- Build security-critical software components directly, and with the assistance of our development teams. We use JS, Go, Python, C++, and Java (among other languages!), and recognize that you may not be an expert in all of these but should have the ability to develop in, and navigate the security pitfalls of software written in at least a few of these languages.
- Work cross-functionally to apply defense-in-depth principles at every layer – you may find yourself working on anti-social engineering training on Monday, writing Terraform (infrastructure-as-code) to harden our cloud deployments on Tuesday, advising our marketing department on OpSec best-practices on Wednesday, reviewing C++ code for security vulnerabilities on Thursday, and writing a remediation to a security vulnerability on Friday.
- Work with our developers to identify and track key patches to libraries and third-party applications to mitigate supply-chain vulnerabilities.
- We believe that security is everyone’s responsibility, and that education is core to scaling our security function. Lead by example by engaging with other developers across the organization to demonstrate secure development principles through hands-on development engagements in our product platform. Help build a culture of security through continual advocacy and knowledge-sharing with your technical and non-technical colleagues.
- Help scale the impact of the security team through implementing DevSecOps practices – work with the development teams to set up automation tooling as part of our secure application development lifecycle, such as static code analysis, fuzzing, composition analysis, and other tools.
- You are a critical member of our internal blue team; Lead tabletop and blue team exercises to help prepare our platform and our teams for potential security threats. process.
- Perform code-review to ensure security- and privacy-by-design practices are followed.
- Make security accessible! Instrument and expose key security metrics from our internal and external environment, and automate key security workflows (for example, through ChatOps) to help make security accessible to your colleagues across the organization, ensure continual proactive monitoring, and to demonstrate the impact of security initiatives to business stakeholders.
- Roll your own cryptography algorithm (kidding!). Ensure we don’t do this, and instead apply cryptography best-practices to maintain secure applications of PKI and hashing across our products, and good secrets management practices in our on-premise and cloud environments.
- Work with Security Analysts on your team to evaluate and identify areas for improvement to mitigate potential upcoming threats and regulatory obligations.
- Work in both an on-premise and cloud-native environment, to harden databases, networking equipment, operating systems, docker containers, Kubernetes clusters, and cloud environments.
- Stay up to date with the latest industry best-practices and security landscape through involvement in security conferences and events (RSA, DefCon, BSides, etc).
- Experience as a software developer is important, as this is primarily a security-focused development position.
- Experience in infrastructure concepts (networking, databases, cloud and on-premise infrastructure)
- Knowledge of privacy regulations (GDPR)
- Working knowledge of security standards such as SOC2, ISO27001/ISO27002, NIST,
- OWASP, SANS, etc.
- Experience working in the financial / FinTech industry is not required, but knowledge of industry-specific threats and the regulatory landscape is an asset.