Role overview:\n\nYou’ll be responsible for the general infrastructure that underlies Gather’s services, from our game servers to our API servers. This encompasses the infrastructure-as-code, tools, configuration, automation, and scripts that build, deploy, and run our many services in cloud environments. In partnership with engineering leadership, you’ll implement security best-practices, guide long-term technology decisions, and build the future of Gather’s infrastructure.\nGather's Tech Stack\n\nGather is simultaneously a modern web app, multiplayer video game, and live video conferencing platform. This means our infrastructure involves several main components, all built in-house:\n\n\n* An HTTP service to serve the site and API\n\n* A game service to handle real-time game state updates\n\n* A video service to power live video chat\n\n\n\n\nGather's Application is currently written in Typescript (frontend/backend). Prior Typescript knowledge is not a requirement for the Infrastructure team.\nFocus areas that we could use a hand with\n\n\n* Security – as Gather grows, we have ever more responsibility to ensure the safety of our systems and customer data. We need an infrastructure engineer who is security-minded. Champion the infosec cause, and build air-tight VPCs.\n\n* Networking – we need a cutting-edge and rock-solid video network. Shave latency and thrill our users…with consistency.\n\n* Canary Environments – we’re constantly deploying, and that requires great care. Build the mechanisms that let us detect problems before they become an incident.\n\n* Multi-cloud Infrastructure – manage, troubleshoot, and deploy to multiple Kubernetes clusters. Spread them across multiple clouds and make sure they’re up through the worst datacenter outages.\n\n\n\nWhat you bring:\n\n\n\n* Software Engineering experience in Systems (OS, Distributed, Networking, etc.), Infrastructure, Security, DevOps, SRE, or related background.\n\n* Deep knowledge of Kubernetes and the networking concepts that it relies upon. Deploying apps is just the beginning — you must be able to troubleshoot when they don’t.\n\n* Have experience implementing secure by-default designs and features in cloud infrastructure endpoints, tooling, and processes.\n\n* Experience implementing metrics and monitoring, sending data to one or more of Prometheus, New Relic, or Datadog.\n\n* Programming experience with one or more of Golang, Python, or NodeJS, and the ability to write applications that communicate with APIs like Kubernetes and AWS.\n\n* Linux operational expertise: know the ins and outs of Bash scripting and how to keep a system healthy.\n\n* Experience writing and maintaining Terraform stacks.\n\n* A love for learning and growing yourself and the team around you.\n\n* Strong collaboration and communication skills.\n\n* Excitement for a fast-paced, high-growth environment.\n\n* Passion for Gather and our mission to build a metaverse for all.\n\n\n\nNice to Haves:\n\n\n* Experience interpreting and implementing the requirements of a SOC2, GDPR, or ISO compliance program.\n\n* 1+ years' experience developing and implementing automation and security controls on AWS.\n\n* You compile Linux kernels not because you have to, but because you want to.\n\n* Understanding of the pros and cons of different release processes, and how to apply Git and other tools to achieve them.\n\n\n\nUS Salary Range\n\nAt Gather, compensation may vary outside of this range depending on a number of factors, including a candidate’s qualifications, skills, competencies and experience, and location. The base salary range for this position in the selected city is $164,000 - $220,375 annually and we encourage candidates outside of this salary range to apply.\n\nBase pay is one part of the total package that is provided to compensate and recognize employees for their work, and this role may be eligible for a stock reward program.\nBenefits\n\n\n\n* Work remotely out of a state-of-the-art virtual office!\n\n* Competitive compensation, benefits, and meaningful equity\n\n* Comprehensive medical, dental, and vision insurance for employees and their dependents\n\n* 401k and matching program\n\n* Generous PTO policy and mental health days to recharge\n\n* Meal stipend twice a week to keep you nourished\n\n* Remote work, education, and health & wellness stipend\n\n* Support for family planning & gender-affirmation\n\n* The opportunity to join a passionate team in building something that actually makes peoples' lives better, every single day\n\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Video, Cloud, Git, Typescript, API, Engineer and Linux jobs that are similar:\n\n $50,000 — $110,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nSan Francisco, California, United States

\nAbout the Role\n\nInfrastructure Engineering is responsible for building and operating the Menlo infrastructure platform. Together we enable our customers to connect to the internet without compromise. Our environment spans 40+ data centers and provides internet services globally. We expect failure, build security in by design, create evolvable systems and enable multi-tenancy across the infrastructure. Automation is an absolute.\n\nWe are committed to getting it done properly the first time.\n\nRequirements\n\n\n* Experience building and running a high-transactional, 24x7 production environment\n\n* Experience with cloud services; multiple data centers and public cloud (namely AWS)\n\n* Sound knowledge and experience with general systems engineering\n\n* Experience with Linux and Linux kernel internals; configuration and tuning\n\n* Experience with systems configuration management and CI automation\n\n* Experience with networking, load balancing, caching, compression, application fire-walling, smtp, proxy, SSL termination, systems and application security\n\nBS/BA or relevant experience preferred\n\n\n\n\nMSGL-I4 \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Cloud, Engineer and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nBracknell, England, United Kingdom

\nSemanticBits is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.\n\nThe selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.\n\nResponsibilities:\n\n\n* Collaborating with various teams to secure new platforms/applications\n\n* Implementing platform security and framework improvements\n\n* Implementing analysis and monitoring tools\n\n* Working with engineering and QA teams to build tools and scale security in a continuous deployment environment\n\n* Assessing the security of applications, APIs, and platforms via penetration testing and code reviews\n\n* Document System Security plan and Contingency Plans for related projects\n\n\n\n\nRequired Qualifications:\n\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience\n\n* At least 5 years of experience in the following;\n\n\n\n* NIST 800-53 security controls\n\n* Penetration Testing\n\n* System Hardening (blue team)\n\n* Programming/Scripting (java, node, python, etc)\n\n* Incident Response\n\n\n\n* Strong knowledge to perform below tests:\n\n\n\n* Penetration testing\n\n\n\n* Static Analysis/Static Application Security Testing\n\n* Vulnerability Assessment/Scanning\n\n* Dynamic Analysis/Dynamic Application Security Test (DAST)\n\n* Malicious Software Analysis\n\n\n\n\n\n* Strong foundation in one or more of the following:\n\n\n\n* Data management security\n\n* Authentication\n\n* Applied cryptography\n\n* Linux security\n\n* Network & Cloud security\n\n\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardware\n\n* Understanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n\n\n\nOne or more of the following certifications is preferred;\n\nOSCP, OSCE, OSWE, CISSP, GPEN, GXPN \n\nNice to Have: \n\n\n* Strong engineering background \n\n* Application architecture experience \n\n* Experience working in the healthcare industry\n\n* Federal Government contracting work experience\n\n* Prior experience working remotely full-time\n\n\n\n\nPhysical and emotional requirements for the job:\n\nThis position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations. \n\n\n\n\n\nBenefits:\n\n\n* Generous base salary\n\n* Three weeks of PTO\n\n* Excellent health benefits program (Medical, dental and vision)\n\n* 401k retirement plan. We contribute 3% of base salary irrespective of employee's contribution\n\n* 100% paid short-term and long-term disability\n\n* 100% paid life insurance\n\n* FSA\n\n* Casual working environment\n\n* Flexible office hours\n\n* New laptop (Mac or PC - your choice)\n\n\n\n\nSemanticBits, LLC is an equal opportunity, affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristic protected by law. We are also a veteran-friendly employer. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Cloud, Mobile and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

SemanticBits is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.\n\nThe selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.\n\nResponsibilities:\n\n\n\n* Collaborating with various teams to secure new platforms/applications\n\n* Implementing platform security and framework improvements\n\n* Implementing analysis and monitoring tools\n\n* Working with engineering and QA teams to build tools and scale security in a continuous deployment environment\n\n* Assessing the security of applications, APIs, and platforms via penetration testing and code reviews\n\n* Document System Security plan and Contingency Plans for related projects\n\n\n\n\nRequired Qualifications:\n\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience\n\n* At least 5 years of experience in the following: NIST 800-53 security controls, Penetration Testing, System Hardening (blue team), Programming/Scripting (java, node, python, etc), Incident Response\n\n* Strong knowledge to perform the following penetration testing: Static Analysis/Static Application Security Testing, Vulnerability Assessment/Scanning, Dynamic Analysis/Dynamic Application Security Test (DAST), Malicious Software Analysis\n\n* Strong foundation in one or more of the following: Data management security, Authentication, Applied cryptography, Linux security, Network & Cloud security\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardwareUnderstanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n\n\n\nOne or more of the following certifications is preferred;OSCP, OSCE, OSWE, CISSP, GPEN, GXPN \n\nNice to Haves:\n\n\n\n* Strong engineering background \n\n* Application architecture experience \n\n* Experience working in the healthcare industry\n\n* Federal Government contracting work experience\n\n* Prior experience working remotely full-time\n\n\n\n\nPhysical and emotional requirements for the job:\n\nThis position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Cloud, Mobile and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nCertica seeks an experienced and energetic engineering professional to take Certica’s DevSecOps practices to the next level by driving the secure provisioning, automation and monitoring of Certica’s infrastructure and applications. The DevSecOps Engineer will work collaboratively with other members of the product team to deliver world-class analytic, assessment and data management solutions.  This role will provide important expertise and knowledge by researching new and upcoming technologies while partnering with other teams to achieve our business goals. This role will blend the considerations of best practices of DevOps with SecOps considerations while working in an agile software environment.   \n\nThis is a very exciting full-time position with generous benefits and flexible work arrangements and a great time to join a market leading company that is expanding its operations. This position will be located at either our Austin, TX or Cincinnati, OH locations.\n\nEssential Tasks & Responsibilities:\n\n\n* Implement and maintain the secure infrastructure needed for Continuous Integration and Continuous Delivery practices in our products and manage the environments involved;\n\n* Create a highly robust and secure infrastructure for the automation of the build, deployment, test, monitoring and reporting of operations of our software products;\n\n* Ensure our environments are secure, cost-effective, scalable, responsive, and limit single points of failure;\n\n* Work in an agile software development environment with distributed teams using Scrum;\n\n* Drive and implement security reviews, vulnerability assessments and the resolution of identified vulnerabilities;\n\n* Participate in defining and implementing incident management processes and technologies;\n\n* Research new and upcoming technologies/tools that help us achieve our business goals; and\n\n* Successfully collaborate with other teams, such as development, product management, and quality assurance.\n\n\n\n\nSkills & Professional Experience:\n\n\n* 3+ years extensive professional experience with multiple scripting technologies (PowerShell, Bash, Python, etc.);\n\n* 3+ years of daily hands on production level management using cloud technologies (AWS, Azure) to deploy infrastructure, databases and software in a secure and scalable fashion;\n\n* 3+ years strong experience of any industry leading build, deployment, and configuration system(s); Team City and Octopus preferred but not required;\n\n* Experience leading and implementing security best practices across infrastructure and DevSecOps pipelines;\n\n* Demonstrated ability to design and implement the DevSecOps pipeline as we scale;\n\n* 3+ years of database experience (SQL Server, MySQL, etc.), including configuration, deployment, and query writing and execution;\n\n* Comfortable with Windows and Linux and working with servers from the command line;\n\n* Experience configuring and managing Active Directory;\n\n* Ability to quickly become a contributor working independently and as part of a local or remote team;\n\n* Strong communication, analytical, entrepreneur skills with pride in personal contributions and passion to learn and grow their professional skills/experience;\n\n* BA/BS Degree in Computer Science or related software engineering experience; and\n\n* Appropriate certifications are a plus (CISSP, etc.)\n\n\n\n\nAbout Certica Solutions    www.CerticaSolutions.com\n\nCertica is dedicated to advancing academic progress and equity in education through measurable improvements in student achievement. Certica’s analytic, assessment and data management solutions provide a foundation for standards-based learning and assessment, as well as teacher data literacy. Certica serves more than 1,500 K-12 school districts and numerous charter school organizations, and educational service agencies. Certica is based in Wakefield, Massachusetts, with offices in Harvard, North Carolina, Ohio, South Carolina and Texas. Follow Certica on Twitter @Certica_K12. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Ops, DevOps, Education, Cloud and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nCertica seeks an experienced and energetic engineering professional to take Certica’s DevSecOps practices to the next level by driving the secure provisioning, automation and monitoring of Certica’s infrastructure and applications. The DevSecOps Engineer will work collaboratively with other members of the product team to deliver world-class analytic, assessment and data management solutions.  This role will provide important expertise and knowledge by researching new and upcoming technologies while partnering with other teams to achieve our business goals. This role will blend the considerations of best practices of DevOps with SecOps considerations while working in an agile software environment.   \n\nThis is a very exciting full-time position with generous benefits and flexible work arrangements and a great time to join a market leading company that is expanding its operations. This position will be located at either our Austin, TX or Cincinnati, OH locations.\n\n Essential Tasks & Responsibilities:\n\n\n* Implement and maintain the secure infrastructure needed for Continuous Integration and Continuous Delivery practices in our products and manage the environments involved;\n\n* Create a highly robust and secure infrastructure for the automation of the build, deployment, test, monitoring and reporting of operations of our software products;\n\n* Ensure our environments are secure, cost-effective, scalable, responsive, and limit single points of failure;\n\n* Work in an agile software development environment with distributed teams using Scrum;\n\n* Drive and implement security reviews, vulnerability assessments and the resolution of identified vulnerabilities;\n\n* Participate in defining and implementing incident management processes and technologies;\n\n* Research new and upcoming technologies/tools that help us achieve our business goals; and\n\n* Successfully collaborate with other teams, such as development, product management, and quality assurance.\n\n\n\n\nSkills & Professional Experience:\n\n\n* 3+ years extensive professional experience with multiple scripting technologies (PowerShell, Bash, Python, etc.);\n\n* 3+ years of daily hands on production level management using cloud technologies (AWS, Azure) to deploy infrastructure, databases and software in a secure and scalable fashion;\n\n* 3+ years strong experience of any industry leading build, deployment, and configuration system(s); Team City and Octopus preferred but not required;\n\n* Experience leading and implementing security best practices across infrastructure and DevSecOps pipelines;\n\n* Demonstrated ability to design and implement the DevSecOps pipeline as we scale;\n\n* 3+ years of database experience (SQL Server, MySQL, etc.), including configuration, deployment, and query writing and execution;\n\n* Comfortable with Windows and Linux and working with servers from the command line;\n\n* Experience configuring and managing Active Directory;\n\n* Ability to quickly become a contributor working independently and as part of a local or remote team;\n\n* Strong communication, analytical, entrepreneur skills with pride in personal contributions and passion to learn and grow their professional skills/experience;\n\n* BA/BS Degree in Computer Science or related software engineering experience; and\n\n* Appropriate certifications are a plus (CISSP, etc.)\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Ops, DevOps, Cloud and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nSemanticBits is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.\n\nThe selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.\n\nResponsibilities\n\n\n* Collaborating with various teams to secure new platforms/applications\n\n* Implementing platform security and framework improvements\n\n* Implementing analysis and monitoring tools\n\n* Working with engineering and QA teams to build tools and scale security in a continuous deployment environment\n\n* Assessing the security of applications, APIs, and platforms via penetration testing and code reviews\n\n* Document System Security plan and Contingency Plans for related projects\n\n\n\n\nRequirements\n\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience\n\n* At least 5 years of experience in the following;\n\n\n\n* NIST 800-53 security controls\n\n* Penetration Testing\n\n* System Hardening (blue team)\n\n* Programming/Scripting (java, node, python, etc)\n\n* Incident Response\n\n\n\n* Strong knowledge to perform below tests:\n\n\n\n* Penetration testing\n\n\n\n* Static Analysis/Static Application Security Testing\n\n* Vulnerability Assessment/Scanning\n\n* Dynamic Analysis/Dynamic Application Security Test (DAST)\n\n* Malicious Software Analysis\n\n\n\n\n\n* Strong foundation in one or more of the following:\n\n\n\n* Data management security\n\n* Authentication\n\n* Applied cryptography\n\n* Linux security\n\n* Network & Cloud security\n\n\n\n* Strong engineering background preferred\n\n* Application architecture experience preferred\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardware\n\n* Understanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as OWASP ZAP and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n\n\n\nOne or more of the following certifications is preferred;\n\nOSCP, OSCE, OSWE, CISSP, GPEN, GXPN  \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Cloud, Mobile and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nMission\n\nTo reinforce our commitment to customers’ privacy and security, for its PaaS solution, Platform.sh is looking for a Security & Compliance Engineer with a taste for Python and Go, excellent Linux system understanding, outstanding written English skills, experience working on PCI and/or SOC compliance, and a real hunger for the challenges of building compliant distributed systems. If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.\n\nThis position is well suited for engineers wanting to transition into a heavy security and compliance role. We are targeting developers/sys admins that like writing documentation and can function in a high performing, multithreaded environment.\n\nSecurity, privacy, and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red-tape and constraints to a well-oiled machine where everything is automated and where every constraint becomes a feature making the product better.\n\nDirectly reporting to our Data Protection Officer (VP), and in close interaction with our Chief Product Officer, CTO, VP of Infrastructure, and our Engineering and Customer Support teams.\n\nIn a given day you might be:\n\n\n* Acting as a technical liaison between the Security & Compliance department and our product, engineering, and operations staff.\n\n* Creating documentation and processes in English to help satisfy compliance requirements.\n\n* Evaluating, deploying, and creating, systems and tools that will enhance our support and operations efficiency.\n\n* Supporting our data protection officer and compliance team with information requests, pen testing, disaster recovery, and related activities.\n\n* Executing our security incident management process.\n\n* Working with appropriate teams to deploy and operate security tools and solutions.\n\n* Ensuring all systems, security applications, and services in environment are securely configured and managed through operating system appropriate security platforms and tools.\n\n* Ensuring optimal operation of all security solutions and tools.\n\n\n\n\nQualifications:\n\nMinimum Qualifications\n\n\n* Excellent written English skills (as in, you could have been a tech writer or commercial author in another life)\n\n* Experience with Linux (preferably Debian-based)\n\n* Familiar with markdown\n\n* Experience implementing PCI, SOC, or related\n\n* Operate largely independently (go take that hill) with management support\n\n* Juggle several requests at the same time\n\n* Proven successful experience in an operations role\n\n* Exposure to cloud services (AWS in particular)\n\n* Understands how an OS works, knows networking, how git works, and the constraints of a distributed system\n\n* Proficient in Python\n\n* Has an understanding of\n\n\n\n* Patch and Vulnerability Management process\n\n* Principle of Least Privilege\n\n* Incident response\n\n* Identity and Access Management\n\n* IPTABLES\n\n* WAFs\n\n\n\n\n\n\nPreferred Qualifications\n\n\n* Experience with containerization technologies (LXC/LXD, Docker)\n\n* Experience with vendor management\n\n* Experience with Puppet and Golang\n\n* Demonstrated the ability to successfully manage cloud-based infrastructure for a fast growing organization\n\n* Knowledge of Magento Ecommerce, Symfony, Drupal, eZ Platform, or Typo3\n\n* Relational database skills\n\n* Public speaking experience\n\n* Ability to speak French or German a plus\n\n* Ability to kick ass in Chess or beat Zork without using a map\n\n* CISSP, CISM, Security+, GCED, GICSP, GCIH, SSCP, or CASP Certification or similar will get you moved to the top of the queue\n\n* CIPM/E, CIPP/E, CIPM/E certification or similar will get you moved to the top of the queue\n\n* Can bravely take on new challenges like a Gryffindor, analyzes problems like Ravenclaw, protects our infrastructure and client data like a Slytherin, and talks with clients like a Hufflepuff.\n\n\n\n\nSound Like a Good Fit? We’d love to talk to you!  \n\n* This is a remote job.  \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, English, Cloud, Git, Python and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nThis is a full-time, permanent, remote position.\n\nWhat we need\n\nTo reinforce our commitment to customers’ privacy, we are looking to grow our security & compliance team. If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.\n\nFor its PaaS solution, https://platform.sh is looking for a Security & Compliance Engineer with a taste for Python and Go, great Linux system understanding, outstanding written English skills, experience working on PCI and/or SOC compliance, and a real hunger for the challenges of building compliant distributed systems.\n\nThis position is unique and well suited for engineers wanting to transition into a heavy security and compliance role. We are targeting developers/sysadmins that like writing documentation.  Initially, this high-visibility position will be non-coding while we overcome a bubble of compliance activities (and get the candidate on-boarded). After a few months, this role will grow into a part-time SecOps engineering position based upon the skill set and interests of candidate.  \n\n\nSecurity, privacy and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red-tape and constraints to a well-oiled machine where everything is automated, where every constraint becomes a feature making the product better.\n\nThe ideal candidate will work Western Europe Afternoon & USA-friendly hours, ideally residing in the Americas or Western Europe.\n\n\nDirectly reporting to our Data Protection Officer (VP), and in close interaction with our Chief Product Officer, CTO, VP of Infrastructure, and our Engineering and Customer Support teams, you will be responsible for:\n\n\n* Acting as a technical liaison between our compliance department and our product, engineering, and operations staff\n\n* Creating documentation and processes in English to help satisfy compliance requirements\n\n* Evaluating, deploying, and possibly creating, systems and tools that will enhance our support and operations efficiency\n\n* Supporting our data protection officer and compliance team with information requests, pen testing, disaster recovery, and related activities\n\n* Executing our security incident management process\n\n* Working with appropriate teams to deploy and operate security tools and solutions\n\n* Ensuring all systems, security applications, and services in environment are securely configured and managed through operating system appropriate security platforms and tools\n\n* Ensuring optimal operation of all security solutions and tools\n\n* Automating all the above, so we can instead drink margaritas (or non-alcoholic beverages, of course)\n\n\n\n\n\nThe ideal candidate:\n\nMust meet these requirements:\n\n\n* works Western Europe and USA-friendly hours\n\n* has excellent written English skills (as in, you could have been a tech writer or commercial author in another life)\n\n* has proven experience with Linux (preferably Debian-based)\n\n* knows markdown\n\n* has experience implementing PCI, SOC, or related\n\n* can operate largely independently (“go take that hill”) with management support\n\n* has proven successful experience in an operations role\n\n* has had good exposure to cloud services (AWS, Azure, & GCP in particular)\n\n* understands how an OS works, knows networking, how git works, and the constraints of a distributed system\n\n* is proficient in Python or GoLang\n\n* Has an understanding of\n\n\n\n* Patch and Vulnerability Management process\n\n* Principle of Least Privilege\n\n* Incident response\n\n* Identity and Access Management\n\n* IPTABLES\n\n* WAFs\n\n\n\n\n\n\n\nNice to have :\n\n\n* resides in the Americas\n\n* has experience with containerization technologies (LXC/LXD, Docker)\n\n* Has experience with vendor management\n\n* Has experience with Puppet\n\n* has demonstrated the ability to successfully manage cloud-based infrastructure for a fast growing organization\n\n* knowledge of Magento Ecommerce, Symfony, Drupal, eZ Platform, or Typo3\n\n* Has experience with Drupal\n\n* Has experience with Rust\n\n* relational database skills\n\n* public speaking experience\n\n* ability to speak French or German a plus\n\n* ability to kick ass in Chess or beat Zork without using a map\n\n* CISSP, CISM, Security+, GCED, GICSP, GCIH, SSCP, or CASP Certification or similar will get you moved to the top of the queue and is highly desirable\n\n* CIPM/E, CIPP/E, CIPM/E certification or similar will get you moved to the top of the queue\n\n* Can bravely take on new challenges like a Gryffindor, analyzes problems like Ravenclaw, protects our infrastructure and client data like a Slytherin, and talks with clients like a Hufflepuff.\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, English, Cloud, Git, Python and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

To reinforce our commitment to customers’ privacy, we are looking to grow our compliance team. If you’re looking for an exciting, high-growth opportunity with an award-winning, cutting-edge company, this could be the job for you.\n\nFor its PaaS solution, https://platform.sh is looking for a Security & Compliance Engineer with a taste for Python and Go, great Linux system understanding, outstanding written English skills, experience working on PCI and/or SOC compliance, and a real hunger for the challenges of building compliant distributed systems.\n\nThis position is unique and well suited for engineers wanting to transition into a heavy security and compliance role. We are targeting developers/sysadmins that like writing documentation. Initially, this high-visibility position will be non-coding while we overcome a bubble of compliance activities. In the future this role may convert over to a SecOps engineering position depending upon the desire of the candidate. \n\nSecurity, privacy and compliance controls are at the heart of what we do as our mission is to simplify the cloud. The job is to transform what is often regarded as red-tape and constraints to a well-oiled machine where everything is automated, where every constraint becomes a feature making the product better.\n\nThe ideal candidate will work USA-friendly hours (and ideally resides in the Americas). \n\nAbout Platform.sh \n\nPlatform.sh is an idea-to-cloud application platform that simplifies cloud infrastructures.\n\nWe give developers the tools they need to experiment, innovate, get rapid feedback and deliver better-quality features with speed and confidence thanks to our unique rapid cloning technology.\n\nPlatform.sh serves thousands of customers worldwide including The Financial Times, Gap, Magento Commerce, Orange, Hachette, Ikea, Stanford University, Harvard University, The British Council, and Lufthansa.\n\nWe want people who are passionate, open, multicultural, friendly, humble and smart to join us and help this fast-growing, award-winning company to revolutionize the tech industry.\n\n\n\n# Responsibilities\n Directly reporting to our Security, Compliance and Data Protection Officer (VP), and in close interaction with our Chief Product Officer, CTO, VP of Infrastructure, and our Engineering and Customer Support teams, you will be responsible for:\n\n- acting as a technical liaison between our compliance department and our product, engineering, and operations staff\n- creating documentation and processes in English to help satisfy compliance requirements\n- evaluating, deploying, and possibly creating, systems and tools that will enhance our support and operations efficiency\n- supporting our data protection officer and compliance team with information requests, pen testing, disaster recovery, and related activities\n- executing our security incident management process\n- working with appropriate teams to deploy and operate security tools and solutions\n- ensuring all systems, security applications, and services in environment are securely configured and managed through operating system appropriate security platforms and tools\n- ensuring optimal operation of all security solutions and tools\n- automating all the above, so we can instead drink margaritas (or non-alcoholic beverages, of course) \n\n# Requirements\nThe ideal candidate must have:\n\n- works USA-friendly hours\n- has excellent written English skills (as in, you could have been a tech writer or commercial author in another life)\n- has proven experience with Linux (preferably Debian-based)\n- knows markdown\n- has experience implementing PCI, SOC, or related\n- can operate largely independently (go take that hill) with management support\n- has proven successful experience in an operations role\n- has had good exposure to cloud services (AWS in particular)\n- understands how an OS works, knows networking, how git works, and the constraints of a distributed system\n- is proficient in Python\n- has an understanding of\n .. Patch and Vulnerability Management process\n .. Principle of Least Privilege\n .. Incident response\n .. Identity and Access Management\n .. IPTABLES\n .. WAFs\n \n\nNice to have :\n\n- resides in the Americas\n- has experience with containerization technologies (LXC/LXD, Docker)\n- has experience with vendor management\n- has experience with Puppet\n- has demonstrated the ability to successfully manage cloud-based infrastructure for a fast growing organization\n- knowledge of Magento Ecommerce, Symfony, Drupal, eZ Platform, or Typo3\n- has experience with Golang\n- relational database skills\n- public speaking experience\n- ability to speak French or German a plus\n- ability to kick ass in Chess or beat Zork without using a map\nCISSP, CISM, Security+, GCED, GICSP, GCIH, SSCP, or CASP Certification or similar will get you moved to the top of the queue\n- CIPM/E, CIPP/E, CIPM/E certification or similar will get you moved to the top of the queue\n- can bravely take on new challenges like a Gryffindor, analyzes problems like Ravenclaw, protects our infrastructure and client data like a Slytherin, and talks with clients like a Hufflepuff. \n\nPlease mention the words **SHINE PATH PURSE** when applying to show you read the job post completely (#RMjE2LjczLjIxNi4xMQ==). This is a feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Linux, English, Cloud and Python jobs that are similar:\n\n $75,000 — $120,000/year\n

\nAuth0 gives companies simple, powerful and developer friendly building blocks so they can free up resources to focus on innovation. We strive to be the identity platform of choice of developers and Enterprises. We take our culture very seriously and are looking for people who are drawn to both our mission and our culture.\n\nWe are a security company and Auth0's Security Team is in the privilege position of supporting a security first culture for a company that wants to make the internet safer.\n\nThe Cloud Security team builds, owns and maintains the critical security infrastructure that provides visibility into Auth0’s production operations. We are looking for a security engineer with a passion for solving security problems and building tools to drive automation. This is an exciting time to join Auth0 as we are growing quickly and this role is an opportunity to drive the expansion of our Cloud Security team.\n\nResponsibilities:\n\n\n* Provide team leadership and own the delivery of security engineering projects\n\n* Design, build and maintain the systems that help keep Auth0 secure\n\n* Demonstrate the effectiveness and coverage of these systems\n\n* Develop tools to test, monitor and enforce security policy\n\n* Automate security process to reduce as much manual process as possible\n\n* Own and improve our security monitoring pipeline\n\n* Participate in the on-call rotation to support the infrastructure and respond to security events\n\n\n\n\nRequirements:\n\n\n* Experience working as a Security Engineer and delivering engineering projects\n\n* Experience administering and securing AWS\n\n* Strong Linux experience\n\n* Proficiency in at least one programming language (e.g. Python, Node, Go etc.)\n\n* Experience with log collection and storage (e.g. ELK/EFK stacks, Sumo Logic etc)\n\n* Strong written and verbal communication skills\n\n* Comfort working in a globally distributed environment with a remote workforce\n\n\n\n\nExtra Points:\n\n\n* A passion for infrastructure as code and have used tools such as Terraform and CloudFormation\n\n* Experience running a vulnerability management programme\n\n* You have used configuration management tools (e.g. Salt Stack, Ansible, Puppet, etc)\n\n* You write readable, maintainable code and have experience managing source code with git\n\n\n\n\nExamples of our Engineering Culture:\n\n\n* https://auth0.engineering/\n\n* https://auth0.engineering/cloud-security-monitoring-at-auth0-part-ii-b106354a0e5d\n\n* https://auth0.engineering/detecting-secrets-in-source-code-bd63b0fe4921\n\n\n\n\nAuth0 values diversity and inclusion and is an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Auth0 participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Executive, Cloud and Linux jobs that are similar:\n\n $80,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

Blockstack is a new internet for decentralized apps. With Blockstack, you own your data and maintain your privacy, security and freedom. Blockstack is open source project and a public benefit corporation. [Learn more](https://blockstack.org).\n\nBlockstack is looking for a passionate and collaborative DevOps Engineer to help develop rigorous testing suites to guarantee the safety of a soon-to-be launched cryptocurrency and blockchain. This person will work on implementing securely tested solutions, and interface with our dev team and back end engineers on product builds and feature implementation. This role will span testing and security, software development and upgrades, improvements to our Developer API, and community support. \n\nOur engineering team builds software using JavaScript/ES6, React, Redux, Swift, and Objective-C on the frontend and Python, bash, and Bitcoin Core on the backend.\n\nThings You'll Work On:\n- Manage distribution of Blockstack software upgrades for developers and everyday users\n- Keep our users happy by managing Blockstack browser availability, scalability, and performance \n- Build tools for faster deployment schedules \n- Instate monitoring protocols and fail-over measures \n- Implement continuous testing practices to ensure the security and performance goals of Blockstack are met across backend services, blockchain infrastructure, and our frontend user clients\n- Deliver on rapid implementation schedules (without compromising on smart development goals and principles) to build web functionality that is functional, fast, and scalable\n\nQualifications\nYou are have worked in a large, highly available systems environment before, as well as an agile start-up. You are familiar with strategizing and improving for system security and availability. Your strengths lie in backend development, but can work across the full-stack when needed. \n\nKPIs\n- Increased uptime of Blockstack software \n- Delivery of long term, securely tested software \n- Work to improve our failure processes, alerting, and emergency response times \n- Support our community developers to increase number and usability of Blockstack Apps \n\nSkills \n- Experience developing with python and bash\n- Comfort across operating systems, with a strong Linux background\n- Experience across the CI/CD pipeline, with an understanding of best practices for automated testing and deployment\n- Ability to build and maintain highly available infrastructure\n- Competency in monitoring and quick response time in the event of an emergency\n- Security background with strength in automated testing and infrastructure\n- Experience deploying Bitcoin infrastructure with bitcoin core or utxo providers\n\nQualities + Traits \n- Passion for building the new internet for decentralized apps \n- Strong problem solving skills, ability to think fast and thoroughly\n- Development mindset with strong security background\n- Experience in a rapidly scaling start-up\n- Proactive solution provider\n- Excellent communication \n\nPlease mention the words **PAGE MOM ACHIEVE** when applying to show you read the job post completely (#RMjE2LjczLjIxNi4xMQ==). This is a feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to DevOps, JavaScript, InfoSec, Cloud, Python, Engineer, Linux, Testing and Backend jobs that are similar:\n\n $70,000 — $120,000/year\n

\nSemanticBits is looking for a Security Engineer to keep our business, users and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements and helps to scale our security program through automation, process improvement and tool creation.\n\n\nThe selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices and solutions. All this must be done by maintaining security quality and customer satisfaction\n\n\nResponsibilities:\n\n\n* Collaborating with various teams to secure new platforms/applications\n\n* Implementing platform security and framework improvements\n\n* Implementing analysis and monitoring tools\n\n* Working with engineering and QA teams to build tools and scale security in a continuous deployment environment\n\n* Assessing the security of applications, APIs and platforms via penetration testing and code reviews\n\n\n\n\nRequirements\n\nStrong knowledge to perform below tests\n\n\n* Penetration testing\n\n\n* Static Analysis/Static Application Security Testing\n\n* Vulnerability Assessment/Scanning\n\n* Dynamic Analysis/Dynamic Application Security Test (DAST)\n\n\n\n\n\n* \n\n\n* Malicious Software Analysis\n\n\n\n\n\n* Strong foundation in one or more of the following:\n\n\n* Data management security\n\n* Authentication\n\n* Applied cryptography\n\n* Linux security\n\n* Network & Cloud security\n\n\n\n\n\n* Strong engineering background preferred\n\n* Application architecture experience preferred\n\n* Advanced knowledge of Linux platforms\n\n* Advanced knowledge of application mobile security tools\n\n* Strong technical acumen securing software and hardware\n\n* Understanding of software development and working experience with any one of the higher level programming languages or scripting\n\n* A Bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or related field, or equivalent experience\n\n* Familiarity and experience with security technologies such as security engineering, security architecture, cryptography, data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security, security operations\n\n* Familiarity and experience with popular open source security projects such as jptables and Snort\n\n* Thorough understanding of issues documents in the OWASP Top Ten and CWE Top 25\n\n* Demonstrated ability to exploit and mitigate application-level vulnerabilities\n\n* Strong understanding of cryptography as applied to web application security (encryption, hashing, PKI management), including analysis and implementation\n\n* Experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps)\n\n\n\n\nBenefits\n\n\n* Generous base salary\n\n* Three weeks of PTO\n\n* Excellent health benefits program (Medical, dental and vision)\n\n* Education and conference reimbursement\n\n* 401k retirement plan. We contribute 3% of base salary irrespective of employee's contribution\n\n* 100% paid short-term and long-term disability\n\n* 100% paid life insurance\n\n* FSA\n\n* Casual working environment\n\n* Flexible working hours\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Engineer, Cloud, Mobile and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nWhat's the role?\n\nThe AWS Cloud Security Team is seeking highly skilled Cloud Native Security Engineers that have a passion for delivering security solutions as code. Your role is to architect, develop, test and operate the security solutions as well as provide support to the engineering, infrastructure, security and IT teams to continuously improve and protect our production architecture.\n\nOur current tech stack includes AWS, Terraform, Linux, Ansible, Docker, Kubernetes, Spring, Node.js, Java8, iOS, and Python.\n\nResponsibilities\n\n\n* Codify traditional security processes to take humans out of the equation making security consumable as a service\n\n* Work across multiple Security Epics such as IAM, Logging and Monitoring, Infrastructure Security, Data Protection, and Incident Response\n\n* Build security guardrails into the CI/CD pipeline to stop security misconfigurations and vulnerabilities before they happen, creating a tight feedback loop between security and development teams\n\n* Build Cloud Native Detective and Responsive controls that enforce the security baseline at scale\n\n* Build AMI and Docker Image life cycle management systems to integrate with the vulnerability scanning solutions to provide image rehydration based on vulnerability scanning assessments \n\n* Build automation to actively audit the infrastructure for security misconfigurations\n\n* Provide security expertise on system, network, encryption, authentication, and governance\n\n* Developing secure design patterns for cloud architectures developed in public or private cloud environments.\n\n* Research emerging trends and technologies to assess the threats they may face\n\n* Support vendor and partner security assessments\n\n\n\n\nBring Your Best! What this role needs:\n\n\n* Experience with engineering best practices to include analyzing, designing, developing, deploying, and supporting software solutions, and/or infrastructure implementations/upgrades.\n\n* Hands on experience with AWS services such as VPC, EC2, RDS, IAM, KMS, WAF, Lambda, CloudTrail, CloudWatch, Dynamodb, SQS, CloudFront, S3, and Config\n\n* Knowledge of Infrastructure as Code, Immutable Infrastructure, and continuous integration/deployment practices\n\n* Proficient in at least one programming language (Python, Javascript)\n\n* Experience in version control systems such as Git, GitLab, etc.\n\n* Experience administering and hardening Linux and Windows systems\n\n* Familiarity with security issues associated with containers, distributed systems, and large scale web application\n\n* Willingness to continuously learn and share learnings with others\n\n* Ability to work in a fast-paced, rapidly changing environment\n\n* Very strong verbal and written communication skills\n\n* Minimum 3 years working with web-scale environments\n\n* Minimum 2 years working in a security capacity\n\n* Strong problem solving skills\n\n* Strong sense of ownership and the ability to work with a limited set of requirements.\n\n* Ability to explain technical solutions to technical and non-technical teams.\n\n* 4-8 years of experience.\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Cloud, Senior, Engineer and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n