Who We Are\n\nTonal is the smartest home gym and personal trainer. It has completely revolutionized the way people work out at home, with its sleek design and advanced A.I. technology. Weโve united a diverse team of experts and decades of research to reinvent strength training, making it more efficient, more effective and more engaging.ย \n\nWith this in mind, we want to bring that same innovative approach to the workplace. At Tonal, we continue our shift of emphasis by growing our instrumental team. We collectively weave our knowledge and creativity, as we redefine the future of fitness. We are passionate about building products that transform lives, and building teams that transform the status quo. Together, we can be our strongest.\n\nOverview \n\nThis role is available to be located in San Francisco, Toronto, Los Angeles, Austin, New York, or remote. \n\nAs an AppSec specialist on our DevSecOps team, you will work with multiple software teams to improve our security posture, evolve our practice, and promote the security mindset at all stages of the software lifecycle. Your work will range from minute (identifying code issues, offering guidance on a topic, reviewing new designs) to strategic (shaping the AppSec roadmap, keeping tabs on the ever-changing adversary landscape, and building relationships across the organization). \n\nYou will lead by example and advocate for the security mindset with a balanced approach to risk in everything we do. We are a small team and exclusive specialization is not a luxury we can afford yet. Alongside your AppSec expertise you will contribute as a security and DevOps generalist, including on-call duties. You donโt need to have previous DevOps experience โ but if you have a desire to learn and a โcan-doโ attitude, we will show you how and learn from you in return. At Tonal, DevSecOps are partners and coaches, not gatekeepers. We achieve our goals not by fiat, but by shipping tools that help others out and by showing how what we are asking for ties into the companyโs goals. \n\nWith a startup pace of development and growth, making sure security, operational maturity, and observability are given the appropriate priority can be a challenge; however, contributing to an amazing product that is changing peopleโs lives and growing professionally in a supportive environment that doesnโt get stuck in red tape is the reward.\n\nP.S. If thatโs your thing, we also have ๐ฅ hoodies :)\n\n\nWhat You Will Do\n\nTonal software is written in several languages and runs on a variety of platforms. Early on, you will spend most of your time working on the server-side โbrainsโ of the Tonal platform, written in Golang with a micro-service architecture. Our other stacks include native Android that runs our Tonal experience, and mobile apps across Android and iOS.\n\nYou will perform application architecture security reviews, run threat modeling exercises, and evaluate existing services for compliance in partnership with engineering teams across our tech stacks. To ensure you can keep up with developers, you will โshift AppSec leftโ by selecting, implementing, and operating Software Development Lifecycle (SDLC)-related application security tools. You will keep an eye on critical findings, drive their resolution, and support teams in learning how to use the tools by themselves.\n\nAlongside these tactical responsibilities, you will set aside time to ensure our security efforts are going in the right direction long-term. You will suggest new initiatives that level up our AppSec practices, justify them in context of a security and product roadmap, plan and drive execution from an idea to the launch (โand beyond!โ) You will also evaluate risk across all the software teams and stacks, and advocate allocating time, focus, and resources to areas that need help the most.\n\nAs the AppSec specialist, we expect you to maintain awareness of news and evolving best practices in your field and educate both your team and developers on emerging threats, new ways of doing things, and key AppSec events/announcements (both defensive and offensive) that relate to our work at Tonal.\n\nโStronger togetherโ is our key value. Regardless of your technical achievements, you will only succeed if you can establish and maintain trusting, collaborative working relationships with teams and engineers across Tonal. We never refuse a security question because โitโs not our jobโ, and we have helped people all around the company โ showing we can get stuff done and building trust for the future.\n\nYou will participate in security and operational incident response, including on-call duties. You will also be called upon to help the team with general cybersecurity and DevOps tasks.\n\n\nExtra Credit\n\nIf you found yourself agreeing with our teamโs values and approach to cybersecurity, do not hesitate to apply even if you donโt โcheck all the boxesโ or feel completely comfortable with all of our expectations. Just like our muscles, people get stronger when they are working even a bit outside their comfort zone.\n\nThe following knowledge and skills are not required but would enhance your application:\n- Experience in AppSec for embedded, firmware, or mobile areas of software development\n- Knowledge of languages, patterns, and common issues in internal Single Page Applications (SPAs)\n- Experience with issues specific to containerized distributed/microservice applications\n- Experience with AWS or other public clouds, DevOps, Infrastructure as Code, Kubernetes\n- Experience integrating SDLC tools into CI/CD workflows\n- Experience with all lifecycle stages of SDLC-related AppSec tools\n- Relevant industry certifications\n- Knowledge of security and compliance frameworks and understanding of their implications on AppSec\n\nAt Tonal, we believe that the unique and varied lived experiences of our teammates contribute to our overall strength. We donโt just appreciate differences, we celebrate them, and we always seek people that represent a wide variety of backgrounds. Weโre dedicated to adding new perspectives to the team and designing employee experiences that contribute to your growth as much as you do to ours. If your experience aligns with what weโre looking for (even if you donโt check every single box), send us your application. We would love to hear from you!\n \nTonal is committed to meeting the diverse needs of people with disabilities in a timely manner that is consistent with the principles of independence, dignity, integration and equality of opportunity. Should you have any accommodation requests, please reach out to us via our confidential email,
[email protected]. All requests will be addressed and responded to in accordance with Tonalโs Accessibility Policy and local legislation. \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to DevOps, Mobile, Senior, Android, Golang and Engineer jobs that are similar:\n\n
$65,000 — $120,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐
We hire old (and young)\n\n
\n\n#Location\nAustin, TX