Our client is a technology company that builds automation and IOT platforms. They’re building new products, offer a lot of freedom and little micro management. They are a flexible and casual environment t shirt/jeans where passionate people thrive! They also have an annual bonus of 10% and pay 100% percent of fully family PPO health benefits and this role is 100% Remote.
Job Description
The Security Engineer to play a key role in maintaining security of our platform and the IOT ecosystem. As part of the core team, you will stay on the cutting edge of security development including but not limited to SDLC/DevOps and code security. The successful candidate will help ensure a first class secure experience by keeping our source-code, solutions and services secured, up to date, and well tested. Strong communication and relationship skills are as important as superb technical skills in this role, the successful candidate will be responsible for policy and process creation, communication and coordination between information security, internal development and engineering teams and external partners, as well as ensuring commonality of purpose and technical approach. This role will work closely with the upstream development community ensuring the security of Open Source software.
Responsibilities
Additional Information:
Kubernetes
Docker
Information Security
Open Source Software
Scrum (Software Development)
Job Description
The Security Engineer to play a key role in maintaining security of our platform and the IOT ecosystem. As part of the core team, you will stay on the cutting edge of security development including but not limited to SDLC/DevOps and code security. The successful candidate will help ensure a first class secure experience by keeping our source-code, solutions and services secured, up to date, and well tested. Strong communication and relationship skills are as important as superb technical skills in this role, the successful candidate will be responsible for policy and process creation, communication and coordination between information security, internal development and engineering teams and external partners, as well as ensuring commonality of purpose and technical approach. This role will work closely with the upstream development community ensuring the security of Open Source software.
Responsibilities
- Worked as a lead in the development of Secure SDLC program and corresponding policy and procedures.
- Ability to create and maintain threats against our code and manage bugcrowd/bug bounty research.
- Familiarity with coordinated disclosure practices
- Familiarity with open source development tools and methodology
- Technically strong knowledge of AWS VPC and EC2 instances with the capacity to learn quickly about new systems and techniques
- Core development background with open source languages (Elixir, Go, Python PHP, Ruby etc)
- Ability to develop automated threat scenarios and use cases to test the confidentiality, integrity and availability of our code and platform. Experience working in a Scrum and lean environment
- Excellent logic, problem-solving, troubleshooting, and decision-making skills
- Ability to clearly and effectively communicate with the team and development community members
- Excellent online communications skills, including IRC, Slack, and other online venues
- Experience with enterprise infrastructure tools such as container (docker/kubernetes), etc
- 5+ years of software engineer/ application security experience
- 2+ years software development experience
- Understand security issues with modern software stacks and cloud platforms
- A strong and demonstrated grasp of one open source programming language (Python, Ruby, GO, Ruby, Elixir etc)
- Experience doing pen testing
- Experience with bug bounty programs
- Experience implementing application security/dev secops best practices for build deploy etc
- A good communicator, able to articulate security requirements as a part of development specs
- Comfortable both working with new code in development and finding vulnerabilities in the current codebase
- Understanding of security frameworks, ISO 27001:2013, SOC 2 Type II, NIST Cloud, etc..
Additional Information:
- 100% paid full family Health/Dental Benefits
- Paid Holidays, Vacations and Sick Leave
- 10% bonus
- 100% Remote
Recommended Skills
Application SecurityKubernetes
Docker
Information Security
Open Source Software
Scrum (Software Development)