[Close] 

Senior Security Engineer

What you'll do: Assist in designing, building, and reviewing security-related services and functionality of web applications, mobile applications, and desktop applications Scope and perform security reviews of web applications, mobile applications, desktop applications, and private and public cloud environments Provide engineers with well-researched security advice to demonstrate vulnerabilities and provide secure development guidance Assist in the triage of vulnerabilities that are found internally, privately or publicly disclosed, or reported through our bug bounty program Produce research and collaborate with our peers in the broader cyber-security industry Constantly question existing security practices and routines, and update, replace, or automate them Some example projects: Building a Rails application for securely sharing secrets Architecting, building, integrating, and deploying a secrets management solution for product infrastructure Designing and implementing SDLC within an agile development workflow Internal pentest of web applications and corresponding infrastructure What we're looking for: 4+ years of experience in Software Engineering, System Administration, or Security Engineering, with at least one of those years in a security-focused role Experience with the following technologies: MVC Web Frameworks (Ruby on Rails, Django, Phoenix) Webservers (Apache, Nginx) Relational Databases (PostgreSQL, MySQL) Cloud Computing (OpenStack, AWS) Knowledge and understanding of security concerns from the low level networking up to Javascript running in a web browser Thorough knowledge of Linux from a user and operator prospective Offensive mindset and the ability to think of and consider abuse and attack paths as well as the defensive mindset to think of recommendations to prevent them Enthusiastic and quick learning of complex systems and open source software Comfortable working with continuous integration/delivery and agile development teams Able to work collaboratively across diverse engineering teams and products to meet organizational security goals Bonus Points: Experience with conducting threat assessments, building threat models, and creating remediation plans based on the results of threat assessments OSCP Certification Networking protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) Experience with the following technologies: Hashicorp Technologies (Consul, Terraform, Vault, Packer) Containers and Container Management (Docker, Kubernetes) In-Memory Caches (Memcache, Redis) Full Text Search (ElasticSearch, Solr) Config Management (Puppet, Ansible, Salt).
Salary Range: NA
Minimum Qualification
5 - 7 years

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.