This job post is closed and the position is probably filled. Please do not apply. Work for Balena and want to re-open this job? Use the edit link in the email when you posted the job!
๐ค Closed by robot after apply link errored w/ code 404 2 years ago
\nBeing a Head of Security at balena\n\nOur users trust us to provide critical infrastructure for their distributed IoT fleets, and our engineers work hard to protect each of these devices from attacks. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team.\n\nAs a Head of Security, you will learn how our complex interdependent systems are built and run. You will dig deep into diagnostics & debugging surfaces, logs, and reports to identify areas of risk and strategies to minimize vulnerabilities. You will develop and deploy security controls and concepts stretching from cloud- based apps to systems running on embedded devices, and lead initiatives to create new frameworks and roadmaps. You will influence infrastructure and product decisions and, above all, establish and promote a culture of shared responsibility for security.\n\nResponsibilities\n\n\n* Analyze weaknesses and attack patterns, and architect solutions to address them\n\n* Construct a comprehensive threat model that includes a variety of actors and security contexts\n\n* Define standards and streamline workflows for managing incidents, recovery, and vulnerability reports\n\n* Implement, tune, and enhance security auditing, monitoring, and notification systems\n\n* Perform checks to ensure our production pipeline is secure — from developer machines to servers\n\n* Design and review security-related product features, like automated vulnerability scanning and audit logs\n\n* Be a key resource for peers on support, share knowledge and mentor others on best practices\n\n\n\n\nRequirements\n\n\n* Strong technical background in software development, operations and/or information security\n\n* Experience writing high-quality code and debugging production systems\n\n* Working knowledge of Linux operating system internals\n\n* Awareness of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles\n\n* Ability to manage ambiguity, push through friction, and independently make critical trade-off decisions\n\n* Continuous improvement mindset and desire to make yourself and others more effective\n\n* Willingness to constantly build on your knowledge of the platform and new technologies\n\n* Excellent communication skills and fluency in English\n\n\n\n\nBonus points\n\n\n* Proficiency in at least one high-level language (we use Typescript and Javascript)\n\n* Knowledge of state of the art authentication standards such as OIDC\n\n* Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols\n\n* Background in leading teams and working across functions to build secure products\n\n* Experience with IoT, embedded SW, dev tools, or balena as a user/contributor\n\n* Contributions to OSS projects and community involvement\n\n\n\n\nMake sure to let us know if any of these items apply to you! If possible, please also share a sample of your work or examples of projects (URL or attachment). \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to InfoSec and Linux jobs that are similar:\n\n
$75,000 — $120,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
# How do you apply?\n\nThis job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.