\nAs a Principal Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.\n\nYou’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.\n\nYou will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.\n\nYou love to solve puzzles, and are a great team player.\n\nThis role is remote. The role requires three hours of overlap with the US Eastern time zone (i.e., New York City) daily.\n\nWhat you’ll do:\n\nDepending on your preferences and the current needs of the team, you may either focus on just one or two of the following areas, or you may choose to become involved with many of them.\n\n\n* Security architecture — create a technical plan for partitioning and consolidating our cookies; draft up a sequence diagram for a new middleware to prevent IDOR attacks; implement a POC for leveraging CAPTCHA challenges in cross-origin embedded iframes; draft some code to modify the expiration behavior of our JWTs then pair with our API team to get feedback\n\n* Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test, or help coordinate an engagement with an external firm\n\n* Writing code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementations\n\n* Threat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are needed\n\n* Code reviews — discover weakness in our source code before it reaches production\n\n* Bug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement on our programs\n\n* Web Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability team\n\n* Remediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To Remediate\n\n* Secure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis,, IAST) in our SDLC to detect security issues in our source code before it reaches production\n\n* Developer Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering department\n\n* Incident response — lead or assist in running the various phases of an incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc.\n\n* Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstations\n\n* Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards\n\n* Process improvements — help strengthen our own internal processes and procedures\n\n* A typical day will look like:\n\n\n\n* Engage with one or more product development teams and guide them through a threat model and data flow analysis.\n\n* Review the code for major new functionality to ensure security best practices are followed.  \n\n* Review new tickets in our bug bounty program (http://hackerone.com/vimeo) and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix., \n\n* A call or two with Development, Product Management teams to discuss security-related issues\n\n* Pen test a new feature in a staging environment with Burp Pro\n\n* Assist the compliance team on a privacy-related project\n\n* Provide technical advice in response to occasional questions from developers and other members of the security team\n\n\n\n\n\n\nSkills and knowledge you should possess:\n\n\n* Required: 5+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience.\n\n* Preferred: prior experience in Application Security\n\n* 7+ total years of relevant experience in Engineering, Application Security, or a similar technical field.\n\n* Strong knowledge of modern web, mobile, and network security\n\n* Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby\n\n* Expertise with application pen testing, using tools like Burp or Zap\n\n* Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment.\n\n* Confident with shell scripting\n\n* Confident with common SDLC components, like git, Jira, Jenkins, etc\n\n* Confident ability to communicate technical security concepts to developers\n\n* At least an upper-intermediate level of English\n\n\n\n\nBonus points:\n\n\n* Link to a Github repo with security tools/scripts you’ve developed or help maintain\n\n* Full-stack web development experience creating RESTful applications (in any language) is a big plus\n\n* Open source vulnerability research or blog posts is a big plusS\n\n* Experience with system security hardening guidelines and SDLC principles\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Design, Cloud, API and Engineer jobs that are similar:\n\n $62,500 — $105,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nTel Aviv, Tel Aviv District, Israel

\nJob Title: Senior Manager, SDET\n\nLocation: 7322 Southwest Freeway, Suite 1200, Houston, TX 77074\n\nJob Description: Test and verify the quality and reliability of software to support Beyond Finance’s internal applications and consumer-facing web applications, as well as the implementation of modern agile best practices and fully automated CI/CD pipelines. Focus on advancing the overall SDET team, tools, and processes. Lead system and testing improvement efforts and work closely with Software Engineers to deliver new functionality. Utilize Ruby on Rails, RSpec, and Capybara to develop test framework for writing automation tests. Lead automation effort across multiple teams, including mobile automation support using Selenium, Appium, and Continuous Integration (such as Jenkins) to find and close requirements gaps and create test plans in collaboration with Product Management. Investigate and resolve complex bugs in unfamiliar code and identify and propose solutions to process inefficiencies. Regularly update repos and application frameworks for supporting tools and proactively investigate testing and tooling issues. Design and deliver page objects and other gems to aid in testing, ensure properly tested releases, and monitor and verify testing results. Maintain code pipelines and write complex SQL queries to validate data changes or troubleshoot issues. Oversee Quality Assurance in the Release When Ready model and ensure Quality Assurance contributes to testing coverage in a timely manner. Research and evaluate new engineering trends and tools. Mentor other SDETs along career paths and handle personnel matters. Telecommuting permitted. 100% remote work is permitted; position is based out of our office in Houston, TX.\n\nEducation Requirement: Master’s degree in Computer Science or related.\n\nExperience Requirement: 2 years of experience in Software Engineer in test\n\nAlternate Requirements: In lieu of a master's degree plus two years of experience, will accept a bachelor's degree plus five years of experience in the same fields.\n\nSpecial Skills: Must have at least two years of experience in each of the following: 1) Utilizing Ruby on Rails, Capybara, and RSpec to develop test framework for writing automation tests; 2) Leading automation effort across multiple teams in fintech industry; 3) Automation support using Selenium, Appium, and Continuous Integration (such as Jenkins) for mobile automation in fintech industry. 100% remote work is permitted; position is based out of our office in Houston, TX.\n\nApply: Send resume to [email protected] with “Senior Manager, SDET” in subject line.\n\nSalary: $160,000-$184,000\n\n \n\n#LI-DNI \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Design, Finance, Ruby, Mobile, Senior and Engineer jobs that are similar:\n\n $62,500 — $105,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nHouston, Texas, United States

\nAs a Sr. Application Security Engineer at Vimeo, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust Vimeo with their content every day.\n\nYou’ll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.\n\nYou will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.\n\nYou love to solve puzzles and are a great team player.\n\nThis role is remote.\n\nWhat you’ll do:\n\nDepending on your preferences and the current needs of the team, you may either focus on just one or two of the following areas, or you may choose to become involved with many of them.\n\n\n* Penetration testing — either hunt for security issues on our production or staged applications during an open-box internal pen test or help coordinate an engagement with an external firm\n\n* Writing code for internal automated security tools — write some code, usually in Python, Bash, or Go, to support any of our team's various initiatives. Often, we strive to facilitate a culture of “paved roads” for our developers, such that it is easy for any developer to incorporate security into their designs and implementations\n\n* Threat modeling — consider how malicious attackers may compromise our systems, and advise developers and product managers on what defenses are needed\n\n* Code reviews — discover weaknesses in our source code before it reaches production\n\n* Bug bounty program — help triage new incoming reports on a daily basis, plus launch creative initiatives to increase researcher engagement in our programs\n\n* Web Application Firewall and Rate Limiting — expand coverage and tune new rules while coordinating with developers, support team members, and the site reliability team\n\n* Remediation — enable and encourage developers to correctly fix recently discovered security issues in a timely manner, ultimately reducing our Mean Time To Remediate\n\n* Secure Software Development Lifecycle — configure automated tooling (eg. static and dynamic code analysis, IAST) in our SDLC to detect security issues in our source code before it reaches production\n\n* Developer Education, Security Culture — create fun ways to spread technical security awareness throughout the engineering department\n\n* Incident response — lead or assist in running the various phases of incident response, including initial detection, triage, containment, recovery, root cause analysis, retrospective, etc.\n\n* Collaboration with the infrastructure security team — pair with members of the infrastructure security team on various projects to secure our cloud instances and employee workstations\n\n* Collaboration with the compliance and privacy team — help ensure that our company complies with industry best practices and standards\n\n* Process improvements — help strengthen our own internal processes and procedures\n\n* A typical day will look like:\n\n\n\n* Engage with one or more product development teams and guide them through a threat model and data flow analysis.\n\n* Review the code for major new functionality to ensure security best practices are followed.  \n\n* Review new tickets in our bug bounty program (http://hackerone.com/vimeo) and use your system design and threat modeling knowledge to reproduce, define risk and mitigating controls and propose a fix. \n\n* A call or two with Development, Product Management teams to discuss security-related issues\n\n* Pen test a new feature in a staging environment with Burp Pro\n\n* Assist the compliance team on a privacy-related project\n\n* Provide technical advice in response to occasional questions from developers and other members of the security team\n\n\n\n\n\n\nSkills and knowledge you should possess:\n\n\n* Required: 4+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience.\n\n* Preferred: prior experience in Application Security\n\n* 6+ total years of relevant experience in Engineering, Application Security, or a similar technical field.\n\n* Strong knowledge of modern web, mobile, and network security\n\n* Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby\n\n* Expertise with application pen testing, using tools like Burp or Zap\n\n* Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment.\n\n* Confident with shell scripting\n\n* Confident with common SDLC components, like git, Jira, Jenkins, etc\n\n* Confident ability to communicate technical security concepts to developers\n\n* At least an upper-intermediate level of English\n\n\n\n\nBonus points (nice skills to have, but not needed): \n\n\n* Link to a Github repo with security tools/scripts you’ve developed or help maintain\n\n* Full-stack web development experience creating RESTful applications (in any language) is a big plus\n\n* Open-source vulnerability research or blog posts is a big plus\n\n* Experience with system security hardening guidelines and SDLC principles\n\n\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Design, Cloud and Engineer jobs that are similar:\n\n $65,000 — $125,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nBengaluru, Karnataka, India

<p>Are you looking to be part of an early-stage venture and have a proven technical profile?</p>\n<p><strong>Location: Remote across India.</strong> Your team is based in India and Europe.</p>\n<p>Working Language: <strong>English</strong></p>\n<p><strong>About the project</strong></p>\n<p>The #1 Crypto rewards platform where daily rewards meet smart investing.</p>\n<p>Klink is a leading crypto platform that innovatively combines quest-based task rewards with strategic investing opportunities on its multi-service platform. Klink provides a unique opportunity for its users to earn cryptocurrencies for participation in affiliate-sponsored quests whilst growing their investments simultaneously.</p>\n<p>The company is backed by top-tier VCs in the US &amp; Asia.</p>\n<h2 id="tasks">Tasks</h2>\n<p>We are now looking for an ambitious QA Engineer to join the team. You will be joining a team of 8 (5 with technical background) with a live product with over 10,000 users already. As you work on building an innovative solution competing with products on a global scale, you will always be up to date on all the latest technologies and best practices, especially regarding the web3 space.</p>\n<p><strong>You will:</strong></p>\n<ul>\n<li>Design, develop, and implement comprehensive test plans to ensure the reliability and performance of our mobile and web based products, emphasizing the bridge between CeFi and DeFi opportunities.</li>\n<li>Create, manage, and optimize automated testing frameworks, ensuring our products&#39; continuous and flawless updates.</li>\n<li>Conduct thorough testing across various platforms, focusing on identifying bottlenecks, errors, and vulnerabilities to enhance throughput and execution flawlessness.</li>\n<li>Collaborate with FinTech and Blockchain industry partners to validate and assure the quality of integrated solutions, augmenting our product suite.</li>\n<li>Maintain active and open communication with the technical lead and team members, contributing insights and feedback on quality assurance strategies and product improvements.</li>\n<li>Lead and participate in peer reviews of test plans and related code to maintain high standards of quality, efficiency, and adherence to best practices in QA.</li>\n</ul>\n<h2 id="requirements">Requirements</h2>\n<p>We do not focus on the time you have spent sitting in the lecture halls of this world but we want to understand what makes you feel comfortable, extraordinarily motivated and suitable to take over this position. We are looking for a team member who feels comfortable working remotely and in English in an international environment with a self-driven “Get stuff done” mindset.</p>\n<ul>\n<li>Proficient in automated testing tools and frameworks relevant to serverless architectures and microservices.</li>\n<li>Strong grasp of Javascript and Typescript for testing purposes, with experience in testing frameworks such as Jest or Mocha.</li>\n<li>Demonstrable experience in crafting and executing test cases for cloud solutions, preferably Amazon Web Services (AWS).</li>\n<li>A good understanding of Blockchain and Web3 technologies, with a keen eye for identifying potential issues in these areas.</li>\n<li>In-depth knowledge of data structures, algorithms, and both relational and non-relational databases from a testing perspective.</li>\n<li>Familiarity with security testing best practices in cloud and decentralized environments.</li>\n<li>Hands-on experience with frontend technologies for testing purposes, such as React.js and familiarity with MVC frameworks like Laravel for backend testing.</li>\n</ul>\n<h2 id="benefits">Benefits</h2>\n<ul>\n<li>Join at an early stage and be involved in decisions that shape the company’s future and the opportunity to build your own success story</li>\n<li>You will have a lot of autonomy and freedom in your role to innovate, test and fail</li>\n<li>Be a part of setting up the first office in India, enjoy working remotely and participate in regular team events</li>\n<li>You will receive a competitive salary with the opportunity to participate in the employee token scheme</li>\n<li>Take a trip with an international team of highly skilled individuals who will always support you on this journey</li>\n</ul>\n<p>If you want to know more about this opportunity please complete this application with your most recent work profile and we will get back to you ASAP.</p>\n<p>We are excited to meet you!</p>\n \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Web3, Defi, Crypto, JavaScript, Finance, Laravel, Cloud, Typescript, Mobile, Engineer and Backend jobs that are similar:\n\n $60,000 — $110,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n

\nEMPOWER OVERVIEW\n\n\nEmpower is a high-growth financial technology company on a mission to expand access to fair credit to give anyone in the world the opportunity to improve their financial security and mobility. We dream up and launch one-of-a-kind features that help our members get money instantly whenever they need it, save for the future, and rewrite their financial story. Our members see Empower Cash Advance as a life-saver, Empower Automatic Savings as a game-changer, and the new Empower Thrive line of credit (currently in beta, launching soon) as a lifeline to low-cost borrowing and the only practical path to building good credit.\n\n\nEmpower is backed by Sequoia Capital, Blisce, and Icon Ventures. Are we the next great place to grow your impact and accelerate your career? We think so:\n\n\nInc. ranked Empower #56 in the 2023 Inc. 5000 list of the fastest-growing private companies in the US (#55 in 2022). Forbes put Empower on its 2023 list of America's Best Startup Employers. Fast Company recognized the new Empower Thrive line of credit in their 2022 list of the Next Big Things in Tech. \n \n \nWHAT EMPOWER OFFERS\n\n\nCompetitive salary\nGenerous equity package\nFull healthcare and dental benefits\nTechnology  expense reimbursement\nWork  from anywhere\n\n\nJOB DESCRIPTION\nAs a Backend Server Software Engineer, you’ll work on the engine that powers the Empower apps and business. You’ll engage with a collaborative, high powered team to develop solutions and lead product engineering on projects with a reach of millions. The solutions you’ll build will be robust, secure and easy to understand both for our users and your engineering peers. You’ll take end to end ownership of new features and product lines shaping work in early stages, building, deploying and running post deployment analysis to ensure we’re hitting our goals.\n\n\nTravel for company offsites is expected at a minimum 2 times a year. \n\n\n\nKey Responsibilities\n* Designing, building, and deploying server application code that interfaces with 3rd party clients and Empower\n* Implementing secure coding standards in accordance with the Empower Secure Development Policy\n* Perform on-going security testing and code review to improve software security\n* Monitoring the performance of the Empower server application and applying corrective action through bug fixing and improved solutions\n* Minimising defects and improving reliability through: Development of automated tests, manual test validation, development of fit for purpose architecture and code, contributing to PRs\n* Developing and maintaining the server app build and deployment pipeline\n* Collaborating cross-functionally to define, design and ship new features that create customer and business value\n* Working with business and operations stakeholders for the definition and development of business requirements\n* Contributing to server/client contract API definition\n* Architecting solutions that interface into 3rd parties and the Empower mobile client\n* Maximising effective development and identifying new technology opportunities by: Keeping across .NET development announcements, being across community best practice, discovering and evaluating new technologies\n* Participating in the server ops on call schedule\n\n\n\nCandidate Qualifications\n* Bachelor degree or greater within Computer Science, Software Engineering or a related subject\n* 3+ years developing web APIs within .NET (C#)\n* Working experience with ORMs such as Entity Framework\n* Working experience constructing and optimising RDMS queries\n* Working experience within the asynchronous programming model\n\n\n\n\n\nAt Empower, we hire for people that push themselves to understand others and seek out ways to challenge their personal assumptions. Our hope is that by fostering such an environment, we strengthen our business and relationships by putting people first. We are committed to building a diverse, inclusive, and equitable workspace where everyone (regardless of age, education, ethnicity, gender, sexual orientation, or any personal characteristics) feels like they belong. Even if your experience doesn’t exactly match up to our job description, you should feel empowered to apply regardless!  \n\n#Salary and compensation\n No salary data published by company so we estimated salary based on similar jobs related to Design, Testing, API, Mobile, Engineer and Backend jobs that are similar:\n\n $57,500 — $110,000/year\n
\n\n#Benefits\n 💰 401(k)\n\n🌎 Distributed team\n\n⏰ Async\n\n🤓 Vision insurance\n\n🦷 Dental insurance\n\n🚑 Medical insurance\n\n🏖 Unlimited vacation\n\n🏖 Paid time off\n\n📆 4 day workweek\n\n💰 401k matching\n\n🏔 Company retreats\n\n🏬 Coworking budget\n\n📚 Learning budget\n\n💪 Free gym membership\n\n🧘 Mental wellness budget\n\n🖥 Home office budget\n\n🥧 Pay in crypto\n\n🥸 Pseudonymous\n\n💰 Profit sharing\n\n💰 Equity compensation\n\n⬜️ No whiteboard interview\n\n👀 No monitoring system\n\n🚫 No politics at work\n\n🎅 We hire old (and young)\n\n
\n\n#Location\nRemote - US