\nBack Market is the world’s leading refurbished electronics marketplace with a team of 650 people, powering operations in 18 countries (and counting!).\n\n\nNamed one of the World's Most Innovative Companies by Fast Company in 2019 and again in 2021, our mission is simple: empowering people to consume tech sustainably by offering folks a high quality, accessible, and more eco-friendly alternative to buying new electronics. Why? Refurbished tech helps lower our collective environmental impact. We have indeed contributed to avoid the production of more than 1,000,000 tons of CO2e worldwide since our launch in 2014.\n\n\nBe part of an exciting and growing international adventure that will change the way the world consumes tech.\n\n\n\n\nAs a Staff Security Engineer within our CyberSecurity Tribe, safeguarding Back Market's information assets stands as the primary objective. Our SecOps team manages both Security Architecture & Engineering topics, as well as actively monitoring, responding to, and remediating incidents.\n\n\nYour role is pivotal within our organization, offering unparalleled opportunities to shape not only our security architecture and stack but also the security of our products across our web and app environments. By joining our team, you'll be at the forefront of driving innovation in cybersecurity while contributing directly to our mission of promoting sustainability in the tech industry. This is more than just a job—it's a chance to make a lasting impact on the way technology is consumed globally\n\n\n\nAs a domain expert and advocate of cybersecurity best practices you will be :\n* Leading a technical focus on continuous improvement of the company's security posture, ensuring resilience to threats.\n* Strategically guiding and executing large, complex projects, driving technical vision and Security architecture, fostering collaboration, and effectively communicating to impact the entire organization's tech quality and growth.\n* Identifying blockers to organizational efficiency and effectively advocating for remediations.\n* Ensuring focus is on the highest impact, most critical, future-facing decisions.\n* Assisting managers to ensure proper delegation at all levels of the organization, appropriate decision-making, and free flow of information.\n* Sharing time between supporting and advising technical teams, automating and enhancing security controls, improving our security framework, mentoring fellow Security Engineers, and leading the design, build, and operation of modern security solutions that scale.\n* Contributing to monitoring security alerts & events to identify potential threats & incidents, investigating & analyzing security incidents to determine the extent and impact of the breach, collaborating with other teams to gather and analyze threat intelligence & maintaining and enhancing security incident detection and response procedures.\n* Informing and defining the best approaches to address challenges, aligning company goals and objectives with minimal effort expenditure.\n\n\n\nWhat we're looking for : \n* You are a talented and experienced engineer, with at least 10 years experience of securing web services in dynamic cloud environments \n* With proven experience as a Security Engineer / SOC analyst with cross-team influence\n* A strong understanding of cybersecurity principles, techniques, and best practices\n* Acting as a role model for facilitating and balancing product and engineering concerns, including long-term sustainability\n* Demonstrable ability to plan & execute large, complex projects with interdependencies.\n* Collaborating with leaders across the company to get maximum business impact with minimum resources.\n* You believe in the importance of security automation following a secure development lifecycle, with the ability to develop your own scripts and tools to succeed in your mission.\n* Be comfortable conducting Security Requirement Analysis & propose cybersecurity architectures based on the analysis.\n* Threat intelligence and attack patterns expertise\n* Proficient in vulnerability analysis and remediation, with knowledge about setting up and tuning scanners.\n* Understanding of edge protection technologies including WAF, Bot management, rate limiting etc.\n* Familiarity with SIEM tools, network and endpoint security technologies\n* Passion for cybersecurity, hands-on, and eager to contribute code to our in-house modern security technologies.\n* You are curious, rigorous, and enjoy exploring new methods and technologies. \n* Transparency in communications and able to find solutions by partnering with your team when you don't have the answer.\n* You like to share knowledge, and make your colleagues aware of good cybersecurity practices, by supporting your proposals with concrete examples and demonstrations.\n* It would be a plus if your skills are recognized by a certification such as (ISC)² CISSP, CCSP or CSSLP, SANS GCTI, GDSA, CSA CCSK, BTL2 - or you are ready to obtain it in the near future.\n* You want to join a challenging technical environment: GCP, Kubernetes, ArgoCD, Terraform, Datadog, Cloudflare, Google Chronicle, Github, CircleCI etc., where you can spread your influence and help secure our environment.\n* Proficient in several coding languages such as Python, TypeScript, Golang, etc.\n* Great verbal and written communication skills, in English.\n\n\n\n\n\n\nInterview process :\n\n\n* Call with Yann one of our tech talent acquisition specialists\n* Leadership interview with our engineering leadership\n* Technical interview with members of the Cybersecurity team\n* Technical interview : System design & API\n* Team Fit interview with your Manager and one of your future stakeholder\n* Value interview \n\n\n\n\nWHY SHOULD YOU JOIN US ?\n\n\n- A meaningful job: you will help avoid thousands of tons of electronic waste and fight against planned obsolescence. It counts!\n- A meaningful company: we became a mission-driven company in January 2022.\n- Be part of a worldwide growing company based in Europe, the USA and Asia to face great challenges : you will have the freedom to innovate and adopt new ideas!\n- Work alongside passionate experts:  who will share their knowledge and help you develop and grow in your career. \n- Grow your career: with a flexible career path and a dedicated Learning & Development team. Back Market will help you evolve with personalized internal trainings and external handpicked providers from day 1!\n- Leadership Academy by Back Market:“be a coach not a dictator” is at the core of this program ! We train and enable all our leaders to support their team towards achieving goals. Be a manager at Back Market is an unique experience we take by heart.\n- An attractive salary, equity and a host of benefits including : Lunch voucher, health insurance, relocation package, paid time off for activism in your community, parental benefits, flexible hours, etc…\n- One Loving Tribe: you will have the opportunity to work in a fast-paced, open-minded and friendly environment. \n- Be part of one of our Employee Resource Groups createdaround shared identities, common backgrounds and/or special interests crafted to be a safe space and an expressive outlet. \n- Several internal events: The Monday Brief (weekly)/ The Somehands (monthly)/ The All Hands (annual).\n- We’re here to SABOTAGE: It’s our mantra. It keeps us focused on what we aspire to be: a little bit sneaky, always smart, kinda frugal and constantly conspiring to create maximum impact.\n\n\nBack Market is an Equal Opportunity Employer which means we pledge to not discriminate against employees based on race, color, religion, sex, national origin, age, disability or genetic information.. If reasonable accommodations are needed for the interview process, please do not hesitate to discuss this with the Talent Acquisition Team.\n\n\nBack Market is helping to address one of the biggest challenges of our time: climate change. We take this so seriously that we were awarded status as a “Société à Mission”, or company with a social mission, by the French government. We know we can’t tackle a global problem without a globally representative team so we are committed to embedding diversity, equity and inclusion principles in every aspect of our organization. But more importantly, being One Loving & Free Spirited Tribe is in our DNA as it is one of the five foundational values of our company since we got started way back in 2014. We are committed to hiring and supporting diverse teams of people from all backgrounds, experiences, and perspectives. We know our lofty goals cannot be reached unless everyone has a seat at the table along with the resources and opportunity to grow. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Design, Cloud and Engineer jobs that are similar:\n\n $40,000 — $95,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nBarcelona

Thank you for considering GRIMM...\n\nChallenge Development Lead\nThe GRIMM AppSec team works with clients to assess and improve the security posture of applications and systems in partnership with client architects, developers, operators, and leadership. This includes formalized threat modeling, architecture review, source review, and where appropriate binary reverse engineering. Our goal is not to provide a compliance check box, but to actively work with our clients to improve their security, now and in the future. \n\nGRIMM is seeking a senior engineer to lead and support security assessment engagements. This is a customer-facing position; qualified applicants will need to be comfortable engaging with clients on their own to gather and refine requirements, discuss findings, present progress, and also to help establish and expand business relationships with our customers. \n\nAll members of our team are constantly learning about new topics and applying that knowledge to challenging problems.  We all share information and help guide each other as a team, and everyone has opportunity to work independently and direct their own activities.\n\nEducation and Certification\nA degree or comparable work experience is required in the fields of Computer Science, Computer Engineering, or a related discipline.  Degreed or certified candidates will not receive preferential consideration.  If a specific certification is required by a client GRIMM will cover certification costs.\n \nLocation\nThe AppSec team is 100% remote.  Some future (post-pandemic) projects may require travel to customer sites.  Travel will be less than 25%, though opportunities for additional travel may be available if desired.\n\nCompany Description\nGRIMM researches and develops the art of the possible in business modernization and computing technologies through cybersecurity, sensors, tools, analytics, frameworks, modeling and simulation, automated testing, cyber range Installation, Operations, and Maintenance (IOM), consulting, and intelligence. Our practices build on extensive experience in cyber mission support for national defense, and commercial service improvement and consulting. Our engineers and subject matter experts (SMEs) learned their trade from real-world engagements, not just textbooks. \n \nPosition Requirements:\nThe ideal candidate will have at least 5 years of experience in application security. They will need to be able to manage and lead all technical aspects of a client engagement.  A senior engineer must be able to oversee and mentor junior and mid level engineers.  \n\nThey must have a strong technical background in at least 3 of the following fields:\n* Threat Modeling\n* Source code analysis\n* Infrastructure security\n* Security design reviews\n* Web application security\n* Mobile application security\n* Cloud architecture security\n\nDesired Qualities:\nAdditional technical areas of expertise are desired as well such as:\n* Vulnerability analysis\n* Exploit development\n* Capture The Flag development\n* In-depth knowledge of an operating system\n\nOther desired traits include:\n* US Resident\n* Desire and aptitude for public speaking\n* Willingness to go to conferences and represent the company (speaking, running contests/exhibits, etc.)\n \nPerks:\nAbility to work from home, with some travel\nWork with a team of skilled people who think hacking is fun\nTake on a variety of high caliber technical challenges\nStrong benefits package\nMedical/dental/vision insurance premiums paid 100% by the company\n5% company match for 401K plan, no vesting period\n10 paid holidays and flexible vacation policy\n \nGRIMM promotes a Drug-Free Workplace, is an Equal Opportunity Employer (EOE) and an Affirmative Action Employer.\n\nGRIMM researches and develops the art of the possible in business modernization and computing technologies through cybersecurity, sensors, tools, analytics, frameworks, modeling and simulation, automated testing, cyber range Installation, Operations and Maintenance (IOM), consulting, and intelligence. Our practices build on extensive experience in cyber mission support for national defense, and commercial service improvement and consulting. Our engineers and subject matter experts (SMEs) learned their trade from real-world engagements, not just textbooks. \n\nWe promote a Drug-Free Workplace, are an Equal Opportunity Employer (EOE) and Affirmative Action Employer. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Admin, Sys Admin, Executive, Analyst, Cloud, Travel, Mobile, Senior, Junior and Engineer jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n