# Our Story\n\nIn short, Security Roots helps make the Internet safer. We work with IT security professionals and ethical hackers to help them find security holes and vulnerabilities in systems before the bad guys do.\n\n\n\nThere is a lot of creativity and innovation involved in findings those holes. Unfortunately, it’s not all fun and games, in order for their “findings” to be useful, they need to document their results, track progress, notify stakeholders, review mitigations implemented, verify, re-test, etc. There is a lot of overhead involved in the process.\n\n\n\nSurprising no one, IT Security experts like the fun and games but don’t like the overhead/ back-office stuff. That’s where we come in, we exist to make the life of IT Security professionals easier, better, more enjoyable by making all of these overhead tasks easier and more painless.\n\n\n\nWe've been in business for 5 years, completely self-funded and profitable. Today, we serve over 440 Infosecurity teams across 37 different countries.\n\n\n\n\n\n# What’s the opportunity?\n\nWe’re looking to hire our 6th full-time employee, a well-rounded Rails developer.\n\nIn this role, you will learn a ton and be part of a small, global, and user-centered company. You’ll even report directly to Daniel Martin, the founder.\n\n\n\nYou’ll have the opportunity to make a difference to the lives of 100s of hackers. Plus, as a small team, you will will have a lot of choice about what to work on, and there are still a lot of untapped opportunities for you to grow as the company does.\n\n\n\n\n\n_That’s our founder, Daniel, presenting on the conference floor._\n\n\n\n\n\n# What's in it for you?\n\n- **Work anywhere** – We're 100% remote.\n\n- **Flexible work hours** - Provided you have reasonable overlap with the team (roughly within EU/US Eastern business hours).\n\n- **Great salary** – You will be making more than others in your region.\n\n- **Flexible vacation** – Take time off when you need it, we trust you (no less than 4 weeks each year).\n\n- **No external pressures** - Our users are king, we do what's best for them. We're self-funded, and don't have any investors, so we can make the right decisions for our customers without worrying about artificial deadlines or financial targets.\n\n- **Autonomy** – You will be given a lot of freedom to do what you think is right, without needing to explain every decision.\n\n- **Meaningful work** – You will take initiative and ownership to see things through to completion. We won't micro-manage you. And your work will be measured by your results.\n\n- You will have great hardware and tools to work with.\n\n- Company retreats.\n\n# What we offer and what we are looking for\n\nYou'll be a trusted and key member of our team, and this is (some of) what you'll end up doing on a day-to-day basis:\n\n- Improve the experience for our users, help them get the results they need.\n\n- Detect opportunities to enhance and improve our stack.\n\n- Extend the coverage of our API layer.\n\n- Improve our existing products and internal systems. We want to learn from you as you learn from us.\n\n- Prioritize and decide what features we should tackle next.\n\n# Our stack\n\n- Rails 5\n\n- JS, Stimulus, CoffeeScript and Sass\n\n- Bootstrap and jQuery\n\n- Postgres and MySQL\n\n- Sinatra, Resque, Middlemanapp, Chef, Vagrant, Nginx, Unicorn,...\n\nWe're looking for a solid Rubyist with «adequate» experience who is comfortable in a 100% remote team and is self-driven.\n\nThis is a full-time position for the right candidate and it has an immediate start date. Work 100% remotely (although you need to have a home base - i.e. no perma-travellers this time, sorry!).\n\n# This position might be for you if:\n\n- You've held a remote position before, or you've held a similar position of responsibility in a traditional organisation but now are looking to **improve your work-life balance**.\n\n- You are a well-rounded individual, work is not everything in life, you may have a family and social life. You work hard when it's work time and are **able to switch off** when it isn't.\n\n- You're comfortable communicating with others verbally and in writing. **Our team is spread across the world**, and so are our clients.\n\n- You are organised, like to be on top of your responsibilities and don't let things slip through the cracks. You will be sure to include the name of your favourite tv series as part of your application.\n\n- You have a knack for design / UX will be a plus. Background in Information Security wouldn't hurt either.\n\n- **You believe in giving back to the community**. We started with an open-source project and to this day we remain firm believers of open-source and giving back. Part of what you will be creating with the team will be released as open-source. \n\nPlease mention the words **RESOURCE ADD AXIS** when applying to show you read the job post completely (#RMjE2LjczLjIxNi4xMzc=). This is a feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Ruby, Full Stack, Developer, Digital Nomad and API jobs that are similar:\n\n $70,000 — $125,000/year\n
\n\n#Benefits\n 🏔 Company retreats\n\n
\n\n#Location\nWorldwide

# Our Story\n\nIn short, Security Roots helps make the Internet safer. We work with IT security professionals and ethical hackers to help them find security holes and vulnerabilities in systems before the bad guys do.\n\n\n\nThere is a lot of creativity and innovation involved in findings those holes. Unfortunately, it’s not all fun and games, in order for their “findings” to be useful, they need to document their results, track progress, notify stakeholders, review mitigations implemented, verify, re-test, etc. There is a lot of overhead involved in the process.\n\n\n\nSurprising no one, IT Security experts like the fun and games but don’t like the overhead/ back-office stuff. That’s where we come in, we exist to make the life of IT Security professionals easier, better, more enjoyable by making all of these overhead tasks easier and more painless.\n\n\n\nWe've been in business for 5 years, completely self-funded and profitable. Today, we serve over 440 Infosecurity teams across 37 different countries.\n\n\n\n\n\n# What’s the opportunity?\n\nWe’re looking to hire our 6th full-time employee, a well-rounded Rails developer.\n\nIn this role, you will learn a ton and be part of a small, global, and user-centered company. You’ll even report directly to Daniel Martin, the founder.\n\n\n\nYou’ll have the opportunity to make a difference to the lives of 100s of hackers. Plus, as a small team, you will will have a lot of choice about what to work on, and there are still a lot of untapped opportunities for you to grow as the company does.\n\n\n\n\n\n_That’s our founder, Daniel, presenting on the conference floor._\n\n\n\n\n\n# What's in it for you?\n\n- **Work anywhere** – We're 100% remote.\n\n- **Flexible work hours** - Provided you have reasonable overlap with the team (roughly within EU/US Eastern business hours).\n\n- **Great salary** – You will be making more than others in your region.\n\n- **Flexible vacation** – Take time off when you need it, we trust you (no less than 4 weeks each year).\n\n- **No external pressures** - Our users are king, we do what's best for them. We're self-funded, and don't have any investors, so we can make the right decisions for our customers without worrying about artificial deadlines or financial targets.\n\n- **Autonomy** – You will be given a lot of freedom to do what you think is right, without needing to explain every decision.\n\n- **Meaningful work** – You will take initiative and ownership to see things through to completion. We won't micro-manage you. And your work will be measured by your results.\n\n- You will have great hardware and tools to work with.\n\n- Company retreats.\n\n# What we offer and what we are looking for\n\nYou'll be a trusted and key member of our team, and this is (some of) what you'll end up doing on a day-to-day basis:\n\n- Improve the experience for our users, help them get the results they need.\n\n- Detect opportunities to enhance and improve our stack.\n\n- Extend the coverage of our API layer.\n\n- Improve our existing products and internal systems. We want to learn from you as you learn from us.\n\n- Prioritize and decide what features we should tackle next.\n\n# Our stack\n\n- Rails 5\n\n- JS, Stimulus, CoffeeScript and Sass\n\n- Bootstrap and jQuery\n\n- Postgres and MySQL\n\n- Sinatra, Resque, Middlemanapp, Chef, Vagrant, Nginx, Unicorn,...\n\nWe're looking for a solid Rubyist with «adequate» experience who is comfortable in a 100% remote team and is self-driven.\n\nThis is a full-time position for the right candidate and it has an immediate start date. Work 100% remotely (although you need to have a home base - i.e. no perma-travellers this time, sorry!).\n\n# This position might be for you if:\n\n- You've held a remote position before, or you've held a similar position of responsibility in a traditional organisation but now are looking to **improve your work-life balance**.\n\n- You are a well-rounded individual, work is not everything in life, you may have a family and social life. You work hard when it's work time and are **able to switch off** when it isn't.\n\n- You're comfortable communicating with others verbally and in writing. **Our team is spread across the world**, and so are our clients.\n\n- You are organised, like to be on top of your responsibilities and don't let things slip through the cracks. You will be sure to include the name of your favourite tv series as part of your application.\n\n- You have a knack for design / UX will be a plus. Background in Information Security wouldn't hurt either.\n\n- **You believe in giving back to the community**. We started with an open-source project and to this day we remain firm believers of open-source and giving back. Part of what you will be creating with the team will be released as open-source. \n\nPlease mention the words **MEADOW TENNIS CLICK** when applying to show you read the job post completely (#RMjE2LjczLjIxNi4xMzc=). This is a feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Ruby, Full Stack, Developer, Digital Nomad and API jobs that are similar:\n\n $70,000 — $125,000/year\n
\n\n#Benefits\n 🏔 Company retreats\n\n

\nAbout the Position\n\nAt Contrast, our goal is the make the Internet safer day by day. We work on the exciting and challenging problem of Security Instrumentation within Ruby applications. If you are familiar with applications like New Relic, ScoutApp, AppSignal, Elastic or Skylight, then you likely understand Instrumentation from a performance standpoint. If you understand tools like Brakeman or Hakiri, then you understand static code analysis for Ruby Security. Contrast is similar to both, but we solve the most complicated problem of runtime data flow analysis within your application to make it secure in the most accurate fashion possible.\n\nWe are always interested in meeting talented and creative technologists who share this goal. We’ve built some amazing technology thus far and are shaking up the way the world looks at application security. We know that our products can get better with new voices and ideas. Contrast is looking for a talented Ruby application developer to join our team, engineering a world-class instrumentation agent for analyzing the security of Ruby web applications. An ideal candidate is incredibly proficient in Ruby. He or she likely has professional Ruby, Rails and Gems experience, including some experience contributing to open source frameworks and/or libraries, this could be a great opportunity for you to deepen your understanding of Ruby’s unique characteristics.\n\nResponsibilities\n\n\n* Contribute to the development of our instrumentation agent written in Ruby, C and Protobuf.\n\n* Build many variations of simple to complex web applications in Ruby using Rails, Rack, Sinatra and/or Padrino for our instrumentation agent to analyze to detect security vulnerabilities at run-time.\n\n* Perform forensic investigations when the agent negatively impacts the performance of functionality of instrumented web applications.\n\n\n\n\nAbout You\n\n\n* Experience with or a passion to learn Ruby Instrumentation\n\n* A possible one day desire to become a Rails contributor\n\n* You must love to code and have a strong passion for making software more secure.\n\n* You’re a true scientist and think about algorithms and regular expressions while you sleep.\n\n* You’re a Ruby expert with a strong understanding of Rails and Linux (Ubuntu).\n\n* Experience writing Ruby using Rails, Rack, Sinatra and/or Padrino.\n\n* Experience and/or increasing interest working with Protobuf\n\n* Experience with popular Ruby ORM frameworks like Active Record, Sequel, Mongoid, Lotus::Model and/or DataMapper.\n\n* Experience building Ruby packaging tools such as bundler, RVM and Ruby Gems.\n\n* You approach problems from a product perspective, thinking through how the user will interact with what you're building.\n\n* You have strong communication skills. You ask questions, let others know when you need help, and tell others what you need.\n\n* You're a problem solver. You believe the best work is the result of finding the simplest solution to complex challenges.\n\n\n\n\nWhat We Offer\n\n\n* Competitive compensation\n\n* Medical, dental, and vision benefits\n\n* Flexible paid time off\n\n* Daily in-office lunches\n\n* 401K\n\n* Professional Development Budget\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Ruby, Senior, Developer, Digital Nomad, C and Linux jobs that are similar:\n\n $70,000 — $130,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nHi. We’re looking for an awesome Rails Developer to join our growing team. If you’ve ever wanted to work for a interesting security startup with great people this is your chance. We’re a little different than your average startup so we put together this FAQ.\n\nQ: Ok who are you guys?\n\nA: Stratum is comprised of some really smart security hackers who were tired of working for large companies. There are people here from MITRE, HP, Fortify, RSA, Verizon Business, Cybertrust, and others. We wanted to do the small company thing and it’s worked well for us.  This is our second new product launch.  Our first was ThreatSim, which was very successful and taught us many lessons.\n\nQ: What would I be working on?\n\nA: You’d be working on our data exfiltration testing platform, XFIL, which simulates data exfiltration techniques often used by hackers and helps customers identify areas for improvement in their egress controls.  Let me translate that for non-security people --- remember the Target hack?  They lost 70-90M credit card numbers -- hackers were able to get on Target’s network and transmit the data off for several months without getting noticed.  The part where they transmit the data is referred to as “exfiltration”.  Our service enables organizations’ to test their ability to identify a data breach in motion.  As you can imagine it’s a capability every organization needs these days.\n\nEssentially we get to think like bad guys and help our customers improve their security. It’s an interesting space to say the least. If you ever wanted to learn more about security and cutting-edge attacks, this is the place. We simulate evil AND give our customers data that they can use to protect their organization. You will spend a lot of time thinking “if I was a bad guy I’d…” then have to pivot and think “if I was a security engineer I’d…”\n\nQ: Where is this position located?\n\nA:  Ideally we would love this position to be based out of our office in Herndon, VA.  This is a key role contributing to a new product offering.  The opportunity to interact with our team will be valuable.  However, we are still open to non-local candidates.  We’ve had great experience with remote developers over the years.  While not required -- please let us know if you are open to relocation at some point.\n\nQ: What will my day to day be like as a developer?\n\nA: This depends on whether you are based out of our office or remote.  In either scenario, you work on new features, enhancements, and issues to ensure that XFIL continues to be awesome. You keep in touch with the team using Slack, Skype, Join.me, Google Hangout, and even an ol’ IP phone. Using your company provided Macbook you write code, commit to Github, and listen to your friends complain about traffic on Facebook. From time to time you may respond to a customer support ticket.  \n\nWe do not require employees to be at their desk 9-5.  We expect employees to be professional and get their job done -- and to be available when the job requires it.  XFIL is a new project, so expect a great deal of collaboration.  If you work better at night, then communicate when you’ll be available, and figure out when people need you.  In the end - it’s all about results. \n\nQ: Who will I be working with?\n\nA: Other developers, devops, sales, and maybe even customers. We’re a 20 person company so needless to say you’ll know everyone on a first name basis.\n\nQ: What hours do you work?\n\nA: We generally work “normal” office hours but are flexible. Most of us are on the east coast (DC area) but as long as you are in the lower 48 we’re good. We’re a startup, so sometimes there are long hours. But we all have families so we aim for a good work-life balance.\n\nQ: What technology do you use?\n\nA: XFIL is built entirely within Amazon Web Services. Linux, load balancers, auto-scaling, sidekiq, redis, ansible, git, Splunk, HIDS, two-factor auth, disk encryption, and a lot of cool security stuff that you probably aren’t used to seeing in a startup.\n\nQ: What skills and qualities are you looking for in a candidate?\n\nA: Here’s a bullet list:\n\n– Ruby on Rails 3.0+\n\n– Relational and non-relational databases: MySQL, Redis\n\n– Background job processors (e.g. Sidekiq)\n\n– Javascript frameworks (e.g. jQuery, pure JS)\n\n– Frontend frameworks (e.g. Bootstrap)\n\n– Client-side and server side MVC\n\n– Comfortable with git for version control\n\n– Continuous integration\n\n– MS Office (hah right, could you imagine?)\n\nThe ideal candidate will be comfortable working remote and managing themselves.  We’re not looking for regular employees -- only apply if you have a need & desire to be involved, voice opinions, build the team/company, etc… this is start-up mode and not a 9-5 job. You will be an integral part of the team with a huge impact on the future of our product. We’re passionate about what we do and you should be too.\n\nQ: How often do we get together in person?\n\nA: For people local to DC we try to get together for lunch every few weeks. For those that are remote we have a few events every year (company picnic, go-kart racing, paintball, holiday party, etc.) Some of the folks here brew beer so I suspect that they hang out more often.\n\nQ: What benefits do you offer?\n\nA: The salary is competitive and depends on your experience. We offer the following:\n\n– Medical, dental, and vision insurance\n\n– SIMPLE IRA with company match\n\n– PTO - We use the Netflix model and do not track PTO.  Use what you need and be responsible are the guidelines.  For those that need numbers -- we tell people to work under the notion that you get 3 weeks PTO for new employees, 4 weeks for employees with us longer than a year.\n\n– 8 federal holidays\n\n– Choose your own laptop (hint: we like Apple products)\n\nApply for this position\n\nIf you are interested in helping evolve information security, tell us about yourself at [email protected]. Send us your LinkedIn profile, Github repo, or anything else you feel would help us get to know you. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to InfoSec, Ruby, Developer, Digital Nomad, JavaScript, Amazon, Git and Engineer jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n