* Work with our QA team to update our automated testing pipelines and strategy\n* Coordinate with engineering to improve our CI build and test pipelines\n\n\nWhat will make you successful:\n* BS or MS in computer science, or equivalent.\n* 2+ years of DevOps experience with the Azure cloud infrastructure with extensive cloud infrastructure framework experience required\n* CI/CD experience with TeamCity, Jenkins, TFS, or other CI frameworks\n* Experience with deployment automation tools (like Octopus or Azure DevOps) is preferred\n* Scripting and environment automation experience required\n* Experience working with security compliance programs such as HITRUST, SOC2, ISO 27001, FedRAMP and PCI is preferred\n* Excellent verbal and written communication skills.\n* Comfortable adopting to new technologies quickly\n\n\nWhy NowPow?\nWe work at NowPow because we care! NowPowers are passionate about our mission and are excited about the opportunities and challenges we face. At NowPow, we cultivate a culture of collaboration and respect, where everyone is a valued team member.\nOur people and our culture are important to us and make working at NowPow special. We invest in the self-care of our team and provide competitive benefits to support this. We celebrate our successes every week with a company wide happy hour on Fridays and recognize those who went above and beyond in their work. Outside of work, we have fun through company events such as laser tag, ice skating and heading to the ballpark for beautiful weather and a baseball game!\nWe are looking for highly motivated and hard-working individuals to join our team and help us connect health care to self-care. Apply now to join our growing team!\nEqual Employment Opportunity\nNowPow is an Equal Opportunity Employer. NowPow evaluates applicants for employment on the basis of qualifications, merit, and work-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity or expression, age, disability, marital status, citizenship, national origin, genetic information, or any other characteristic protected by applicable federal, state or local laws. Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, associate activities and general treatment during employment.


See more jobs at NowPow

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

DOCOMO Digital


closed

cloud

 

exec

 

senior

This job post is closed and the position is probably filled. Please do not apply.
\nIf you’re an English speaking champion of all things Security both on prem and on Cloud then we would love to hear from you!\n\nDocomo Digital are looking for Security expert to bolster our defences, lead our security delivery and guide the team as we transition to pure Cloud infra.\n\nSo what’s the role?\n\n\n* Managing a team of highly skilled engineers with masterful skills with on prem\n\n* Configuring, supporting and evaluating security tools to defend DD data and infra\n\n* Using cutting edge technology to review architectural designs, evaluating compliance and robustness\n\n* Designing solutions, configuring or support Firewalls, Content Engines, Intruder Detection or Prevention System\n\n* Conducting security audits and providing recommendations to mitigate risks\n\n* Configuring, supporting of Infrastructure access control\n\n* Configuring and supporting anti-virus infrastructural software\n\n* Scripting and automation of network and security appliances provisioning\n\n* To maintain current knowledge on all new technology innovations on AWS/Azure and other cloud platforms, validate and share practical applications with the technology community.\n\n\n\n\nThe things you need…\n\n\n* Strong AWS /Azure infrastructure skills (Hybrid layout)\n\n* Strong networking skills\n\n* Extensive Python and Shell\n\n* Strong load balancing skills (F5 and ELB) and WAF (ASM on F5)\n\n* Strong scripting skills for F5 (irules)\n\n* Expert in firewalling (Fortigate in AWS/Azure, VPN Site to Site, ACLs, NAT, routing)\n\n* Hands-on cloud operational experience\n\n* Solid understanding of working in a zero-downtime environment\n\n\n


See more jobs at DOCOMO Digital

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Parity Technologies


closed

ops

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
\n\n* Design and implement secure cloud and on-premise infrastructure to validate on substrate based networks.\n\n* Work within systems that secure millions of dollars of cryptocurrency from motivated attackers.\n\n* Instrument high-signal alerts from production infrastructure events to provide early indicators of network attacks and compromises. Create playbooks of what to do in the case of such events. \n\n* Model and evaluate risks of slashing for validator nodes from an operational perspective and prioritize security efforts based on these risk assessments. \n\n* Monitor for unsafe and uncertain conditions and design fallback systems to support the stability of the network.\n\n* Work with infrastructure and core runtime engineers to design and implement hardened, layered systems.\n\n* Work with security engineers around securing digital assets in a production environment\n\n* Respond to security alerts and triage incident response management.\n\n* Work with core developer teams on security-critical projects, reviewing architecture designs and automating critical infrastructure tasks\n\n* Refine alerting rules to improve signal/noise ratio of operational health and security\n\n* Participate in an on-call rotation with colleagues in multiple time zones\n\n\n\n\n\nTo see how we use your data please see our Applicant Notice


See more jobs at Parity Technologies

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

GRIMM


closed

exec

 

sys admin

 

analyst

This job post is closed and the position is probably filled. Please do not apply.
Thank you for considering GRIMM...\n\nChallenge Development Lead\nThe GRIMM AppSec team works with clients to assess and improve the security posture of applications and systems in partnership with client architects, developers, operators, and leadership. This includes formalized threat modeling, architecture review, source review, and where appropriate binary reverse engineering. Our goal is not to provide a compliance check box, but to actively work with our clients to improve their security, now and in the future. \n\nGRIMM is seeking a senior engineer to lead and support security assessment engagements. This is a customer-facing position; qualified applicants will need to be comfortable engaging with clients on their own to gather and refine requirements, discuss findings, present progress, and also to help establish and expand business relationships with our customers. \n\nAll members of our team are constantly learning about new topics and applying that knowledge to challenging problems.  We all share information and help guide each other as a team, and everyone has opportunity to work independently and direct their own activities.\n\nEducation and Certification\nA degree or comparable work experience is required in the fields of Computer Science, Computer Engineering, or a related discipline.  Degreed or certified candidates will not receive preferential consideration.  If a specific certification is required by a client GRIMM will cover certification costs.\n \nLocation\nThe AppSec team is 100% remote.  Some future (post-pandemic) projects may require travel to customer sites.  Travel will be less than 25%, though opportunities for additional travel may be available if desired.\n\nCompany Description\nGRIMM researches and develops the art of the possible in business modernization and computing technologies through cybersecurity, sensors, tools, analytics, frameworks, modeling and simulation, automated testing, cyber range Installation, Operations, and Maintenance (IOM), consulting, and intelligence. Our practices build on extensive experience in cyber mission support for national defense, and commercial service improvement and consulting. Our engineers and subject matter experts (SMEs) learned their trade from real-world engagements, not just textbooks. \n \nPosition Requirements:\nThe ideal candidate will have at least 5 years of experience in application security. They will need to be able to manage and lead all technical aspects of a client engagement.  A senior engineer must be able to oversee and mentor junior and mid level engineers.  \n\nThey must have a strong technical background in at least 3 of the following fields:\n* Threat Modeling\n* Source code analysis\n* Infrastructure security\n* Security design reviews\n* Web application security\n* Mobile application security\n* Cloud architecture security\n\nDesired Qualities:\nAdditional technical areas of expertise are desired as well such as:\n* Vulnerability analysis\n* Exploit development\n* Capture The Flag development\n* In-depth knowledge of an operating system\n\nOther desired traits include:\n* US Resident\n* Desire and aptitude for public speaking\n* Willingness to go to conferences and represent the company (speaking, running contests/exhibits, etc.)\n \nPerks:\nAbility to work from home, with some travel\nWork with a team of skilled people who think hacking is fun\nTake on a variety of high caliber technical challenges\nStrong benefits package\nMedical/dental/vision insurance premiums paid 100% by the company\n5% company match for 401K plan, no vesting period\n10 paid holidays and flexible vacation policy\n \nGRIMM promotes a Drug-Free Workplace, is an Equal Opportunity Employer (EOE) and an Affirmative Action Employer.\n\nGRIMM researches and develops the art of the possible in business modernization and computing technologies through cybersecurity, sensors, tools, analytics, frameworks, modeling and simulation, automated testing, cyber range Installation, Operations and Maintenance (IOM), consulting, and intelligence. Our practices build on extensive experience in cyber mission support for national defense, and commercial service improvement and consulting. Our engineers and subject matter experts (SMEs) learned their trade from real-world engagements, not just textbooks. \n\nWe promote a Drug-Free Workplace, are an Equal Opportunity Employer (EOE) and Affirmative Action Employer.


See more jobs at GRIMM

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

TigerConnect


closed

devops

 

engineer

 

devops

This job post is closed and the position is probably filled. Please do not apply.
\nLOCATION:       Santa Monica, CA\nTITLE:                DevOps Security Engineer\nREPORTS TO:   VP, DevSecOps\n\nAs an integral part of the operations team, the DevOps Security Engineer is passionate about security and wants to have a meaningful impact within the Healthcare space.  This individual will be part of a team charged with making sure TigerConnect is secure and stays at the top level of security and reliability in the industry. Join us and help manage/secure our AWS hosted infrastructure. Responsibilities will include hands-on security management, monitoring, discovery, and remediation of all security related issues while working cross functionally with other departments on company-wide initiatives and compliance.  \n\nThe DevOps Security Engineer will have at least 5+ years of commercial experience as a Security Engineer (including at least 3 years of current commercial experience as a DevOps Engineer) with specific focus on public cloud infrastructure, multi-tenant enterprise software security, compliance programs (HIPAA/HiTrust/FedRamp), and supporting production 24x7 highly available infrastructure with a DevOps mindset.   \n\nThe ideal candidate's background will include a strong emphasis on information security, infrastructure as code/automation, public cloud infrastructure, compliance, secure software development, and other security best practices.   \n\nWhat You'll Own:\n\n\n* Contribute to the design and integration of cyber security toolsets to enable more automated discovery, remediation, and alerting of system vulnerabilities.\n\n* Architect and integrate security tools into the CI/CD pipeline.\n\n* Architect, manage, and remediate findings from security tools, pen test reports, and compliance requirements.\n\n* Manage and maintain compliance and certifications (existing and new).\n\n* Help select and manage relationships with security vendors and partners.\n\n* Analyze and respond to production security notifications in a timely manner.\n\n* Foster DevSecOps culture and advocate for a security-first mindset amongst Security, QA, Development, and DevOps teams.\n\n* Deploying web and service-based applications in multiple instances of our PaaS.\n\n* Continually research, evaluate, and apply emerging technologies to improve security and the products.\n\n* Provide technical oversight to the development process including reviewing the technical design and the deployment architecture.\n\n* Work cross functionally with all departments to assist with security related issues as it relates to engineering, client care, and sales teams.\n\n* Willingness to take ownership, troubleshoot hands-on, and be on-call for security issues in a 24/7 environment.\n\n\n\n\nWhat You've Accomplished:\n\n\n* Experience in monitoring and responding to security events\n\n* Proven track record of creating secure cloud architectures for mission critical Internet-facing applications.\n\n* Expertise implementing and maintaining compliance (HIPAA, HI-TRUST, FEDRAMP)\n\n* Experience with build-time dependency management, unit testing and code-coverage tools, test automation techniques and tools.\n\n* Experience and understanding of microservices architecture, design patterns, and secure software development methodologies.\n\n* Experience building and managing infrastructure-as-code including automation/scripting tools and languages.  \n\n* Experience in DevOps culture and the ability to teach and profess is highly desired.\n\n* Ability to communicate security and risk-related concepts to technical and nontechnical audiences at both the executive and working level.\n\n\n\n\nWhat You Bring to the Table:\n\n\n* Background in monitoring and securing cloud environments\n\n* Linux and configuration management tools (Chef and Terraform)\n\n* Strong public cloud experience (AWS)\n\n* Security certifications are a plus (CCSP, CISSP, AWS Security)\n\n* Security policy development, implementation and enforcement.\n\n* Integrating security into a CI/CD pipeline\n\n* SSL certificate and key management policies\n\n* Scripting in either Python, Ruby, or Bash.\n\n\n


See more jobs at TigerConnect

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Contrast Security


closed

full stack

 

dev

 
This job post is closed and the position is probably filled. Please do not apply.
\nContrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyber attacks. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate analysis and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has intelligent agents that work actively inside applications to prevent data breaches, defeat hackers and secure the entire enterprise from development, to operations, to production.\n\nAbout the Position\n\nContrast is looking for an architect enthusiastic and proficient in front-end technologies such as ReactJS and AngularJS and server-side API development written in Java/Spring interested in pursuing a life changing experience in the field of application security and continuous delivery. We are an exciting, young team that is growing leaps and bounds each month. This person should take a wholistic view of our application architecture with sincere attention to quality, performance, scalability, security and maintainability.\n\nThis team is tasked with the unique opportunity to advance our runtime and pre-compile code analysis capabilities. This includes providing enhanced techniques to improve the accuracy, findings and reporting of code analysis. It will also include driving and leading the next generation of product and offerings to make the Contrast platform the choice for code analysis tools among developers and security professionals.\n\nIdeal candidates have a background building highly scalable and responsive Single Page Applications (SPAs) using ReactJS, CSS/Bootstrap, visualization libraries such as D3, HighCharts or AMCharts, as well as other SVG based visualization plugins. We write a lot of GraphQL to interact with our REST layer to improve performance and data interaction.\n\nOur engineering team has a strong spirit of entrepreneurship. Every member of the team has joined us over our 6 year history because he/she wants to be part of a high-performing team and go through the startup experience. We look for candidates that share similar goals and beliefs about the work and the team they want to be a part of.\n\nResponsibilities\n\n\n* Collaborate with UX, Product and Engineering to architect elegant APIs, Data Models and Re-usable JS functions\n\n* Provide overarching design of testability and acceptance.\n\n* Define and direct team in the area of Performance, Scalability and Security.\n\n* Build and maintain highly scalable server-side UI processes for the purpose of data collection, manipulation, data pruning, trending and analytics\n\n* Build web-based interfaces and applications and contribute to our platforms, style guide, APIs and libraries.\n\n* Design and development of a rich user interface for mission critical high-availability analytics application using front end technologies like TypeScript, Javascript, ES6, HTML, CSS, SASS, and D3.\n\n* Experience with at least one of the following frameworks: AngularJS, ReactJS, Ember.js\n\n* Execute performance analysis and optimization of page render, data transfers and page load optimizations.\n\n* Proficient designing highly tuned and efficient automated build pipelines.\n\n* Participate in constant collaboration with teammates in the form of pair programming, group code reviews and pull requests prior to commit.\n\n* Work with design and product teams to build amazing, jaw-dropping features.\n\n* Give back to the Open Source Community whenever humanly possibly.\n\n* Deploys: our engineers deploy multiple times a day to our AWS infrastructure.\n\n* Technical support: Our engineers don't just release code in the wild. When our customer have issues, we have to jump in and give them help.\n\n\n\n\nAbout You\n\n\n* Experience architecting modern, scalable and high-performing full-stack web applications\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You have experience working in Java/Spring to design and implement robust and scalable APIs.\n\n* Stellar visual skills and attention to detail.\n\n* You have extensive HTML5, CSS3 (Less), and JavaScript Framework (ReactJS) experience.\n\n* Experience with TypeScript and GraphQL.\n\n* Data management experience with MySQL and ElasticSearch\n\n* Have an eye for quality and have an interest in using tools/frameworks like Enzyme, Prettier, ReactTestRenderer, Jest, JUnit, StoryBook, etc...\n\n* AWS Services: S3, EC2, CloudFront, Lambda.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n* Your code is clean, your designs are elegant and you are constantly refactoring.\n\n* Multiple years experience working in Enterprise or Commercial Software development.\n\n* Own your work. Whether a nasty bug or an awesome feature, you put your name on every line of code.\n\n\n\n\nWhat We Offer\n\n\n* Competitive compensation package (salary + equity)\n\n* A fun and dynamic environment where you work with other like minded people on products which make a real difference to the security of our customers\n\n* In-office lunches\n\n* Medical, dental and vision benefits\n\n* Flexible paid time off\n\n* 401K\n\n\n\n\nIf you're amazing but missing some of these, we'd love for you to apply anyway. Please include a link to your Github or BitBucket account, as well as any links to some of your projects if available. Email: [email protected] We are changing the world of software security. Do it with us.   We believe in what we do and are passionate about helping our customers secure their business. We work hard, and we have fun doing it. Solve the impossible. Easy = boring. If you’re looking for a fun work environment and like a challenge, you’ll love Contrast Security.


See more jobs at Contrast Security

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Platform.sh


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nTo reinforce our commitment to customers’ privacy and security, for its PaaS solution, Platform.sh is looking for a Security Engineer with a taste for Python and Go, excellent Linux system understanding, outstanding written English skills, experience working on PCI and/or SOC 2 compliance, and a real hunger for the challenges of building compliant distributed systems. If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.\n\nWe are targeting engineers that like writing documentation and can function in a high performing, multithreaded, 100% cloud-based, remote environment.\n\nSecurity, privacy, and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red-tape and constraints to a well-oiled machine where everything is automated and where every constraint becomes a feature making the product better.\n\nThis role reports to our Security Operations Manager, and works in close interaction with our CTO, VP of Infrastructure, VP of Engineering, our Data Protection Officer, and our Customer Support teams.\n\nIn a given day you might:\n\n\n* Act as a technical liaison between the Security department and our product, engineering, support, and operations staff.\n\n* Create documentation and processes in English to help satisfy compliance requirements and/or internal process questions.\n\n* Evaluate, deploy, and create systems and tools that will enhance our efficiency.\n\n* Support our data protection officer and compliance team with information requests, pen-testing coordinations, internal and external vulnerability scanning, disaster recovery, and related activities.\n\n* Execute our security incident management process.\n\n* Ensure all systems and services in our environment are securely designed, configured, managed, and monitored.\n\n* Work with external auditors to answer questions on PCI and SOC 2.\n\n* Participate in an on-call rotation, the majority of which is during normal working hours.\n\n\n\n\nQualifications\n\nMinimum Qualifications:\n\n\n* Experience with Linux (preferably Debian-based)\n\n* Markdown\n\n* Experience implementing PCI, SOC 2, or related\n\n* Operate largely independently (go take that hill) with management support\n\n* Able to juggle several requests at the same time\n\n* Experience securing cloud services (AWS in particular)\n\n* Sysadmin experience\n\n* Experience with git-based workflows\n\n* Proficient in Python or Golang\n\n* Experience with containerization technologies (LXC/LXD, Docker)\n\n* Working knowledge of\n\n\n\n* Patch and Vulnerability Management process\n\n* Principle of Least Privilege\n\n* Incident response\n\n* Identity and Access Management\n\n* IPTABLES\n\n* Encryption: TLS, SSH, Disk, etc.\n\n* Ticketed change control\n\n* Snapshot-based backups\n\n\n\n* CISSP, CISM, Security+, GCED, GICSP, GCIH, SSCP, or CASP+ Certification or similar\n\n* Excellent written English skills\n\n\n\n\nPreferred Qualifications:\n\n\n* AWS, Google, and/or Azure certifications\n\n* Experience with performing vendor security reviews\n\n* Experience with Puppet\n\n* Knowledge of Magento Ecommerce, Symfony, Drupal, eZ Platform, or Typo3\n\n* Relational database skills\n\n* Public speaking experience\n\n* Ability to speak French or German\n\n* Ability to kick ass in Chess or beat Zork without using a map\n\n* Can bravely take on new challenges like a Gryffindor, analyze problems like Ravenclaw, protects our infrastructure and client data like a Slytherin, and talks with clients like a Hufflepuff.\n\n\n\n\nSound Like a Good Fit? We’d love to talk to you!  \n\n* This is a remote job \n\nWe are a worldwide distributed team and are looking for a candidate who can perform well working remotely. To be an effective performer here at Platform.sh, you’ll need to be able to effectively collaborate across time zones while operating with a high level of independence and autonomy.


See more jobs at Platform.sh

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

ShapeShift


closed

dev

 

senior

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nPOSITION OVERVIEW\n\nShapeShift is seeking a Senior Software Security Engineer to help identify risks and mitigate them for this growing organization. The Software Security Engineer will be scanning, researching, hacking, and advising developers on security, in addition to altering source code to resolve security vulnerabilities. The ideal candidate will possess a keen understanding of how tweaking one parameter can vastly change the security outcomes of an information system. This position offers a unique opportunity to think with a black hat but wear a white hat for an exciting cryptocurrency startup.\n\nThis is a full-time, exempt position that reports directly to the CISO.\n\nYour desire to make a real impact on an organization and the world grows by the day. The ideal candidate will be open to daily changes in workflow and protocol (and force us to improve workflows). As a start-up in an evolving space, there are new challenges that require new solutions every day.\n\nGOALS OF POSITION\n\n\n* Stay abreast with daily CVE announcements and 0-day vulnerabilities\n\n* Provide strong software engineering experience to ShapeShift’s Security team.\n\n* Work with Site Reliability Engineers and IT administrators to mitigate any vulnerabilities found with ShapeShift's systems.\n\n* Provide security guidance and advice to software engineers on best practices for storing, securing, and accessing secrets in their application development. \n\n* Participate in architecture design discussions for ShapeShift's upcoming feature enhancements and new products/services, ensuring best practices in security are followed in each phase of development, and ensuring security risks are understood and mitigated in the design choices.\n\n* Execute and automate approved penetration tests, vulnerability scans, and related intelligence gathering about the existing security posture of development and production systems.\n\n* Manage internal TLS Certificate Authority, issuing and revoking internal server and client certificates where necessary.\n\n* Collect and organize security-related metrics for reporting to ShapeShift’s CISO.\n\n* Maintain ShapeShift's existing Information Security Policy, ensuring it is up-to-date with ShapeShift's requirements. \n\n* Providing security training to all new staff, and security refreshers to existing staff.\n\n* Oversee the provisioning of cryptographic keys and security hardware for new staff.\n\n* Can research, understand, and implement security enhancements to ShapeShift systems independently, and communicate changes to management in a timely fashion.\n\n\n\n\nSUCCESS METRICS OF POSITION\n\n\n* Concerns and risks are brought to the attention of the CISO in a timely manner\n\n* Staff receive your assessments and recommendations on improving/maintaining security in a timely manner\n\n* Staff are able to rely on you to educate them on security and answer their questions\n\n* Ability to contribute security enhancements to ShapeShift’s codebase.\n\n* Senior Security Engineer is able to meet deadlines independently\n\n\n\n\nWHAT YOU BRING TO THE TABLE\n\n\n* "Jack of All Trades" mindset, knowledgeable in many areas\n\n* "Geek to English translator" - ability to train/teach security concepts to non-security staff in easy-to-understand language\n\n* Strong "Google-fu" - ability to quickly find and learn concepts that aren't already known\n\n* Knowledge and experience that can be relied upon by others in the Security department\n\n* Ability to be flexible while working in a dynamic startup environment\n\n* Desire to make the world a better and safer place\n\n\n\n\nREQUIRED EDUCATION & EXPERIENCE\n\n\n* 7+ years of full-stack engineering experience or equivalent \n\n* Strong competency with Javascript and/or TypeScript\n\n* Strong competency with modern software development tools (git, jira, IDEs)\n\n* Experience performing source code review\n\n* Experience resolving application level vulnerabilities\n\n* Experience working with GPG / PGP\n\n* Experience with TLS, cryptographic certificates and PKI\n\n* Experience performing vulnerability scanning (i.e. Metasploit, Nessus, or similar)\n\n* Securing and administering services/daemons according to best practices\n\n* Experience working with Linux and open source technologies\n\n* At least 4 years experience in a security-focused role\n\n\n\n\nPREFERRED EDUCATION & EXPERIENCE\n\n\n* Experience securing cloud-based service providers, such as DigitalOcean, Azure, and AWS\n\n* Experience with deployment automation tools such as CircleCI, Terraform, etc.\n\n* Experience with penetration testing\n\n* Experience with charting, graphing, and presenting data visually\n\n* Experience working with cryptocurrencies and blockchains\n\n* Familiarity with Agile Development Methodologies \n\n* Familiarity with hardware and firmware security \n\n* Security certifications such as: CISSP, CISA, OSCP, Pentest+, Security+ would be an asset\n\n* Experience with Open Source Software\n\n\n


See more jobs at ShapeShift

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Balena


closed
This job post is closed and the position is probably filled. Please do not apply.
\nBeing a Head of Security at balena\n\nOur users trust us to provide critical infrastructure for their distributed IoT fleets, and our engineers work hard to protect each of these devices from attacks. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team.\n\nAs a Head of Security, you will learn how our complex interdependent systems are built and run. You will dig deep into diagnostics & debugging surfaces, logs, and reports to identify areas of risk and strategies to minimize vulnerabilities. You will develop and deploy security controls and concepts stretching from cloud- based apps to systems running on embedded devices, and lead initiatives to create new frameworks and roadmaps. You will influence infrastructure and product decisions and, above all, establish and promote a culture of shared responsibility for security.\n\nResponsibilities\n\n\n* Analyze weaknesses and attack patterns, and architect solutions to address them\n\n* Construct a comprehensive threat model that includes a variety of actors and security contexts\n\n* Define standards and streamline workflows for managing incidents, recovery, and vulnerability reports\n\n* Implement, tune, and enhance security auditing, monitoring, and notification systems\n\n* Perform checks to ensure our production pipeline is secure — from developer machines to servers\n\n* Design and review security-related product features, like automated vulnerability scanning and audit logs\n\n* Be a key resource for peers on support, share knowledge and mentor others on best practices\n\n\n\n\nRequirements\n\n\n* Strong technical background in software development, operations and/or information security\n\n* Experience writing high-quality code and debugging production systems\n\n* Working knowledge of Linux operating system internals\n\n* Awareness of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles\n\n* Ability to manage ambiguity, push through friction, and independently make critical trade-off decisions\n\n* Continuous improvement mindset and desire to make yourself and others more effective\n\n* Willingness to constantly build on your knowledge of the platform and new technologies\n\n* Excellent communication skills and fluency in English\n\n\n\n\nBonus points\n\n\n* Proficiency in at least one high-level language (we use Typescript and Javascript)\n\n* Knowledge of state of the art authentication standards such as OIDC\n\n* Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols\n\n* Background in leading teams and working across functions to build secure products\n\n* Experience with IoT, embedded SW, dev tools, or balena as a user/contributor\n\n* Contributions to OSS projects and community involvement\n\n\n\n\nMake sure to let us know if any of these items apply to you! If possible, please also share a sample of your work or examples of projects (URL or attachment).


See more jobs at Balena

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Balena


closed

exec

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nBeing a Lead Security Engineer at balena\n\nOur users trust us to provide critical infrastructure for their distributed IoT fleets, and our engineers work hard to protect each of these devices from attacks. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team.\n\nAs a Lead Security Engineer, you will learn how our complex interdependent systems are built and run. You will dig deep into diagnostics & debugging surfaces, logs, and reports to identify areas of risk and strategies to minimize vulnerabilities. You will develop and deploy security controls and concepts stretching from cloud-based apps to systems running on embedded devices, and lead initiatives to create new frameworks and roadmaps. You will influence infrastructure and product decisions and, above all, establish and promote a culture of shared responsibility for security.\n\nResponsibilities\n\n\n* Analyze weaknesses and attack patterns, and architect solutions to address them\n\n* Construct a comprehensive threat model that includes a variety of actors and security contexts\n\n* Define standards and streamline workflows for managing incidents, recovery, and vulnerability reports\n\n* Implement, tune, and enhance security auditing, monitoring, and notification systems\n\n* Perform checks to ensure our production pipeline is secure — from developer machines to servers\n\n* Design and review security-related product features, like automated vulnerability scanning and audit logs\n\n* Be a key resource for peers on support, share knowledge and mentor others on best practices\n\n\n\n\nRequirements\n\n\n* Strong technical background in software development, operations and/or information security\n\n* Experience writing high-quality code and debugging production systems\n\n* Working knowledge of Linux operating system internals\n\n* Awareness of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles\n\n* Ability to manage ambiguity, push through friction, and independently make critical trade-off decisions\n\n* Continuous improvement mindset and desire to make yourself and others more effective\n\n* Willingness to constantly build on your knowledge of the platform and new technologies\n\n* Excellent communication skills and fluency in English\n\n\n\n\nBonus points\n\n\n* Proficiency in at least one high-level language (we use Typescript and Javascript)\n\n* Knowledge of state of the art authentication standards such as OIDC\n\n* Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols\n\n* Background in leading teams and working across functions to build secure products\n\n* Experience with IoT, embedded SW, dev tools, or balena as a user/contributor\n\n* Contributions to OSS projects and community involvement\n\n\n\n\nMake sure to let us know if any of these items apply to you! If possible, please also share a sample of your work or examples of projects (URL or attachment).


See more jobs at Balena

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SUSE


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nSUSE is a growing company, with great products, a culture that fosters openness and friendship, and where many opportunities exist.\n\nProduct security is the most important building block of the global IT ecosystem.\n\nOur SUSE Security Team has over two decades of experience working on pro-active and reactive security to make our products and solutions outstanding. Using the latest technologies allows us to respond to hyped and very urgent vulnerabilities like ShellShock or BootHole. The race is still on-going and we need you to stay ahead and win.\n\nLocation: EMEA (Remote)\n\nKey Responsibilities:\n\n\n* Product security for our enterprise and community products\n\n* Security incident management, evaluation, assessment, fixing of vulnerabilities\n\n* Secure product and tools development, supporting development teams\n\n* Security testing, manual and automatic\n\n* Writing patches\n\n* Working in projects and teams\n\n* Communication with external and internal customers\n\n\n\n\nCandidate Profile:\n\n\n* An academic degree (Master/Bachelor or comparable) or IT specialist (Fachinformatiker)\n\n* Self-motivated and self-organised\n\n* Very good understanding of the Linux operating system\n\n* Programming skills in C and at least one scripting language (bash, perl, ruby, python, ...)\n\n* Experience with application security\n\n* Familiarity with basic security concepts (e.g. code analysis, binary formats, encryption)\n\n* Familiarity with security analysis tools is a bonus (e.g. IDA, gdb)\n\n* Knowledge of network security (TCP/IP, SSH, TLS/SSL) is a plus\n\n* Pronounced quality awareness, customer-oriented approach - Enthusiastic about security and improving knowledge in this area\n\n* Good communication skills and meticulous working style\n\n* Good knowledge of English\n\n\n\n\nWhat makes us different:\n\n\n* You will find and can connect to highly skilled engineers at SUSE\n\n* We provide many different products and endless opportunities to learn\n\n* We help our employees to develop\n\n* Our work environment is creative and productive\n\n* You can work with and within an international team\n\n* Our working hours are as flexible as possible\n\n* We organize regular events (hackathons, workshops, outdoor events, ...) to build up relationships and friendship within and across teams\n\n* At SUSE the opinion of the employee matters!\n\n\n\n\nIf you are successful for this position you'll have to pass pre-employment checks before joining us. The content of these checks may vary by country and position.


See more jobs at SUSE

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Automattic


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nJetpack is expanding its security team to provide crucial malware protection to WordPress websites. As a Security Researcher you will research and identify vulnerable and malicious code and help the team to develop methods to scan, prevent and remove malware attacks. If you have a knack for solving puzzles and a desire to document and create solutions, this is a great role for you!\n\nThe Security Engineer position might be a good fit if you:\n\n\n* Have a love for securing and protecting websites and applications!\n\n* Understand security threats, vulnerabilities, and common attack vectors such as XSS, injection, hijacking, social engineering, and so on, and how to mitigate them.\n\n* Have a deep understanding of networking protocols like TCP/IP, as well as HTTP/HTTPS\n\n* Are familiar with large scale systems, CDN based content delivery, WAF protection, Data partitioning, and Database Replication.\n\n* Are highly collaborative and love participating in code reviews and discussions about architecture or design.\n\n* Are open, and able, to travel 3-4 weeks per year to meet up with your teammates in person.\n\n\n\n\nExtra Credit:\n\n\n* Experience with penetration testing and associated tools\n\n* Previous experience with malware detection systems\n\n* Reported vulnerabilities in the past\n\n* Know your way around WordPress and its file and database structures.\n\n* Have experience writing and debugging WordPress plugins and themes.\n\n\n\n\n\nSpeaking of interests and skills, here are some areas in which you can grow and have further impact in the future at the company:\n\n\n* Leadership – we offer a variety of leadership options to those who have interest, including becoming a team lead and managing releases.\n\n* Learning and development – we have a generous personal development budget and encourage you to grow your skills through courses, books and conferences.\n\n* Architecture – we encourage developers to develop expertise in the systems they work with, guide their evolution and mentor other developers working on them.\n\n* Engineering effectiveness – we believe in helping other developers become more effective through tools, practices, cross-team collaborations, and process improvements.\n\n\n\n\nDiversity & Inclusion at Automattic\n\nWe’re improving diversity in the tech industry. At Automattic, we want people to love their work and show respect and empathy to all. We welcome differences and strive to increase participation from traditionally underrepresented groups. Our D&I committee involves Automatticians across the company and drives grassroots change. For example, this group has helped facilitate private online spaces for affiliated Automatticians to gather and helps run a monthly D&I People Lab series for further learning. Diversity and Inclusion is a priority at Automattic, though our dedication influences far more than just Automatticians: We make our products freely available and translate our products into and offer customer support in numerous languages. We require unconscious bias training for our hiring teams and ensure our products are accessible across different bandwidths and devices. Learn more about our dedication to diversity and inclusion and our Employee Resource Groups.\n\nCurious who works in engineering at Automattic? Meet our JavaScript Engineers – Lena and Riad.\n\nHow to apply\n\nDoes this sound exciting? If yes, click the Apply button below and fill out our application form. We are looking to having you in the process with us.


See more jobs at Automattic

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

CrowdStrike


closed

golang

 

dev

 

cloud

This job post is closed and the position is probably filled. Please do not apply.
Sunnyvale, United States - At CrowdStrike we’re on a mission - to stop breaches. Our groundbreaking technology, services delivery, and intelligence gathering together with our innovations in machine learning and behavioral-based detection, allow our customers to not only defend themselves, but do so in a...


See more jobs at CrowdStrike

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SpotMe


closed

analyst

This job post is closed and the position is probably filled. Please do not apply.
\nSpotMe is the leader in enterprise engagement platforms for virtual and hybrid events. Our mission is to challenge the status quo to create greater experiences for customers and employees. SpotMe is used by over 2 million users and 80 Fortune 500 brands like L’Oréal, SAP and Pfizer.\n\nThis is a new and exciting time. Virtual is the way people work, meet, and interact. With SpotMe Anywhere, we are not following trends, we are shaping them.\n\nBehind the magic stands a curious, diligent, and humble team of professionals from 30 nationalities. A team that feels a deep pride in the work they do, a team that stayed positive and quickly adapted to the new world. In 8 weeks, we shipped a new product and we have been experiencing a 15x demand since our launch.  \n\nIf working with our team in shaping the future sounds like the opportunity you're looking for then let us get to know you by submitting your resume. You will be free to decide when you want to work from home, and when you come to the office. In fact, you can work from anywhere you want in Europe or the USA.\n\nIn this role, you will be providing support in maturing and optimizing information security and compliance across SpotMe global operations, and reporting directly to the CEO. \n\nResponsibilities:\n\n\n* Responsible for SpotMe’s information security programs and strategic projects to further strengthen SpotMe information security governance\n\n* Responsible for the design, implementation, review and audit of new and existing security controls\n\n* Responsible for the ISO27001 certification\n\n* Manage SpotMe’s existing security compliance and audit programs (including SOC 2 reporting, penetration testing, network & vulnerability scanning) as well as customer-initiated audits\n\n* Respond to information security and data privacy due diligence requests from customers\n\n* Conduct risk assessments with internal parties and with 3rd party vendors; monitor and support reporting on risk reduction activities; drive corrective actions to mitigate vulnerability risks\n\n* Support executive and technology management with organization, process and architecture recommendations; define the organizational security posture, best practices, mailing lists and threat intelligence feeds reviews, as well as input to security governance and policy \n\n* Conduct internal audits to ensure that compliance towards established standards is maintained\n\n* Foster a security culture with the teams and deliver annual internal training programs\n\n* Govern disaster recovery (DR) and business continuity (BC) plans and related procedures \n\n* Maintain documentation of projects, plans and actions taken towards information security \n\n* Report to executive and engineering teams on governance and policy violations \n\n\n\n\nRequired skills and experience:\n\n\n* 3+ years of experience in information security, auditing or consulting with high-growth technology businesses\n\n* Understanding of, and implementation experience with ISO 27001:2013 and AICPA SOC 2 attestation standards\n\n* Understanding of, and compliance experience with the EU General Data Protection Regulation (GDPR)\n\n* Knowledge of common vulnerability frameworks and system, application and database hardening techniques and practices \n\n* Knowledge of networking standards (Ethernet, WLAN, TCP/IP, DNS) and Linux networking tools \n\n* CISSP certification or equivalent is required\n\n* Excellent English in verbal and written communications\n\n\n\n\nYour personality:\n\n\n* Keen to deliver to the highest existing standard with an uncompromised attention to detail\n\n* Deliver on time and to specification levels\n\n* Confident, proactive, self-starter, organized\n\n* Collaborative approach to problem-solving\n\n* This is an independent role that requires a team player for implementation\n\n* Willing and able to take responsibility for his/her actions and for the team delivery\n\n* Curios and open minded\n\n* Excellent listening and communication skills, as well as willingness to help others\n\n* Possesses a solid dose of common sense\n\n\n\n\nDo you want to join us in this exciting adventure? Please do not hesitate to reach out to us.


See more jobs at SpotMe

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

NS8


closed

cloud

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nDevSecOps Engineers at NS8 have a dual responsibility to uphold and create security standards across all of our environments as well as collaborate with other infrastructure teams to operate a production environment. The DevSecOps team’s responsibility is to “shift left” security, reliability, and availability matters early into the development process for the entire engineering org. Accordingly, the DevSecOps team has 3 focuses, Infrastructure, Security, and Test/QA.\n\nWe value quality work and an attitude to design and review carefully, thoughtfully, and proactively. We are looking for a DevSecOps Engineer who is passionate about high quality code and processes, automated testing, and continuous integration and monitoring and who will maintain high standards through code reviews and daily interactions.\n\nResponsibilities:\n\n\n* Implement SAST/DAST/IAST/RAST, IDS/ADS, SIEM/SOAR and other DevSecOps systems, both vendor and open-source, that deploy and run in Kubernetes clusters and in Concourse CI/CD\n\n* Write Policy-as-Code that ensure various systems are compliant, encrypted, and follow least privilege and zero trust models\n\n* Harden networks, containers, orchestrators, and cloud infrastructure more broadly.\n\n* Proactively assess vulnerabilities, model threats, and write automated penetration tests\n\n* Respond to and forensically analyze security incidents in a production environment, ensuring all compliance requirements and guidelines are followed\n\n* Code review with an eye for correctness, standards-compliance, security holes, new attack vectors, increased attack surface, etc\n\n\n\n\nRequirements: \nExperience with specific technologies listed is not required. We may prefer candidates who know the specific technologies, but we are also open to input on some of these.\n\n\n* Threat modeling and penetration testing experience\n\n* IDS/ADS, SIEM/SOAR, and forensics experience. We use or are looking to implement tools like Sysdig Falco as well as vendors like Aqua Security, Twistlock/Prisma, StackRox, and/or Splunk.\n\n* Experience responding to security incidents and following required reporting and resolution protocols\n\n* Compliance experience, e.g. NIST, SOC-2, SOX, PCI, etc.\n\n* Experience with vulnerability assessments, implementing SAST/DAST/IAST/RAST, and integrating security tooling into CI/CD pipelines. We are using or looking to implement tools like Anchore, Clair, Trufflehog, etc. Cloud. We are migrating to Concourse from CircleCI and some AWS CodeBuild.\n\n* Policy-as-Code experience. We are using or looking to implement tools like Open Policy Agent (OPA), cloud-custodian, terraform-compliance, etc.\n\n* Experience encrypting, hardening, segmenting networks. We are using or looking to implement tools like VPC, Security Groups, WAF, Kubernetes L4 & L7 NetworkPolicy, Istio AuthzPolicy, Istio mTLS, and Cilium encrypted networking.\n\n* Experience writing production code in at least one language. Most of our engineering teams use TypeScript, with some sprinkles of Java, Python, Go, Shell, etc.\n\n\n\n\nPreferred: \nThese experiences are not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Infrastructure-as-Code experience. We use plenty of YAML, Helm, and some Terraform but are also looking at Pulumi and cdk8s.\n\n* Multi-cloud experience. We primarily use AWS right now, but are starting to use GCP and potentially more in the future. We try to be cloud agnostic, but take pragmatic approaches and consider trade-offs when using managed services.\n\n* Multi-cluster experience. We run several clusters, some of which communicate with each other, currently in a hub-and-spoke model.\n\n* Experience implementing and influencing a DevSecOps workflow for other teams\n\n* Experience working in an Agile/Kanban environment with GitFlow style development on a Remote / distributed team.\n\n* Experience with any of the DevSecOps Team’s other focuses: Infrastructure (linkme) and/or Test/QA (linkme)\n\n\n\n\nVery Preferred: \nThese experiences are also not required, but we will prefer candidates who have one or more of these in addition to the requirements above. \n\n\n* Experience running and securing untrusted, 3rd-party workloads.\n\n* Experience with kernel security and hardening containers and orchestrators. Tools such as distroless, gVisor, kata-containers and SELinux, AppArmor, and seccomp more broadly as well as kube-bench and Polaris.\n\n* Experience with PKI management\n\n\n


See more jobs at NS8

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

vast limits


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nWir sind eine erfolgreiche Softwarefirma, die organisch weiter wachsen möchte. Wir sind inhabergeführt, nicht fremdfinanziert und haben spannende Unternehmenskunden in über 30 Ländern.\n\nWir sind der Überzeugung, dass Micromanagement tödlich ist für Kreativität und Produktivität. Wir bieten eine offene Arbeitskultur, in der die Mitarbeiter ihren Arbeitsort frei wählen können und sich den Tag selbst einteilen.\n\nWir entwickeln Software für die Unternehmens-IT, weil wir den Markt kennen und die Bedürfnisse von Fachabteilungen und Mitarbeitern verstehen. Wir wissen, wie IT-Profis arbeiten und welche Werkzeuge sie verwenden. Wir wissen auch, wie komplex ein großer Teil der Unternehmenssoftware ist. Wir wollen dazu beitragen, dass sich das ändert.\n\nUnser Produkt uberAgent bietet tiefe Einsichten in User Experience und Security von physischen PCs und virtuellen Desktops. Mit Hilfe dieser Informationen optimieren unsere Kunden die Geschwindigkeit, Sicherheit und Stabilität der Endgeräte ihrer Mitarbeiter.\n\nDie Kombination aus einfacher Bedienung und wertvollen Metriken macht uberAgent zu einem Produkt, mit dem sehr gerne gearbeitet wird. Insofern passt es perfekt zu Splunk, einer leistungsfähigen und gleichzeitig benutzerfreundlichen Big Data-Plattform, die von uberAgent für Datenspeicherung und -visualisierung verwendet wird.\n\nDeine Aufgaben\n\nWir leben Qualität. Zusammen mit Deinen Kollegen bietest Du Kunden und Partnern Betreuung auf höchstem Niveau bei allen technischen und vertrieblichen Fragen.\n\nDies umfasst:\n\n\n* Kontakt zu Partnern halten\n\n* Webinare für Interessenten durchführen\n\n* Technische und vertriebliche Anfragen bearbeiten\n\n* Vorträge auf Konferenzen halten\n\n* Blog- und KB-Artikel verfassen\n\n* Unsere Entwickler unterstützen\n\n\n\n\nDas wünschen wir uns\n\nDie einzigen Qualifikationen, die uns wirklich wichtig sind, sind der Drang, das bestmögliche Resultat zu erzielen und der Wunsch, jeden Tag etwas dazuzulernen.\n\nDaneben erwarten wir:\n\n\n* Langjährige Erfahrung mit Security in großen Unternehmen\n\n* Sehr gute Kenntnisse in Windows-Interna\n\n* Eigenständiges Arbeiten\n\n* Hang zur Perfektion\n\n* Sehr gute Deutsch- und Englischkenntnisse\n\n* Hauptwohnsitz in Deutschland\n\n\n\n\nZusätzlich freuen wir uns über:\n\n\n* Gute Kenntnis eines oder mehrerer SIEMs (z.B. Splunk)\n\n* Erfahrung mit Pentesting, Hacking, Threat Hunting\n\n* Erfahrung mit Automatisierung, Skripting, Programmierung\n\n* Community-Engagement, Bloggen (bitte schicke uns Links)\n\n\n


See more jobs at vast limits

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

OliBank


closed

dev

 
This job post is closed and the position is probably filled. Please do not apply.
\nAbout us:\n\nAt OliBank we are working on unique solutions and challenging problems all around financial technology. This position will help us build a brand new product that will revolutionize business banking. Our mission is to create prosperity around the world by breaking down all barriers of trade and commerce. At OliBank, we are looking for more top talent to help us fulfill this vision. \n\nThe experience of working remotely at OliBank is unlike anywhere else. We focus heavily on active team collaboration; hence your team members will never be from far away time zones. No midnight meetings or choppy calls because we recruit only from just a handful of countries to keep everyone connected. We provide high-quality video equipment to make it feel like we are next to each other. Working at OliBank is like working with an office-based high-performance team but without the commute. All developer meetings are held in spoken Spanish, and team collaboration is highly valued.\n\nEngineering at OliBank is not like a soulless outsourced sweatshop. You are valued as a team member from day one with long-term career prospects. If you are looking to be challenged, to grow, and to be able to contribute, this might just be the best place for you.\n\nWe believe that there is work, and then there is work that you were born to do. The kind of work that defines who you are and that you can be proud of. The kind of work you’d sacrifice a night or a weekend for. That is the kind of work we do at OliBank. People don’t come here for safety, they come for the journey. They want to create something big and meaningful that reaches hundreds of millions of people.\n\nWe are looking for an exceptional JavaScript Developer for our Product & Innovation team to join in our accelerated growth.\n\nWhat’s needed from you: \n\n\n* Expert knowledge of JavaScript working with a reputable company\n\n* 100% Self-starter mentality  \n\n* Willingness to put in the work and be part of an elite hard-working team\n\n\n\n\nWhat is the platform built with?\n\nThe product is built with node.js, vue.js , storybook and MongoDB. Platforms are Cloudflare, AWS and Mongo Atlas, the more you can tick off from this list the better. You will be working with the most current frameworks available.\n\nIf hired then you will be working directly with an innovative team that consists of full-stack, front-end, and backend developers with outstanding programming and problem-solving skills, so you will be picking up new skills in no time. \n\nThe ideal candidate:\n\n- Is flexible and a true self-starter, doesn't take anything for granted and a boss is not necessarily needed to get the job done while being precise and getting the work done right.\n\n- Has a proven track record of delivering high-quality work and showing a high level of responsibility for all tasks.\n\n- If asked, capable of providing references from past co-workers and managers. 


See more jobs at OliBank

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Mastery Logistics Systems


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nAbout the Role\n\nThe transportation industry has no shortage of complex problems requiring creative solutions to scale efficiently. Enterprise grade security is at the foundation of everything we do.  Mastery’s security team is dedicated to keeping our customer data safe. \n\nResponsibilities:\n\n\n* Partner with engineering and operations teams to provide security at every layer of the software development life cycle\n\n* Design, implement, and operate a highly automated and scalable vulnerability management program\n\n* Work with vendors to select and implement new security technologies\n\n* Conduct internal risk assessments and develop mitigation strategies\n\n* Work directly with the compliance team to implement controls that align with industry standard frameworks\n\n* Author policies, processes, and standards\n\n\n\n\nRequirements:\n\n\n* 3+ years of practical experience in an information security role\n\n* Strong written and verbal communication skills\n\n* Excellent analytical, decision-making, and problem solving skills\n\n* Preferred AWS, Azure, GCP cloud computing experience\n\n* Understanding of basic networking, hosting, and containerization technologies\n\n* CISA, CISM, CISSP, or GIAC certifications a plus\n\n\n\n\n\nBenefits\n\nMastery takes great pride in providing our employees a robust and highly competitive benefit package. Our benefits include Medical, Dental and Vision insurance covering 90% of premium costs. Company paid life insurance for 1x salary. Legal, AD&D, Additional Life and other employee assistance benefits. We have a 401k savings plan with a 4% match. We provide opportunities for professional growth and development. We fully support our work from home initiative as we do our part to combat the Covid 19 crisis. We have a manage your life and schedule Paid Time Off program. We are fully devoted to finding creative perks and benefits since we cannot currently enjoy our cool office culture. Our philanthropic partner is St. Jude Children’s Research Hospital.\n\n\nWe are an equal opportunity employer and actively seek a diverse community of professionals. Veterans, Women, non-binary, people of color, LGBTQIA, we welcome all to apply!


See more jobs at Mastery Logistics Systems

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

TaxJar


verified closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nTaxJar is the leading technology solution for busy eCommerce sellers to manage sales tax and is trusted by more than 20,000 businesses. \n\nWe know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To achieve this, we provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, award-winning place to work. We have many different backgrounds and lifestyles, and everything we do is guided by our core values:\n\n\n* We do the right thing for our customers\n\n* We're a team, built on trust\n\n* We're proud to be remote\n\n* We're in control of our own destiny\n\n\n\n\n\nWe’re a happy team and we all really love what we do. We’re fast-growing, fully-distributed, talented, and driven. We live all across the US, working from our homes, local libraries, co-working spaces, airstreams - pretty much anywhere we can and do accomplish great work. We've created a space where high-achievers can succeed, but are also safe to fail. We're profitable and focused on growing TaxJar sustainably, and we believe a diverse team can create better solutions for our customers.\n\nWe’re looking for people who:\n\n\n* Are based in the US\n\n* Value working remotely\n\n* Excel at communication and collaboration\n\n* Highly value working with people they like and respect\n\n* Are open and accountable\n\n* Are confident with their skills and who love being part of a team (we’re peers here, no egos please) but are also comfortable working asynchronously\n\n* Want to make a positive impact at TaxJar and who aren’t afraid to fail\n\n\n\n\n\nTaxJar is looking for an exceptional and highly skilled Security Engineer who lives by TaxJar’s values and has a demonstrated track record of securing the SDLC process. TaxJar’s Security Team is responsible for partnering with Engineering teams to build and deploy secure products for our customers. This involves maturing the Secure Development Lifecycle, training developers in secure practices, working with our Operations team to scale and automate security, and innovating new ways to help developers secure themselves.\n\nAs a Security  Engineer for TaxJar you will:\n\n\n* Proactively perform security assessments and reviews (threat models/code reviews/pentests) against TaxJar’s products and services.\n\n* Work with software engineers to design application security review process and controls across a range of technologies to include but not limited to Ruby on Rails, Elixir, and containerized applications\n\n* Own the vulnerability management program and perform regularly-scheduled vulnerability scans to support regulatory compliance and identification of new vulnerabilities\n\n* Identify AWS Security gaps and implement AWS security best practices for our cloud environment (Security Groups, S3 Buckets, IAM Roles and Policies, etc.)\n\n* Be responsible for the Identity access management (IAM) for all users and roles in AWS\n\n* Integrate security best practices into the SDLC process and the CI/CD pipeline\n\n* Act as a technical leader for the security team and work with engineering teams to improve security practices\n\n* Perform security monitoring, security event triage, and lead incident response; including steps to minimize the impact and then conducting a technical and forensic investigation into how the incident happened\n\n* Perform security reviews of the architecture\n\n* Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls\n\n\n\n\n\nRequirements:\n\n\n* 4-6 years of experience in Application/Product Security preferably in SaaS\n\n* 2-4 years of experience within Cloud Security in AWS\n\n* Strong understanding  of AWS IAM, least-privilege access, security groups, VPCs and web applications security best practices\n\n* Pentesting, threat modeling, and architecture review experience\n\n* Hands-on knowledge of security technologies such as IDS/IPS, WAF, vulnerability scanners, etc.\n\n* Experience leading incident response plans, working with SIEM tool for log analysis (i.e. Sumo Logic, Splunk, etc.) a must\n\n* Working knowledge of the OWASP Top 10 security risks and remediation techniques\n\n* Previous programming experience in languages such as Python, Ruby, or Elixir\n\n* Experience with operating systems and hardening (Linux, OS X, and Windows) a plus\n\n* Knowledge of container security such as Docker and Kubernetes a plus\n\n* Certifications such as CISSP, GSEC, CEH or CISM highly desired\n\n* Agile, humble, trustworthy, and a team player\n\n\n\n\n\nBenefits:\n\n\n* Excellent health, vision and dental benefits\n\n* Flexible vacation\n\n* Company holidays, plus mandatory Birthday holiday\n\n* 12 weeks paid parental leave for all employees\n\n* 4 hours volunteer time per month\n\n* Biannual all-company in person summits (paid for by us, of course!)\n\n* $250 Home office stipend\n\n* 401k Plan\n\n* Equity in a profitable company\n\n* Monthly perks reimbursement ($100 a month to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)\n\n\n\n\n\n\nPlease visit www.TaxJar.com/jobs for a full list of our amazing benefits for full-time employees, and to learn more about our values and how we work. You can learn more about our hiring process here.\n\nIf you send us a referral for someone who may be a great candidate for this role, we'll pay you $1,000 if we hire them. To refer someone, please email their full name to [email protected] and add “Candidate Referral - [Job Title]” to the subject line once the individual has applied for a role.


See more jobs at TaxJar

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Carve Systems


closed

consulting

 

dev

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nUpdate April 2020: If you are interested in what you read below, please apply and we'll get you started on the process. The process starts with a technical puzzle that should take around an hour and will give you an idea of exactly what we mean by software deconstruction. Got questions? You'll get a short intro call right after the puzzle. This is the best place to raise any questions you might have. Carve just hired someone and we are anticipating a late-summer, early-fall 2020 opportunity for the next great candidate. If you are a great candidate and have a different schedule we can talk about that right up front. Thanks ...the Carve team.\n\nThis job is only listed on Stack Overflow: https://stackoverflow.com/jobs/268907/software-deconstruction-engineer-aka-infosec-carve-systems\n\nWhat's the job?\n\n\n* Information security consulting: assessing the security of software and hardware systems.\n\n* Understanding how systems are built and learning how to break them.\n\n* Working with our experienced team on short-to-medium term engagements.\n\n\n\n\nWhat would you do?\n\nEvery two to three weeks you'll get a new project to work on. A typical project will involve:\n\n\n* Recon: Digging into the functionality, design, and implementation of the software system or device.\n\n* Probing: Searching for implementation weaknesses which could indicate a security issue. This is a combination of tools that we use, tools that we build, and manual probing. For device projects this can include firmware extraction, analysis, and hardware interfacing.\n\n* Extending: Now that you've found a weakness... how far can you extend your access into the system?\n\n* Writing: Now that you've hacked your way in you'll need to write-up your findings and work with the developers to make sure they understand what the problem is and how to fix it.\n\n\n\n\nIf you enjoy puzzles and technical variety you'll find this job very enjoyable.\n\nWho are we looking for?\n\n\n* You do not need to have information security experience. If you've got the right technical background and problem solving skills we can train you in the dark arts of infosec.\n\n* People who enjoy writing code, solving problems with code, and learning how computers work at a fundamental level.\n\n* This is not a "travel every week" type of consultant. We do sometimes work at a client site but most of the time we do our projects remotely.\n\n\n\n\nWe’re hiring for all experience levels: from zero career experience to information security veterans.\n\nSkills & Requirements\n\n\n* Deep experience in software and computers. You may have earned this experience with a degree, career as a software developer, or perhaps you've invested in a technical hobby that took you deep into the rabbit hole.\n\n* Technical writing skills (English)\n\n* Resident of the USA and able to be employed in the USA.\n\n\n\n\nWe encourage remote candidates to reply *if* they are residents of the USA.


See more jobs at Carve Systems

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Shogun Labs


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nWe Are…\n\nShogun, and we're on a mission to help people create the best eCommerce experiences in the world.\n\nWe were in the Winter 2018 batch of Y-Combinator, we just raised a Series A investment, we have over 14,000 active paying clients, and we're preparing to launch a new product in 2020 (you can read more in TechCrunch).\n\nOur teams are fully distributed and global (check out our team page)! We have no office, so we are looking for team members that are comfortable with and motivated by the opportunity to work remotely.\n\n\n\nYou Are…\n\nA self-motivated and passionate Ruby Engineer looking to join our engineering team and help secure our applications and cloud infrastructure.\n\nWe're looking for a talented programmer who is interested in security and eager to help resolve vulnerabilities as they arise, build security processes and tooling, and investigate threats.\n\n\nIn This Role You Will...\n\n\n* Learn from your teammates and help other engineers develop more secure software via design input and code review.\n\n* Contribute to the implementation of secure development practices.\n\n* Resolve security vulnerabilities in the application layer, including those reported through our bug bounty program at Federacy.\n\n* Deliver well-engineered, scalable solutions that improve our defense-in-depth.\n\n* Author and implement an information security policy.\n\n\n\n\n\n\nYou Have...\n\n\n* 5+ years software engineering experience.\n\n* 3+ years of Ruby on Rails, including security responsibilities.\n\n* Proven knowledge of authentication and authorization.\n\n\n\n\n\n\nNice-to-Haves...\n\n\n* Experience with Go, Javascript, MongoDB, and/or Redis.\n\n* Experience securing a cloud platform (AWS, GCP, Azure, etc.).\n\n* Clear and precise written and interpersonal communication skills.\n\n* Effective time management and organizational skills.\n\n* Penetration and vulnerability testing experience.\n\n\n\n\n\n\nWe Offer\n\n\n* Competitive salary\n\n* Benefits (vary by location)\n\n* A highly skilled and dedicated team that is fun to work with.\n\n* Remote work – We are a fully distributed team that works from anywhere with good internet. (+13 countries just on the engineering team!)\n\n* Occasionally, we hire on a full time contractor basis to begin with. Team members enjoy the same opportunities for great compensation, full time positions, and consideration, regardless of location.\n\n\n\n\n\n\nTry Out Shogun\n\nIf you want, you can use Shogun to get a feel for the product. We'd love to hear what you think. Here is how:\n\n* Create a Shopify Developer Account: https://developers.shopify.com\n\n* Create a development store: https://help.shopify.com/en/partners/dashboard/development-stores\n\n* Install Shogun on your development store: https://apps.shopify.com/shogun\n\n* Create a couple of pages. We will take a look.\n\n \n\n\n\nShogun supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity/expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical or mental disability, or any other protected class


See more jobs at Shogun Labs

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Numbrs


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nNumbrs is reshaping the future of the workplace. We are a fully remote company, at which every employee is free to live and work wherever they want.\n\nNumbrs was founded with the vision to revolutionise banking. Therefore from day one Numbrs has always been a technology company, which is driven by a strong entrepreneurial spirit and the urge to innovate. We live and embrace technology.\n\nAt Numbrs, our engineers don’t just develop things – we have an impact. We change the way how people are managing their finances by building the best products and services for our users.\n\nNumbrs engineers are innovators, problem-solvers, and hard-workers who are building solutions in big data, mobile technology and much more. We look for professional, highly skilled engineers who evolve, adapt to change and thrive in a fast-paced, value-driven environment.\n\nJoin our dedicated technology team that builds massively scalable systems, designs low latency architecture solutions and leverages machine learning technology to turn financial data into action. Want to push the limit of personal finance management? Join Numbrs.\n\nJob Description\n\nYou are responsible for planning, developing, and monitoring all information security aspects of the organisation and our large scale micro-service based distributed systems. From establishing security policies, implementing active defense-in-depth strategies, to conducting reviews of software and infrastructure, you are leading a security-first organisation without compromise. You enjoy learning new things and keep yourself up to date on the latest security threats and defenses. You are a great teammate who thrives in a dynamic environment with rapidly changing priorities.\n\nAll candidates will have\n\n\n* a Bachelor's or higher degree in a technical field of study or equivalent work experience\n\n* a minimum of 3 years security work experience\n\n* experience in establishing organisation wide security policies and procedures in a regulated environment\n\n* experience in penetration testing web-based apps, mobile apps and back-end infrastructure\n\n* experience implementing modern crypto systems and securing sensitive data in motion and at rest\n\n* experience in security auditing of back-end distributed systems and infrastructure\n\n* good knowledge of at least one modern programming language, such as Go, Java, C++, or Python\n\n* hands-on experience with performing code and design reviews\n\n* excellent troubleshooting and creative problem-solving abilities\n\n* excellent interpersonal skills, English written and oral communication\n\n\n\n\nIdeally, candidates will also have\n\n\n* experience with the management of personal data according to the GDPR\n\n* hands-on experience in securing and monitoring Amazon Web Services infrastructure\n\n* good understanding of modern authorisation protocols like OAuth2 and OpenID Connect\n\n* good German written and oral communication skills\n\n\n\n\nLocation: Remote


See more jobs at Numbrs

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Clevertech


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nWe know that during this time there are concerns around the actuality of hiring needs, we want to assure you that this job is posted for a need that we are eagerly looking to fill. We would love to see your application! Clevertech is a leading consultancy that is on a mission to build transformational digital solutions for the world’s most innovative organizations. Enterprise companies turn to Clevertech to help them launch innovative digital products that interact with hundreds of millions of customers, transactions, and data points.\n\nRequirements\n\n\n* Experience securing data including platform, AWS, installable, back office\n\n* 7+ years experience with network and data security\n\n* CISSP or other industry certification is a plus\n\n* Clearly communicate complex concepts verbally in English\n\n\n\n\nOur Benefits\n\nWe know that people do their best work when they’re taken care of. So we make sure to offer great benefits.\n\n\n* Competitive Vacation Package\n\n* Annual Financial Allowance for YOUR development\n\n* Flexible Family Leave\n\n* Clevertech Gives Back Program\n\n* Clevertech U (Leadership Program, Habit Building, New Skills Training)\n\n* Clevertech Swag\n\n* Strong Clevertech Community\n\n\n\n\nHow We Work\n\nAre you curious about what it's like to work at Clevertech? Check out our YouTube channel  to hear directly from Clevertech developers.\n\nPeople join Clevertech to make an impact. To grow themselves. To be surrounded by developers who they can learn from. We've found that innovation comes from an exchange of knowledge across all of our teams. To put people on the path for success, we nurture a culture built on trust, collaboration, and personal growth. You will work in small feature-based cross-functional teams and be empowered to take ownership. We make a point of constantly evolving our experience and skills. We value diverse perspectives and fostering personal growth by challenging everyone to push beyond our comfort level and try something new. The result? Meaningful work. Getting Hired\n\nWe hire people from a variety of backgrounds who are respectful, collaborative, and introspective. Members of the tech team, for example, come from diverse backgrounds having worked as copy editors, graphic designers, and photographers prior to joining Clevertech. Our hiring process focuses not only on your skills but also on your professional and personal ambitions. We want to get to know you. We put a lot of thought into the interview process in order to get a holistic understanding of you while being mindful of your time. You will solve problems derived from the work we do on a daily basis followed by thoughtful discussions around potential fit. Whatever the outcome, we want you to have a great candidate experience.\n\nAPPLY FOR THIS POSITION


See more jobs at Clevertech

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Sonatype


closed

senior

This job post is closed and the position is probably filled. Please do not apply.
\nThe Senior Security Researcher will investigate and analyze vulnerabilities in open-source software. Sonatype is looking for a passionate, driven and talented developer to provide high-quality security data from researching software vulnerabilities.  This is not a development position but relies on development experience to help navigate complex architectures and threat vectors in open-source software. This high-quality security data ensures that our customers are getting maximum value out of our products making them feel like they are part of the Sonatype family.   If you are a positive-thinker and problem-solver and believe that customer success and company success go hand-in-hand, this is a great job for you. This position will provide a valuable learning opportunity with the great potential to grow your newly started career in cyber-security. Enjoy your job as you work in a fast-paced, flexible, and fun environment, with talented, diverse, and forward-thinking individuals. Key Areas of Focus\n\n\n* Review, isolate, analyze, and reverse engineer vulnerabilities in open-source software\n\n* Document attack capabilities\n\n* Provide detection and remediation guidance\n\n* Aid in ideas and prototypes for new tooling\n\n* Collaborate with other team members toward shared product goals\n\n* Improve Sonatype products by providing valuable security data\n\n* Work with technology and business team members to define and refine requirements in an agile development environment\n\n\n\n\nRequired Background\n\n\n* 5+ years of experience in application security or development experience in Java, C#, Python, JavaScript, C/C++ or Ruby\n\n* Excellent oral and written communication skills\n\n* Excellent organizational skills and detail-oriented\n\n* Ability to work independently and as part of a team\n\n\n\n\nDesired Background\n\n\n* Bachelor of Science Degree in Computer Science, Cybersecurity, Engineering, or related field\n\n* Knowledge of application security such as the OWASP Top 10 or Sans 25\n\n* Knowledge of different languages such as Python, Ruby, and scripting\n\n* Knowledge of different operating systems such as *NIX, Windows\n\n* Application vulnerability assessment or penetration testing experience\n\n* Knowledge of open-source environments like Github is a plus\n\n\n


See more jobs at Sonatype

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

CrowdStrike


closed

exec

 

cloud

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nAbout the Role\n\nCrowdStrike is seeking a Senior Manager, SecOps Engineering.  This critical role in the organization will be responsible for leading one or more key areas of the cloud platform. You will help drive and deliver on the technical strategy and roadmap. CrowdStrike is growing rapidly and you will be instrumental in the hiring, retaining and growth of our world class engineers. You will work cross functionally with your peers in the engineering organization as well as leaders in sales and product. We are a remote first company so you must bring your excellent verbal and written communication skills to bear when you are working with your engineering teams and cross functional teams across the globe.\n\nWhat you will need\n\n\n* MS in Computer Science or related field, or equivalent work experience\n\n* Experience in Golang and/or container and container orchestration technologies\n\n* Demonstrated track record of building a strong core engineering team and engineering team management\n\n* 10+ years of software engineering experience in all phases of a software development lifecycle\n\n* 1+ years of hands-on management experience leading engineering teams \n\n* Experience with shipping high quality software in a cloud environments\n\n* Solid grounding in the technology of at least one cloud environment (AWS, Azure, GCP)\n\n* Broad grounding in all aspects of distributed systems development: understanding of distributed systems concepts, authN/Z (OAuth2, etc.) and API development\n\n* Solid design and problem solving skills with demonstrated passion for engineering excellence, quality, security and performance\n\n* Strong cross-group collaboration and interpersonal communication skills working with a variety of roles including engineering, product management, support and sales engineering\n\n* Demonstrated ability to attract and hire talent and grow the team rapidly\n\n* Experience working with remote teams and individuals while ensuring agility and code velocity\n\n* Ability to communicate and articulate crisply at all levels from executive staff to engineers\n\n* Broad general knowledge of the high-technology industry gained in larger enterprise software environments enhanced by ongoing awareness of R&D practices/technology advances\n\n\n\n\nBonus Points\n\n\n* Experience with hybrid cloud environments\n\n* Exposure to/experience with cybersecurity and intelligence.\n\n\n


See more jobs at CrowdStrike

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Fidel


closed
Lisbon

senior

 

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nFidel’s mission is to democratize access to financial data globally so that consumers are in control of their data. Our technology makes transactional data accessible through a single access point for global businesses like Avios, Klarna and the Royal Bank of Canada. We have a record of fast growth and our key investors include Horizon Ventures and Innovate UK.\n\n\nWe recently closed our Series A round, raising $18M from top-tier VCs, including Nyca Partners and QED Investors. We currently have offices in London and Lisbon — and we’re only getting started.\n\n\nIn this exciting period of growth, both within the UK and internationally, we are now looking for an experienced Senior Security Engineer who wants to be part of this journey.\n\n\n\n\nWhat you’ll do:\n\n\n* Identify and define system security requirements;\n* Prepare and document standard operating procedures and protocols;\n* Configure and troubleshoot security infrastructure devices;\n* Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks;\n* Ensure that the company knows as much as possible, as quickly as possible about security incidents;\n* Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement;\n\n\n\n \n\n#Salary and compensation\n - /year\n\n\n#Location\nLisbon


See more jobs at Fidel

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

SemanticBits


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nSemanticBits is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.\n\nThe selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.\n\nResponsibilities:\n\n\n* Collaborating with various teams to secure new platforms/applications\n\n* Implementing platform security and framework improvements\n\n* Implementing analysis and monitoring tools\n\n* Working with engineering and QA teams to build tools and scale security in a continuous deployment environment\n\n* Assessing the security of applications, APIs, and platforms via penetration testing and code reviews\n\n* Document System Security plan and Contingency Plans for related projects\n\n\n\n\nRequired Qualifications:\n\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience\n\n* At least 5 years of experience in the following;\n\n\n\n* NIST 800-53 security controls\n\n* Penetration Testing\n\n* System Hardening (blue team)\n\n* Programming/Scripting (java, node, python, etc)\n\n* Incident Response\n\n\n\n* Strong knowledge to perform below tests:\n\n\n\n* Penetration testing\n\n\n\n* Static Analysis/Static Application Security Testing\n\n* Vulnerability Assessment/Scanning\n\n* Dynamic Analysis/Dynamic Application Security Test (DAST)\n\n* Malicious Software Analysis\n\n\n\n\n\n* Strong foundation in one or more of the following:\n\n\n\n* Data management security\n\n* Authentication\n\n* Applied cryptography\n\n* Linux security\n\n* Network & Cloud security\n\n\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardware\n\n* Understanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n\n\n\nOne or more of the following certifications is preferred;\n\nOSCP, OSCE, OSWE, CISSP, GPEN, GXPN \n\nNice to Have: \n\n\n* Strong engineering background \n\n* Application architecture experience \n\n* Experience working in the healthcare industry\n\n* Federal Government contracting work experience\n\n* Prior experience working remotely full-time\n\n\n\n\nPhysical and emotional requirements for the job:\n\nThis position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations. \n\n\n\n\n\nBenefits:\n\n\n* Generous base salary\n\n* Three weeks of PTO\n\n* Excellent health benefits program (Medical, dental and vision)\n\n* 401k retirement plan. We contribute 3% of base salary irrespective of employee's contribution\n\n* 100% paid short-term and long-term disability\n\n* 100% paid life insurance\n\n* FSA\n\n* Casual working environment\n\n* Flexible office hours\n\n* New laptop (Mac or PC - your choice)\n\n\n\n\nSemanticBits, LLC is an equal opportunity, affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law. We are also a veteran-friendly employer.


See more jobs at SemanticBits

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

American Farm Bureau Insurance Services


closed

sys admin

 

admin

This job post is closed and the position is probably filled. Please do not apply.
\nPOSITION OBJECTIVE: Position is responsible for overseeing the System Security Department. Safeguard the organization’s computer network and systems, conducting day-to-day security monitoring, identifying weaknesses, and recommending and implementing improvements. Manages the day-to-day information security operations by working closely with team members to ensure directed objectives are met. To implement and maintain corporate network communication strategies and security to assist the organization and its customers effectively and securely.\n\nREPORTS TO: Information Systems Director\n\nDUTIES and RESPONSIBILITIES:\n\n· Manages the process of log collection via our Security Information and Event Management tool; conducts appropriate monitoring and log analysis, to ensure threats are identified and mitigated.\n\n· Conducts vulnerability assessments for AFBIS utilizing available tooling, builds and provides reports to peers and the IS Director, ensures findings are followed up on and remediated.\n\n· Conducts routine security risk assessments, maintains and tracks the resolution of all risks to completion, including assigning specific risks to self or others based on the need.\n\n· Evaluate and recommend new and emerging security solutions and best practices, works to ensure our Cybersecurity program complies with applicable standards / regulations.\n\n· Conduct forensics around security incidents as applicable\n\n· Directly manages specific information security tooling, including encryption tools, mail monitoring tools, anti-malware tools, and digital loss prevention tools.\n\n· Oversees the security hardening on all AFBIS devices exposed to the network through MDM and other tools.\n\n· Conducts security research in keeping abreast of latest security issues and tools.\n\n· Oversees installing, maintenance and support of hardware and software that assists the organization to better utilize the network, computers, and security.\n\n· Manage, review, and develop VPN for customers and employees to securely connect to AFBIS.\n\n· Keep employees and customers informed by communicating security status that could involve them.\n\n· Researches current hardware and software products to make recommendations to the Information Systems Director for methods to provide employees and customers with the best possible solutions for communications.\n\n· Ordering, tracking, and invoice approval for AFBIS purchases.\n\n· Evaluate employee performance.\n\n· Oversee and coordinate employees\n\n· Other duties as assigned.\n\nRELATIONSHIPS: Works on a daily basis with other team members of the Information Systems Department. Works with other AFBIS team members and staff as needed. Works with vendors and customers as required. Participate as an employee and representative of AFBIS, Inc. in a professional and courteous manner.\n\n\nNOTE: The preference is for this position to be based in the AFBIS, Inc. Office in Fargo, ND. Remote candidates will be considered.


See more jobs at American Farm Bureau Insurance Services

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Defiant


closed

analyst

This job post is closed and the position is probably filled. Please do not apply.
\nDefiant is a small, dynamic, fast-growing, and profitable company with loyal customers who love our products and services. We are the global leader in WordPress security, protecting over 3 million websites.\n\nWe're seeking a Security Analyst to work on a contract basis from your home office in Australia or New Zealand from approximately 9-5 AEST Monday through Friday.\n\nCompany Culture\n\nYou'll work with a talented and highly-motivated team that is friendly, fast-moving, self-managing, and highly capable with a sense of humor. Our team's family time is important; we won't typically require long hours when we can avoid it, which is almost always. Our entire team works remotely using Slack for casual interaction, ­so you can live practically anywhere you have a good Internet connection. There's no micro-­management here—we trust that you will see tasks through to completion and communicate with your fellow team members when needed or ask for help when needed.\n\nAt Defiant, ‘trust’ is the attribute we value most highly among our team members. We need to know that you can grab a task, communicate clearly with stakeholders, and see the task to completion with superb attention to detail.\n\nWe use apps like Slack, FogBugz, GitHub, and Google Apps for our workflow.\n\nJob Description\n\nWe are looking for security analysts to join our forensics team. You will assist our customers to investigate how their site was hacked and to repair their site and remove all traces of the intrusion. In addition to this you will also collect evidence from intrusions that will help improve our threat detection. You will need to determine how the intrusion occurred and then collect all IOC’s (indicators of compromise) and share this data with our product team in a structured way.\n\nGeneral requirements:\n\n\n* You must be highly technical and be comfortable with a wide range of open source tools.\n\n* Excellent written and verbal communication skills.\n\n* You must work well in a team.\n\n* You must be nimble, be able to come up with creative solutions to challenging problems and must have a mature approach to problem solving.\n\n* Attention to detail.\n\n\n\n\n\n\n\nRequirements\n\n\nThe specific skills we require for this position are:\n\n\n* A solid understanding of regular expressions. You need to be able to write expressions on the fly to match and remove only malicious code (which is often polymorphic) without affecting any legitimate code.\n\n* At least 5 years of experience administering LAMP systems.\n\n* Ability to program in PHP and JavaScript. Other languages like Python a strong plus.\n\n* Understanding of SQL and ability to use the MySQL client.\n\n* Experience investigating hacked websites, determining how the intrusion occurred and removing the intrusion and restoring the site to a fully functional state.\n\n* An understanding of all major vulnerability types and the ability to explain them to a customer.\n\n* Ability to analyze web log files and determine how an intrusion occurred.\n\n* Must be able to use Linux shell tools like grep, find and any other utility that can assist with investigation and remediation.\n\n* Experience with WordPress required.\n\n* You must be well versed in information security and any certifications you already have in penetration testing or forensics are a strong plus.\n\n\n\n\nAll positions require a trial period of approximately 2-3 weeks with a minimum commitment of 10 hours per week. You will be paid for this short-term contract, and it will be used to evaluate whether both parties want to pursue an ongoing working relationship.\n\nAll offers are contingent on successful completion of a background check. The results of the background check are considered as they relate to the position and do not automatically disqualify someone from a offer of work with the company.\n\n\n\n\nBenefits\nFull-time telecommuting with a company that has been 100% remote for over 5 years. \n\nDiversity at Defiant\n\nWe value diversity and do not discriminate based on race, color, religion or creed, national origin or ancestry, sex, age, physical or mental disability, military or veteran status, gender identity or expression, marital status, sexual orientation, political ideology, economic status, parental status, or any other non-performance-related status.\n\nHIRING PROCESS\n\nWe have a unique process that we use when it comes to hiring our forensic and remediation team. It works as follows:\n\n* The initial step is to fill in the form provided in this application. This is very important because we look at your answers to this form before we look at any other part of your application. The way you answer our form will largely determine if your application moves on to the next step.\n\n* If approved, we will ask you to answer a set of questions to further measure your aptitude in the required skills as well as your written communication.\n\n* If you perform well on the questions, you will move on to a final phone interview via Skype.\n\n* If you are successful, you will join our fast-paced team and start contributing valuable research to Wordfence and the larger online community. All Security Analyst positions start on a paid 3 week trial contract that is available part-time (at least 15 hours per week) with flexible hours.\n\n


See more jobs at Defiant

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

Loadsmart

 This job is getting a pretty high amount of applications right now (14% of viewers clicked Apply)

closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nWho we are: Loadsmart aims to move more with less. We combine great people and innovative technology to more efficiently move freight throughout North America. Our focus is on designing and building the best tools for our team and our customers, using machine learning algorithms to connect cargo with trucks. By better matching supply and demand, we reduce wasted fuel and lost time, cutting out empty miles for motor carriers and providing instant booking for shippers. \n\nWho you are: You believe in game-changing innovations and are excited about reimaging a 700 billion dollar industry.  You take your impact seriously. You are passionate about building solutions that create sustainable, resilient, long-lasting value. You are a first-rate site reliability engineer, with experience and a proven ability to think about deploying software development projects.\n\nThe role: We are looking for a Security Engineer to work remotely based in Brazil or in Florianopolis with Loadsmart. You need to be obsessed about security, both technical and non technical aspects of it. You should have experience and proven ability to analyze, propose and implement safer systems and processes.\n\nKey Responsibilities:\n\n\n* Take a leadership role in driving internal security projects.\n\n* Do regular risk assessment over important assets of the company.\n\n* Build security plans, coordinate among involved people and execute.\n\n* Do regular security tests and code reviews to look for possible threats.\n\n* Assess security aspects of new architectural proposals.\n\n* Analyze non software security threats.\n\n* Document operational procedures and protocols regarding security. \n\n* Maintain disaster recovery plans and train staff on security procedures.\n\n* Generate security reports whenever needed.\n\n\n\n\n Qualifications:\n\n\n* Proved experience as a security engineer or related\n\n* Advanced Linux and networking experience\n\n* Programming experience with Python and at least one more programming language\n\n* Experience with AWS\n\n* Experience with relational databases (PostgreSQL) or columnar databases (Vertica, Redshift, Greenplum) a plus\n\n* Good communication and project management skills\n\n* BS or MS in Computer Science or related field\n\n\n


See more jobs at Loadsmart

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.

IOVLABS


closed

engineer

This job post is closed and the position is probably filled. Please do not apply.
\nWe are seeking a Security Engineer !\n\nWe’re looking for a person who is passionate, analytical, and hard-working, with an interest in cryptocurrencies and the blockchain ecosystem. \n\nAs part of our IOV Labs Security Team, you will help to research attacks and defense techniques and develop innovative tools to help automate detection and response tasks. You will also work in close collaboration with internal development teams to develop new capabilities to improve the security of web and decentralized applications, its users, and the company's infrastructure. We’re looking for an offensive security engineer who wants to challenge themselves on the defensive side of the table.\n\nMain Responsibilities:\n\n\n* Develop and deploy security tools, monitoring, and detection infrastructure.\n\n* Investigate security incidents.\n\n* Conduct research on attack techniques to better predict and prevent future attacks.\n\n* Interact with internal teams, contribute to the secure design of new products and features.\n\n* Review source code for security weaknesses.\n\n\n\n\nExperience & Skills Required\n\n\n* Significant experience in application and network security.\n\n* Knowledge of Java, Python, Javascript, Go.\n\n\n\n\nOther Desired Skills\n\n\n* Experience with cryptocurrency networks\n\n* Knowledge of C/C++, Rust.\n\n* Experience with virtual and containerized environments\n\n* Experience conducting vulnerability research\n\n* Experience mitigating network attacks\n\n* Experience in incident detection, incident response, and forensics\n\n\n\n\nType\n\n\n* Full time & remote !!\n\n\n\n\n Join our team to be part of the next technological revolution and help us build the Internet of the Future.


See more jobs at IOVLABS

# How do you apply?\n\n This job post is older than 30 days and the position is probably filled. Try applying to jobs posted recently instead.
166ms