Application Security Engineer

Netlify


1 week ago

03/23/2020 10:22:57

Job type: Full-time

Hiring from: US only

greenhouse

Category: Software Development


Company Overview

At Netlify, we're building a platform to empower web developers to build better, more elaborate web projects than ever before. We're aiming to change the landscape of modern web development. Netlify currently serves more than 800,000 developers worldwide.

We recently raised $53M in Series C funding to bring forward the next generation of tooling for a more accessible web. This round was led by the EQT Ventures with participation from existing investors Andreessen Horowitz & Kleiner Perkins. This brings Netlify’s funding raised in total to $98M to date. Other past investors include Bloomberg Beta, Designer Fund, and Tank Hill Ventures, as well as the founders of Figma, GitHub, Slack and Yelp.

Netlify is a diverse group of incredible talent from all over the world. We’re ~40% woman or non-binary, and are composed of about half as many nationalities as we are team members.

About the Position

As a key member of the Security team, you will work with various teams on application, infrastructure, corporate security and everything adjacent. Although you will not be coding every day, a software engineering background is essential to discuss architecture and code reviews with the Engineering team.

Key responsibilities:
  • Continuously conduct security assessments on our internal assets and existing and future products.
  • Build and deploy security automation and tooling to verify and further increase our security posture.
  • Manage our vulnerability management program and work with the relevant teams to prioritize remediation efforts.
  • Build processes to ensure that security is part of our engineering DNA.
  • Manage secure coding training across the teams.
Ideal Candidate
  • Experience in application and infrastructure security, especially in cloud environments.
  • Experience with secure software development lifecycles, from threat modelling to code reviews.
  • Knowledge of container security and orchestration.
  • Experience with several programming languages such as Go, Ruby, and C/C++.
  • A demonstrated ability to empathize, collaborate, and communicate across teams.
  • Ability to work across multiple time zones with remote colleagues.
  • 3 or more years experience working as a full-time application or infrastructure security engineer.
  • BONUS: exposure to compliance audits such as SOC 2, ISO 27001 and PCI.
About Netlify

Of everything we've ever built at Netlify, we are most proud of our team.

We believe that empowered, engaged colleagues do their best work. We’ll be giving you the tools you need to succeed and looking to you for suggestions to improve not just in your daily job, but every aspect of building a company. Whether you work from our main office in San Francisco or you are a remote employee, we’ll be working together a lot—paring, collaborating, debating, and learning. We want you to succeed! About 60% of the company are remote across the globe, the rest are in our HQ in San Francisco.

To learn a bit more about our team and who we are, make sure to visit our about page.

Applying

Not sure you meet 100% of our qualifications? Please apply anyway!

With your application, please include: A thoughtful cover letter explaining why you enjoy the role and why you’d like to work at Netlify. A resume or short listing of job history. (A link to a LinkedIn profile would be fine.)

When we receive your complete application with the items above, we’ll get back to you about the next steps.

Please mention that you come from Remotive when applying for this job.

Help us maintain Remotive! If this link is broken, please just click to report dead link!

similar jobs

  • 2 weeks ago

    ABOUT 

    Form3 is one of the fastest growing FinTech’s in the UK, building the most exciting banking technology company on the planet. Our mission is simple: transform payments technology to enable the global financial community to move money in real-time.  

    THE ROLE  

    We are looking for fully remote Senior Cloud Security Engineer with a passion for cloud, security and software engineering to join us on an exciting journey to build the next phase of the Form3 financial cloud SaaS platform.

    This is an opportunity to work for a tech-first company, making an important and significant contribution to cutting-edge projects that are critical to our success moving forward. As our engineering team is fully remote and distributed across 14+ European countries, every engineer works in the same way, embracing a remote-working culture and the latest tech to create world-class payments technology. 

    TECHNICAL ENVIRONMENT 

    Go, AWS, Kubernetes, TravisCI, Docker, Terraform, Vault, Consul, Linkerd, Redis, Prometheus, Postgres, Elasticsearch, PACT, Github, DevSecOps, TDD, BDD, Pair Programming.  

    ESSENTIAL EXPERIENCE

    • Comfortable programming in multiple languages (ideally in Go, Python, Java, Bash)
    • Building CI/CD pipelines
    • DevSecOps tools and processes
    • Testing, BDD/TDD
    • Knowledge of cloud architecture (ideally AWS)
    • Confident exploiting and mitigating the OWASP top 10
    • Linux security
    • Confident teaching others and promoting a DevSecOps mindset across the business
    • Capable of working on both business logic/application code and architecting, configuring and maintaining platform infrastructure
    • Passionate about learning new things
    • Excellent problem-solving skills
    • Strong communication skills

    DESIRABLE EXPERIENCE

    • Exposure to Terraform, Vault, Docker/Kubernetes
    • Security certified e.g. OSCP/OSCE
    • Penetration testing
    • Been in a security engineering role with hands-on experience implementing technical controls and automation to meet compliance of information security frameworks (ISO27001, ISAE300/SOC2, SOC1, NIST, GDPR and PCI-DSS in particular)

    WHAT HAPPENS NEXT 

    1. Screening call with Talent Team 
    2. Security telephone interview
    3. Take Home Test
    4. Technical interview 

    THE BENEFITS  

    • A great technology stack  
    • Work directly with the founding team in a creative and open environment  
    • The ability to work 100% remotely  
    • 30 days annual leave   
    • Work on building a cloud-native next generation API  
    • Regular paid meetups to London to spend time with our wonderful team  
    • A great working space in central London (close to Tower Bridge) with a rooftop hangout space if you want to use it   

    THE TEAM 

    We are a company that places technology at the core of everything we do. Our senior engineers have been involved since the founding of the company and understand our business better than anyone. We are proud to be building the best team, software and processes and focus on quality without cutting corners. As a 100% remote working team, our engineers and security professionals are based in more than 14 locations across the UK and Europe. We’re a pretty diverse group; some have worked for giant companies, others have worked for startups, but we all love a challenge and being part of a company that helps our customers to make millions of payments. 

    THE CULTURE 

    We care deeply about everything that we do; inclusive working practices and diverse teams are at the heart of our business. Made up of a mixture of banking experts, engineers, artists, marketers, and customer advocates, here at Form3, we strongly believe that everyone has a voice. We have a flexible working environment and see ourselves as one of the best companies for remote working. 

  • SpiderOak (US only)
    1 month ago

    About SpiderOak Engineering

    Our Engineering team is comprised of passionate and creative people who are committed to the premise that complexity is the enemy of security. The problem of security will not be solved by layering on more band-aids, e.g. firewalls, packet inspection, two-factor authentication, etc… these actually add complexity by increasing the attack surface. We take a fundamentally different approach by removing the need to trust your infrastructure or your admins through the combination of

    • Zero-trust systems and applied cryptography
    • Distributed ledger

    Our platform and applications – built on Go – enable our customers to collaborate and communicate securely, and we’re looking for growing the team to help us turn this ambitious vision into reality. Our culture is focused on productivity and creativity, and we’re committed to collaboration with our colleagues across the organization.

    Job Description

    Rather than bore you with a long description, let’s cut to chase: your job is to implement distributed services in Go. Some of the specifications will be already written, but others will require you to design new services in partnership with our Security Architects. Additionally, you will iterate over our current codebase to improve it and fix bugs.

    Experience & Skills

    Simply put: you need prior experience in developing in Go. You also should have a desire to work with remote, distributed teams.

    NOTE: Given the nature of our work, candidates must be US Citizens residing in the United States.

  • 1 month ago

    Security Architect Job Responsibilities and Duties


    Syncro is a small team crafting applications helping small business be more successful. Our software does job tracking, marketing, invoicing, integrates tons of online tools -- and is awesome.

    We're building a company that has fun inventing. We go fast, and our customers love us. Thousands of repair shops and IT Professionals all over the world rely on our platform for their entire business operations.

    We are different - we really do care, the founders are writing this ad and holding interviews.

    We are building a powerful Remote Machine Management (RMM) platform and this space demands the utmost in security. This is where you come in! As a lead in the security team you’d be relied upon to coordinate vulnerability assessments, field incoming reports from bug bounty programs, assist real-time in active attack scenarios, help marry business requirements with state of the art security systems, and more.

    WHAT YOU'LL BE DOING:

    • Perform penetration testing on new and existing application architecture

    • Gather requirements and current standards to overview technology and make recommendations

    • Plan architecture changes and help guide new innovative security programs

    • Keep up-to-date on the latest security standards

    • Document security procedures for hosted environments, remote workers, internal tools, and the production platform.

    • Estimate cost and budget for security updates

    • Oversee technical implementations during security or other IT updates

    • Mitigate damages during a cyber attack and respond to threats quickly

    • Coordinate outside security vendors for vulnerability assessments, audits etc

    HIGHLIGHTS:

    • A salaried position designed to grow with the company(seriously, try us).

    • We want this to be your dream job - but we need your help(tell us how).

    • We will advance your career like nobody else-- stay with us for the long haul and we'll keep you challenged, learning, passionate, and growing.

    • We are currently a dispersed team working from home.

    • We offer comprehensive health, vision, and dental coverage and a 401(k).

    WHAT WE'RE LOOKING FOR:

    • A few years of professional experience working on application security and network security.

    • Ruby on Rails or web development experience is a major plus.

    • No specific education necessary.(really.)

    • Excellent communication skills - verbal, written and electronic.

    • You care-- which means sometimes putting yourself out there for a customer experiencing pain.

    • Ability to multi-task in a fast paced environment.

    • You're kind and wily(in a good way).

    • Bonus: Experience with HIPAA compliance or other similar experience.

    HOW TO GET HIRED BY US:

    Just demonstrate that you are an individual, you have a personality, you enjoy life, and you enjoy good work. And please include a resume. If you have a cover letter that can highlight something you know about our product, the space, and security trends in this space, that would be fun to read!

    Syncro is an equal opportunity employer. We value diversity and are committed to creating an inclusive environment where all employees can thrive and do their best work, free from discrimination and harassment.

    Pay: DOE. Let's Talk.

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!