About the team:\n\nRobinhood is looking for a Senior Penetration Tester who is passionate about breaking and fixing applications, services and processes to join the Robinhood Pentest Team.\n\nThe pentest team is part of the larger Offensive Security team and is a core pillar of Security & Privacy Engineering. The pentest team will work with teams across Robinhood to ensure our products, services, and processes are secure through threat modeling, automated & manual penetration testing, and tracking remediations of identified vulnerabilities.\n\nHere are some examples of things our team does frequently that you’ll be heavily involved with:\n\n\nPerform threat modeling against critical and new services. Articulate the actual security risk to Risk working groups.\n\nValidation of critical/high vulnerabilities surfaced via vulnerability automation tooling.\n\nPerform application assessments, internal and external penetration testing focusing not just on network and application level vulnerabilities but fully understanding what risk to Robinhood the vulnerabilities pose especially as they relate to business logic and fraud opportunities.\n\nTriage Bug Bounty reports and interact with Bug Bounty Researchers\n\nConduct vulnerability research to understand latest TTPs and exploits.\n\nConduct vulnerability research into futures technologies robinhood may deploy \n\nFixing issues and leaving things better than they found them and not just finding broken things.\n\n\n\n\n \nWhat you’ll do day-to-day:\n\n\nPerform application security penetration tests to include source code reviews (Golang/Python). This will be your primary role.\n\nTriage Bug Bounty reports as part of the Bug Bounty on call rotation.\n\nPerform threat modeling against critical and new services. Articulate the actual security risk to risk working groups\n\nUse, configure, and write automation to identify and validate vulnerabilities surfaced via vulnerability automation tooling\n\nPerform internal and external penetration, code reviews, and design/architecture reviews testing focusing not just on network and application level vulnerabilities but fully understanding and articulating what risk to Robinhood the vulnerabilities pose especially as they relate to business logic and fraud.\n\nWork closely with development teams to mitigate or remediate security vulnerabilities preferably by submitting Pull Requests (PRs) with the code to remediate the identified vulnerabilities\n\nBuild or suggest detection and monitoring for attacks on the application or infrastructure\n\nConduct vulnerability research to understand latest TTPs and exploits\n\nConduct vulnerability research into future technologies Robinhood may deploy \n\nPublish blog posts and present talks at security conferences\n\nBe a technical advocate for privacy and security decisions, designs, and discussions\n\nMake recommendations for organization-wide system improvements, optimization and/or maintenance efforts and engages with stakeholders to remediate vulnerabilities and risks when required\n\n\n\nAbout you:\n\n\n3-5+ years of experience as a Penetration Tester, Security Researcher, or Security Engineer\n\nCan perform source code review of Golang and Python\n\nStrong foundation in computer and network security, authentication, security protocols and applied cryptography\n\nExperience in web app security, vulnerability research, and penetration testing\n\nKnowledge of network-based and system-level attacks and mitigation methods\n\nFamiliarity with at least some of the following: Python, Go, bash\n\nFamiliarity with log formats and intrusion detection systems for Linux based systems\n\nFamiliarity with common network protocols and standards such as DNS and TCP/IP\n\nExperience with attacking cloud based environments, software development technologies, devops tooling, and web applications\n\nFamiliarity and experience with AWS, GCP and other cloud providers and best practices for securing cloud infrastructure\n\nExperience with containers and container orchestration systems such as Docker and Kubernetes. \n\nAbility to research and execute a testing plan to assess a new technology or process\n\nExcellent written and verbal communication skills and ability to communicate your findings at both high and technical levels\n\nDemonstrated experience performing penetration testing on a remote team\n\nProficiency to communicate over a text-based medium (Slack, JIRA Issues,  GitHub issues, & Email) and can succinctly document technical details\n\n\n\n\n \nBonus points:\n\n\nExperience in the Financial Technology domain\n\nPassion and demonstrated experience for challenging security assumptions\n\nPassion for fixing security issues and not just identifying security issues\n\n\n\n\nCO Residents: In Colorado, the base pay for this position ranges from $169000 to $224000. This role is also eligible for an annual discretionary bonus and participation in Robinhood’s equity plan. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Design, Senior, Marketing, Sales, Digital Nomad, Amazon, Consulting, DevOps, Cloud, Jira, Docker, Testing, Golang and Linux jobs that are similar:\n\n $62,500 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nSan Francisco, California, United States

\nCloud Software Developer- (Node.JS, Golang)\nRailroad19, Inc. ~  Remote - United States\nCloud  Software Engineer (Remote United States)\nAt Railroad19, we develop custom software products and provide software development services. \nWe are looking for a Cloud Node.JS Software Engineer with 8 years of experience that is fluent in both AWS Cloud and Node.js and Golang to be a strong advocate for clean and maintainable code. In addition to contributing to the codebase you will work as an adviser to help create best-in-class solutions.  Candidates should also have previous experience working with Cloud Native tool kits.\nWhile there are no management responsibilities for this position there are opportunities for leadership for those who want to grow.\nAt Railroad19, you are part of a company that values your work and gives you the tools you need to succeed. We are headquartered in Saratoga Springs, New York, but we are a distributed team of remote developers across the US. \nThis is a full-time role with vacation, health insurance, and a 401k. Railroad19 provides healthy compensation with excellent benefits and a great corporate culture.\nThe role is remote - U.S. located, only full time (NO- contractors, Corp-to-Corp or 1099). \n\nPrimary responsibilities:\n\n\n* Understand our client's evolving needs\n\n* Advocate for appropriate solutions with multiple stakeholders\n\n* Write and maintain scalable enterprise quality software\n\n* Work closely with product management and the lead architect to translate business requirements into scalable and highly available tools\n\n* Be able to participate and implement Cloud and Microservice best practices while adhering to standard architecture patterns\n\n* Develop microservice applications to support the media asset management systems and implementing them using appropriate technologies & frameworks\n\n* Drive the adoption of new technologies including containers, clustering, cloud computing, serverless and API\n\n* Follow Agile best practices and tools adopted by the team\n\n* Integrate various software platforms and external 3rd party systems through vendor APIs.\n\n* Work with vendor(s) on API implementation and troubleshooting, suggesting necessary features and identifying enhancement opportunities.\n\n* Configure Development, QA and Production environments with proper packages and dependencies to enable implementation, working closely with DevOps and QA teams\n\n* Participate when needed in 24x7 application support schedule; some overnight/off hours shift-schedule support will be required during on-air rollouts, emergencies, and special broadcast events.\n\n* Work with client user groups to ensure operational needs are being appropriately met.\n\n* Other duties as assigned.\n\n\n\n\nExperience:\n\n\n* 5+ years working with IT systems, with a solid understanding of cloud technologies, network and storage systems.\n\n* 5+ years of experience working with Unix/Linux environments for development, including package management and basic system administration.\n\n* Experience with building serverless applications in AWS using NodeJS.\n\n* Comfortable using Amazon Web Services (Step Functions, S3, RDS, EC2, ECS, Lambda, SQS, SNS, DynamoDB, CloudFormation)\n\n* Education/experience in Computer Science, IT, Engineering or related field/equivalent experience.\n\n* Experience developing software in a team environment.\n\n* Excellent verbal and written communication skills.\n\n* Schedule flexibility is needed to meet on-air operational needs.\n\n\n\n\nExperience preferred but not required:\n\n\n* Exposure to using, Golang, Python & Java in containerized and serverless applications\n\n* CI/CD: Jenkins, Nexus, Cloud Formation, Code Pipeline\n\n* Familiarity with broadcast production or video content management systems\n\n* Exposure to implementing ML/AI technologies\n\n* Experience working with Agile and Scrum methodologies for software development and project execution.\n\n* Familiarity with project tracking and collaboration tools such as JIRA and Confluence (Wikis)\n\n* Hands-on experience with Spring Boot, Spring Cloud(using Netflix OSS) is a plus\n\n* Hands-on experience with Oracle or similar relational database technology\n\n* Hands-on experience with AngularJS or similar JavaScript frameworks is a plus\n\n* Demonstrates a passion for learning new technologies and takes pride in delivering working software\n\n* Experience collaborating on an Agile team\n\n* Git experience preferred\n\n* Continuous integration practices are a plus\n\n* Familiarity with AWS\n\n* Bachelor's or master’s degree in computer science, computer engineering, or other technical discipline; or equivalent work experience\n\n\n\n\nNo Agencies***\nThis is a non-management position\nThis is a full time position\n\nWe are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to JavaScript, Cloud, Node, Developer, Digital Nomad, Jira, DevOps, Video, Amazon, Java, Serverless, Python, API, Golang and Engineer jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n