About the team:\n\nRobinhood is looking for a Senior Penetration Tester who is passionate about breaking and fixing applications, services and processes to join the Robinhood Pentest Team.\n\nThe pentest team is part of the larger Offensive Security team and is a core pillar of Security & Privacy Engineering. The pentest team will work with teams across Robinhood to ensure our products, services, and processes are secure through threat modeling, automated & manual penetration testing, and tracking remediations of identified vulnerabilities.\n\nHere are some examples of things our team does frequently that you’ll be heavily involved with:\n\n\nPerform threat modeling against critical and new services. Articulate the actual security risk to Risk working groups.\n\nValidation of critical/high vulnerabilities surfaced via vulnerability automation tooling.\n\nPerform application assessments, internal and external penetration testing focusing not just on network and application level vulnerabilities but fully understanding what risk to Robinhood the vulnerabilities pose especially as they relate to business logic and fraud opportunities.\n\nTriage Bug Bounty reports and interact with Bug Bounty Researchers\n\nConduct vulnerability research to understand latest TTPs and exploits.\n\nConduct vulnerability research into futures technologies robinhood may deploy \n\nFixing issues and leaving things better than they found them and not just finding broken things.\n\n\n\n\n \nWhat you’ll do day-to-day:\n\n\nPerform application security penetration tests to include source code reviews (Golang/Python). This will be your primary role.\n\nTriage Bug Bounty reports as part of the Bug Bounty on call rotation.\n\nPerform threat modeling against critical and new services. Articulate the actual security risk to risk working groups\n\nUse, configure, and write automation to identify and validate vulnerabilities surfaced via vulnerability automation tooling\n\nPerform internal and external penetration, code reviews, and design/architecture reviews testing focusing not just on network and application level vulnerabilities but fully understanding and articulating what risk to Robinhood the vulnerabilities pose especially as they relate to business logic and fraud.\n\nWork closely with development teams to mitigate or remediate security vulnerabilities preferably by submitting Pull Requests (PRs) with the code to remediate the identified vulnerabilities\n\nBuild or suggest detection and monitoring for attacks on the application or infrastructure\n\nConduct vulnerability research to understand latest TTPs and exploits\n\nConduct vulnerability research into future technologies Robinhood may deploy \n\nPublish blog posts and present talks at security conferences\n\nBe a technical advocate for privacy and security decisions, designs, and discussions\n\nMake recommendations for organization-wide system improvements, optimization and/or maintenance efforts and engages with stakeholders to remediate vulnerabilities and risks when required\n\n\n\nAbout you:\n\n\n3-5+ years of experience as a Penetration Tester, Security Researcher, or Security Engineer\n\nCan perform source code review of Golang and Python\n\nStrong foundation in computer and network security, authentication, security protocols and applied cryptography\n\nExperience in web app security, vulnerability research, and penetration testing\n\nKnowledge of network-based and system-level attacks and mitigation methods\n\nFamiliarity with at least some of the following: Python, Go, bash\n\nFamiliarity with log formats and intrusion detection systems for Linux based systems\n\nFamiliarity with common network protocols and standards such as DNS and TCP/IP\n\nExperience with attacking cloud based environments, software development technologies, devops tooling, and web applications\n\nFamiliarity and experience with AWS, GCP and other cloud providers and best practices for securing cloud infrastructure\n\nExperience with containers and container orchestration systems such as Docker and Kubernetes. \n\nAbility to research and execute a testing plan to assess a new technology or process\n\nExcellent written and verbal communication skills and ability to communicate your findings at both high and technical levels\n\nDemonstrated experience performing penetration testing on a remote team\n\nProficiency to communicate over a text-based medium (Slack, JIRA Issues,  GitHub issues, & Email) and can succinctly document technical details\n\n\n\n\n \nBonus points:\n\n\nExperience in the Financial Technology domain\n\nPassion and demonstrated experience for challenging security assumptions\n\nPassion for fixing security issues and not just identifying security issues\n\n\n\n\nCO Residents: In Colorado, the base pay for this position ranges from $169000 to $224000. This role is also eligible for an annual discretionary bonus and participation in Robinhood’s equity plan. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Design, Senior, Marketing, Sales, Digital Nomad, Amazon, Consulting, DevOps, Cloud, Jira, Docker, Testing, Golang and Linux jobs that are similar:\n\n $62,500 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nSan Francisco, California, United States

\nThe Role\n\n\n\n\n* Work closely with our Agile development teams to build, deploy, manage, and monitor cloud based systems to ensure high availability, performance, scalability, and security\n\n* Automate existing processes where possible\n\n* Create new monitoring within Datadog\n\n* Set up continuous integration through build pipelines or similar\n\n* Work with development teams and senior management to come up with an automated deployment strategy\n\n* Troubleshoot and fix incidents as necessary\n\n\n\n\n\n\n\n\n\n\nQualifications\n\n\n\n\n* 2+ Years of cloud-based production experience\n\n* Post secondary education in technology or a related field is considered an asset\n\n* Experience scaling either AWS or Azure Cloud environments\n\n* Experience with Git\n\n* Knowledge of Docker/kubernetes\n\n* Good knowledge of linux cli\n\n* Scripting capabilities - Powershell/bash\n\n* Knowledge of C#/Javascript\n\n* Experience with Microsoft SQL server considered an asset\n\n* Hands-on continuous integration and continuous deployment experience\n\n* Experience in maintaining multiple deployment environments (Dev, QA, UAT, Prod.)\n\n* Automated deployment experience\n\n* Flexibility to adapt in an evolving environment\n\n* Experience with JIRA (or similar) project tracking tools\n\n\n\n\n\n\n\n\nWhy should you apply? \n\n- PayBright offers an outstanding work environment in a high-growth industry\n- We focus on creating a positive and cohesive team-based environment and aim to have fun doing our jobs!\n- Monthly and quarterly team events and social activities (currently being held virtually due to Covid-19)\n- We offer attractive compensation and benefits, including equity participation\n- We have a prime downtown Toronto location near amenities and public transportation\n(we are all currently working from home to stay safe during this time).\n\nEqual Employment Opportunity\n\nOur diverse and inclusive team is part of what makes PayBright a fulfilling place to be. PayBright is an equal opportunity employer and welcomes applications from all backgrounds.\n\nWe are proud to be partnered with the Canadian Center for Diversity and Inclusion.\n\nIf you require any accommodations during the hiring process, please let us know and we will work with you to meet your needs. \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to DevOps, Engineer, Jira, Education, Cloud, Microsoft, Senior and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nPosition Summary:\n\nSemanticBits is seeking a DevOps Manager to oversee a team of DevOps Engineers on a large program building mission critical, highly scalable, AWS-based systems for the federal government. You will work hand-in-hand with development teams and DevOps Engineers to implement automation solutions using technologies like Amazon Web Services (AWS), Ansible, Jenkins, Kubernetes, ECS, and Terraform to automatically build, test, integrate, and deploy complex, modern systems. You will leverage the full power of the cloud to configure highly resilient and scalable applications that support zero downtime. \n\nResponsibilities:\n\n\n* Oversee a team of highly skilled DevOps Engineers that span 10 development Scrum teams\n\n* Conceive of, design, and executive modern DevOps strategy to ensure scalability, reliability, and zero downtime for a wide range of software systems that utilize modern technologies (Node, Angular, etc.)\n\n* Create roadmaps and planning artifacts to execute DevOps strategy\n\n* Report devops progress across Jira boards, and document relevant information in Confluence pages for transparency of infrastructure work to development teams, program leadership, customers, and corporate leadership\n\n* Make recommendations and assessments of builds, deployments, tools, and DevOps processes across teams \n\n* Ensure the on time delivery and coordination of DevOps initiatives in collaboration with architects and program managers. \n\n* Track AWS system resource costs, identify areas for cost optimization, implement cost optimization strategies\n\n* Communicate various strategies, accomplishments, and impediments in regular meetings with stakeholders, and senior leadership\n\n* In-depth, hands on experience with Terraform (strongly preferred) and/or CloudFormation.\n\n* Hands-on understanding of Docker. Be able to write Dockerfiles. Experience with Docker Compose is a plus.\n\n* Familiar with at least one container orchestration platform. ECS or Kubernetes is preferred. Have an understanding and experience of both deploying and maintaining these systems.\n\n* Experience with production deployments using Jenkins. Familiarity with jenkinsfiles is a plus.\n\n* Knowledge of scripting or programming – Bash, Powershell, Python is a plus.\n\n* Knowledge of a configuration management tool, such as Ansible.\n\n* Deep, hands-on experience with Linux and administration.\n\n* Expertise with cloud security, understand the principle of least privilege. Be experienced with securing S3 buckets and IAM configurations. Understand security groups and access controls.\n\n* Experience with and a strong understanding of secret management along with the practice of good security hygiene.\n\n* Experience with Atlassian tooling such as Jira and Confluence preferred.\n\n* Understand how web applications work and the common tools around them.\n\n* Understand the 12 factor app.\n\n* Knowledge of networking fundamentals is appreciated.\n\n\n\n\nRequired Qualifications:\n\n\n* Candidate must reside in the United States\n\n* Bachelor's degree in technological or related field and a minimum of 5 years of relevant experience or a Master’s degree with a minimum of 3 years experience\n\n* Flexible and willing to accept a change in priorities as necessary\n\n\n\n\nNice to Have: \n\n\n* Experience working in the healthcare industry\n\n* Federal Government contracting work experience\n\n* Prior experience working remotely full-time\n\n\n\n\nPhysical and emotional requirements for the job:\n\nThis position is to be performed remotely from an individual’s home office and involves sedentary work. Employees in this role can be expected to exert up to 10 pounds of force on occasion in order to lift, carry, push, pull or otherwise move standard electronic equipment. Employees are expected to make decisions in a timely manner and display emotional intelligence during occasional stressful situations. \n\nBenefits:\n\n\n* Generous base salary\n\n* Three weeks of PTO\n\n* Excellent health benefits program (Medical, dental and vision)\n\n* 401k retirement plan. We contribute 3% of base salary irrespective of employee's contribution\n\n* 100% paid short-term and long-term disability\n\n* 100% paid life insurance\n\n* FSA\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to DevOps, Executive, Jira, Amazon, Cloud, Python, Senior and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nThis job posting is a contract position for a senior Amazon AWS DevOPS engineer with a minimum of 5 years of experience working in a large-scale Amazon AWS enterprise environment. The successful applicant MUST possess all of the required skills listed in this job posting and MUST have meaningful, practical, hands-on experience in all of the required skills areas. Experience migrating a large-scale enterprise to Amazon AWS in a DevOPS capacity is also strongly desired. The successful candidate will be required to take a hands-on performance assessment in AWS demonstrating required skills.\n\nRequired Skills\n• Amazon AWS\n\n* CloudFormation template development and maintenance in YAML\n\n* Creation and use of CloudFormation nested stacks\n\n* Creation and use of IAM policies and roles\n\n* Expertise in deploying applications using EC2, Elastic Beanstalk, S3, RDS, SNS, CloudWatch and Lamba\n\n* Practical understanding of AWS VPC design and networking\n\n* Experienced in multi-account, multi-region deployments\n\n* Solid understanding of the AWS well architected framework and ability to apply AWS best practices to application deployments\n\n\n\n• Linux and Windows OS\n\n* Solid AWS Linux and CentOS command line skills\n\n* Ability to script in bash required\n\n* Experience working with Windows Server 2012R2 from a DevOPS perspective\n\n* Ability to script in Powershell nice to have\n\n\n\n• DevOPS\n\n* Significant experience and expertise in Chef and Chef cookbook development and maintenance\n\n* Fluent in YAML and JSON\n\n* Experience in the creation and maintenance of automated builds using Jenkins\n\n* Solid understanding of CI/CD build processes using Maven, Gradle, Npm, etc.\n\n* Experience in automated AMI builds using Packer and Chef\n\n* Solid understanding of AWS, OS, and application security including the use of security groups, NACLs, SSL/TLS, IAM policies and roles, certificates and key management\n\n* Ability to program in either Python or Ruby strongly desired\n\n* Experience working in an Agile development environment\n\n* Fluent in source code version control using Git / BitBucket\n\n* User level experience working with Jira sprints and Kanban boards in a DevOPS environment\n\n* Ability to document solutions in Confluence\n\n\n\n• Enterprise application migration to AWS\n\n* Experienced in the construction and migration of multi-tiered enterprise applications to AWS\n\n* Experienced in migrating and refactoring enterprise Java based applications in AWS\n\n* Understanding of SQL and NoSQL databases and ability to migrate to RDS or deploy as a stand alone EC2 instance(s)\n\n\n\nEducation and Certifications\n• At least one Amazon AWS certification desired\n• BSEE/BSCS desired but not required\n\nBenefits\n• Opportunity to work alongside highly experienced highly certified Amazon AWS and Red Hat\nprofessional services professionals\n• Opportunity to advance career through meaningful AWS and DevOPS work in a large Fortune 500\ncompany\n• Potential for some remote work for right person\n\nTerms\n6 month guaranteed contract w/ potential to extend \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to DevOps, Senior, Engineer, Jira, Amazon, Java, NoSQL, Git, Python, Ruby and Linux jobs that are similar:\n\n $70,000 — $120,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n