Find a remote job in Software DevPost a job for $299
Are you passionate about transforming government? Would you like to build free and open source tools that enable teams to more easily build and operate secure and compliant services for agency deployment?
CivicActions is seeking a creative and enthusiastic Security/Compliance Engineer to join our growing (security minded) SRE and DevSecOps team. We are a service and user-oriented group, focused on engineering robust software delivery infrastructure, automation, processes, and teams. The things we build will play an integral role in developing and supporting digital services for federal and state government agencies to help them serve the public better.
CivicActions is a dedicated, fun-loving team, looking for some talented folks to help us bring revolutionary digital services to government agencies and the people they serve.
- Gather evidence, artifacts and applicable controls to produce a System Security Plan (SSP) and/or other compliance docs as needed by our client agencies
- Direct the automation of system compliance and authorization for client services (to make your job easier!)
- Train developers, operations and clients in the use and benefits of automated compliance
- Help define and validate a more complete CI/CD pipeline with security baked in
- Write great code and documentation
- Shape systems and outcomes related to our development process and product experience
- Excellent technical writing and communication skills
- Experience managing compliance for GNU/Linux and cloud environments
- Understanding of security principles such as server hardening and least privilege
- Continuous monitoring concepts and alerts management
- Security certification is a plus (e.g., Security+, CCSP, CISSP, ...)
- Willingness and ability to work remotely (e.g., fast and stable net connection, ...)
- Experience with pentesting/scanning tools (e.g., CodeClimate, OpenSCAP, ZAP…)
Sound good so far? Great, keep reading!
CivicActions is a mission-minded company focused on transforming government through modern software practices. We are looking for others like us with a true passion for using technology to make a positive change in our world. We work in cross-functional, agile teams where communication is open and honest. We encourage and support a balanced lifestyle for each of our team members.
Our team is almost entirely distributed (remote) across the US and Canada. For this position, you can normally work from home or find a great co-working space, although occasional on-site visits and working sessions with clients in Sacramento will be necessary. You will need a computer, webcam, strong internet connection and the ability to keep a Monday to Friday schedule because we are a truly collaborative team. Ideally, your timezone will be within the continental United States.
U.S. citizenship is required for this position as will be a security clearance once you join. Occasional travel to client work sites will also be required.
What You Will Do
You will be a member of a six-person Site Reliability Engineering (SRE) team responsible for maintaining and evolving the operational infrastructure for the Let’s Encrypt certificate authority. You will work closely with our application software developers and management to plan and implement the future of the certificate authority, its software applications, and its policies and procedures.
We provide secure and reliable service to more than 150 million websites around the world. We expect this number to grow rapidly. As such it’s a unique opportunity to have an enormous impact on creating a more secure and privacy-respecting Web.
In some organizations, the people responsible for deploying applications are left out of the full application development lifecycle. They are simply handed something at the end and told “make this run reliably, securely, and efficiently” while the infrastructure management role is devalued or taken for granted. That is not how we do things at Let’s Encrypt. SRE is part of the application development lifecycle from start to finish and we heavily invest in enabling and building infrastructure that is reliable, secure, and efficient. SRE is given latitude, time, and resources to do things The Right Way.
Automation is central to everything you and your team will build and maintain. You will automate operations extensively for the sake of security, scalability, correctness, compliance, and financial efficiency. You will make sure that when something does need to be done manually, it can be done in a safe and efficient manner. Our focus on automation means we are particularly interested in candidates with software engineering skills.
Our physical infrastructure includes servers, storage, switches, firewalls, and HSMs deployed across two highly secure data centers. While the majority of our infrastructure runs on our own hardware, we do use external cloud and CDN providers for some peripheral systems.
We use open source software (e.g. Linux, Prometheus, Grafana, SaltStack) extensively and prefer it when it can get the job done. The core CA application software that your team will be responsible for deploying is open source and written by our software development team.
Effective engineers know how to properly prioritize and communicate well. We will be looking for those skills in candidates.
- Two years professional experience as a software developer
- An understanding of why writing tests for software is critical
- A willingness to travel approximately three times per year
- A willingness to be on-call (time split between six people)
- Personal organization ability so that people can depend on you (e.g. task lists, calendar management)
Skills You Will Need to Develop
We write most of our code in Go and Python. You don’t need to know these languages coming in but you will need to learn them.
You will need to develop systems and network administration skills if you haven’t already. This means, for example, learning to manage firewalls and routers, work with automation tools like SaltStack, and manage virtual machines on both physical and cloud infrastructure.
You will need to gain domain-specific knowledge (e.g. PKI) but you don’t need to know it coming in.
Location and Benefits
This is a remote position available anywhere in the United States or Canada.
Benefits include excellent health insurance, a 100% match for 401k contributions, and flexible time off and parental leave policies.
Auth0, a global leader in Identity-as-a-Service (IDaaS), provides thousands of enterprise customers with a Universal Identity Platform for their web, mobile, IoT, and internal applications. Its extensible platform seamlessly authenticates and secures more than 2.5B logins per month, making it loved by developers and trusted by global enterprises. Auth0 has raised more than $110 million to date and continues its global growth at a rapid pace. We are consistently recognized as a great place to work based our outstanding leadership and dedication to company culture, and are looking for the best people to join our incredible team spread across more than 35 countries!
Auth0 gives companies simple, powerful and developer friendly building blocks so they can free up resources to focus on innovation. We strive to be the identity platform of choice for developers and Enterprises. We take our culture very seriously and are looking for people who are drawn to both our mission and our culture.
The Auth0 platform processes thousands of requests per second (2.5 billion logins per month) for customers all around the world - and we're growing very fast! The Site Reliability team aims to improve reliability and uptime in a data-driven way to support our customers' needs.
We are looking for senior software engineers with a good understanding of how systems fail, solid background in software engineering, and a desire to learn about reliability and large-scale systems.
You are a good fit if you...
Have initiative and can "unblock" yourself to get things done.
Tend to deliver work incrementally to get feedback and iterate over solutions.
Can mentor junior people and pair with other teams: education is a very important part of this role.
Like to get your hands dirty by debugging and fixing issues in production.
Understand the real problems by reading between the lines and asking good questions.
Are easy to work with: you communicate well, take feedback in a positive way and are OK not always doing the most glamorous tasks.
Analyze and optimize our core product by developing and implementing reliability and performance practices.
Scale systems sustainably through automation, and evolve systems by pushing for changes that improve reliability and velocity.
Perform Root Cause Analysis of production issues to identify reliability improvements of our services.
Evangelize and advocate for reliability practices across our organization
Collaborate with other Engineering teams to support services before they go live through activities such as system design consulting, developing software platforms and frameworks, capacity planning and launch reviews.
Be on-call for services that the SRE team owns.
Practice sustainable incident response and blameless postmortems.
You have contributed to design applications and systems that scale, are resilient to failure, and are observable.
You are interested in designing, analyzing and troubleshooting large-scale distributed systems.
You have a systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive.
You have a great ability to debug and optimize code and automate routine tasks.
You have a solid background in software development and architecting resilient and reliable applications.
Timezone: we are giving preference to candidates located in GMT-8 to GMT+2.
Experience with Amazon Web Services.
Experience with Node.js or any other application development language.
Experience with MongoDB.
Experience working in a remote friendly, async environment.
(GMT-8); (GMT-7); (GMT-6); (GMT-5); (GMT-4); (GMT-3); (GMT-2); (GMT-1); (GMT); (GMT+1); (GMT+2)
Auth0 is an Equal Employment Opportunity employer. Auth0 conducts all employment-related activities without regard to race, religion, color, national origin, age, sex, marital status, sexual orientation, disability, citizenship status, genetics, or status as a Vietnam-era special disabled and other covered veteran status, or any other characteristic protected by law. Auth0 participates in E-Verify and will confirm work authorization for candidates residing in the United States.
PeopleDoc is on a mission to revolutionize how every HR function provide services to their employees.
Our unique “state of the art” HR Service Delivery platform provides HR teams with the tools they need to provide great services while considerably decreasing the manual work behind the scenes and allowing companies to go paperless in their administration.
The PeopleDoc HR Service Delivery platform helps HR teams more easily answer employee requests on demand, automate employee processes, across multiple locations.
PeopleDoc serves more than 1000 clients with employees in 180 countries in 12 languages with a 100% customer retention rate. PeopleDoc is now a part of Ultimate Software. Ultimate Software is a Leader for Cloud HCM Applications.
More information is available at www.people-doc.com.
Job Description/ Job Summary:
The mission of a SRE at PeopleDoc is to secure, administrate and maintain the production infrastructure as it were a software, you will contribute in building our fault tolerant, highly scalable and low latency services on virtual and bare-metal servers over data centers in different regions of the globe . The profile needed is so a combination of sysadmin knowledge and strong skills in software development. Remote workers are welcome too !
The successful candidate will be required to:
- Design and maintain the cloud infrastructure hosting PeopleDoc services
- Collect and monitor KPIs (availability, response time, time to deploy) and ensure that they meet our SLAs
- Lead the scalability & capacity planning strategy
- Work with other teams to identify, troubleshoot, and resolve high impact issues
- Team player with good communication skills
- Experience in automation tools (Ansible, Salt, Puppet or Chef) and CI/CD principles
- Experience with Cloud services (AWS or Openstack) and its APIs
- Good Linux system administration skills (DNS, RabbitMQ, Redis, HAProxy)
- Experience with one programming language (Python, Java, Go) and Shell scripting
- Good Networking knowledge (TCP/IP, Linux routing and firewall)
At Elastic, we have a simple goal: to pursue the world's data problems with products that delight and inspire. We help people around the world do exceptional things with their data. From stock quotes to Twitter streams, Apache logs to WordPress blogs, our products are extending what's possible with data, delivering on the promise that good things come from connecting the dots. Often, what you can do with our products is only limited by what you can dream up. We believe that diversity drives our vibe. We unite employees across 30+ countries into one unified team, while the broader community spans across over 100 countries. Thanks to our ongoing expansion we have the opportunity to grow our Cloud Application Security team.
We're a part of the Elastic Cloud team with a focus on finding security flaws in complex distributed systems and coming up with creative and approachable solutions that enable developers to ship secure code.
We’re looking for people who are just as passionate about uncovering an obscure security vulnerability as they are about working with developers to ship more secure code. Would you like to focus on building and maintaining Application Security program that will be used throughout the industry?
What you will be doing:
Take shared ownership in driving the creation and implementation of a best-in-class application security program for Elastic Cloud.
Take ownership for the offensive security program, including penetration testing, red team activities, and security research.
Responsible for manual code analysis, proof of concept exploit code development, and deploying automated solutions to do the same.
Be a proponent and champion of a DevSecOps culture and environment for a large team of highly talented developers and engineers
What you bring along:
A history of uncovering, exploiting, and remediating application or system security flaws.
A deep understanding of coding and scripting languages such as Java and Python, Scala, among others and can easily adapt to other languages quickly and efficiently.
Knowledge of and experience with manipulating protocols and libraries in order to compromise the security of a set of systems or code
Previous work as a developer for a large code base and collaboration with engineers and developers
You have hands on experience in both using and securing Linux based systems and containers
You've worked on open source projects before and are familiar with different styles of source control workflow and continuous integration and management (GitHub, Terraform, Ansible, RunDeck, etc).
Catered lunches, snacks, and beverages in most offices
An environment in which you can balance great work with a great life
Passionate people building excellent products
Employees with a wide variety of interests
What you will do:
You'll help Patreon scale the foundation of a platform that helps creators pay rent and enables higher levels of creativity.
You'll establish a standard of high availability and reliability for Patreon's production systems.
You'll influence the direction of our technical roadmap.
Create and administer infrastructure -- cloud services, hosts, monitoring tools -- for highly reliable and scalable web applications and data stores.
Build automated tooling to configure and maintain our systems and services.
Identify and solve issues in our stack.
Work closely with your peers in security and engineering.
Participate in an on-call rotation ~1 week per month.
Projects you might work on:
Leveling up how we approach and handle logging.
Improving our deploy pipeline.
Revamp our approach to alerting.
Working with our security team to improve the security of our infrastructure.
Skills and experience you possess:
You have experience in DevOps or Site Reliability for a company experiencing fast-paced growth.
You are knowledgable in configuration management with a framework such as Ansible, Chef, or Puppet.
You're comfortable with AWS, Linux, and MySQL can operate all of them from the CLI.
You are proficient with a programming language like Python or Ruby, and with shell scripting.
Your documentation, collaboration, and verbal communication skills are excellent.
You are inclined to automate, but can discern when automation isn't the best solution and present alternatives.
You've worked with continuous integration and deployment systems, and have ideas about how to build and improve those systems.
You strongly believe in the importance of security, and enjoy the idea of partnering with the security team to ensure the integrity of our customers' data.
You have productive habits, healthy process awareness, and good teamwork skills and instincts.
NoRedInk is using technology to help millions of students become better writers. We’re seeking mission-driven engineers who like to ship code, tackle hard engineering problems, and fundamentally impact how kids learn.
We’re hiring a site reliability engineer to handle availability and scalability, as well as product development. When students hit our site, you will help make sure there's a site to hit.
You have at least 4 years of professional experience as a software developer or equivalent knowledge
You have professional experience administering Linux servers with configuration management tools
You have experience scaling with large deployments on AWS or bare metal
You have experience supporting production stack for a web application. We use Rails, Redis and MySQL.
You can be your own DBA including setup, optimization and troubleshooting
You are comfortable either working remotely, or commuting to our office in San Francisco
Experience with Docker, microservices and/or security a plus
What are we up to?
To see what our engineering team has been doing lately, check out our blog!
NoRedInk helps millions of students in grades 5-12 become better writers. Our adaptive curriculum guides learners through a continuous process of skill-building, feedback, and revision and delivers actionable performance data to teachers and administrators. Used in over 50% of school districts, we're on a mission to unlock every writer's potential. Here’s a 2-minute pitch we gave on NBC and articles about us in The Washington Post, Wall Street Journal, and Forbes.