We're looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you're a high performer who's an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.

Job Title: Senior Software Security Engineer

Job Description:

We're looking for problem solvers, innovators, and dreamers who are searching for anything but business as usual. Like us, you're a high performer who's an expert at your craft, constantly challenging the status quo. You value inclusivity and want to join a culture that empowers you to show up as your authentic self. You know that success hinges on commitment, that our differences make us stronger, and that the finish line is always sweeter when the whole team crosses together.

• Enhance security touch points throughout the SDLC with emphasis on code review and verification
• Perform secure design reviews, identify security gaps and propose mitigations
• Provide security subject matter expertise following best practices, standards, and policies across areas such as identity and access management, cryptography, web security, cloud security, and more
• Participate in investigation and remediation of vulnerabilities affecting software products
• Identify security gaps and work with partner teams to implement robust security controls
• Assist software engineers with understanding security tool findings and mitigations
• Partner with Software Architecture and DevOps for ensuring security best practices in the ideation phases

• Minimum 5+ years of proven experience successfully delivering secure software throughout a Software Development Lifecycle
• Strong knowledge of software vulnerabilities, mitigations, threat modeling, risk assessment, and vulnerability management
• Experience in a programming language such as Modern C++, C#, Rust, Golang, Java, or Scala
• Able to discuss and provide clear technical guidance on cryptographic concepts like cryptography, hashing, encoding, key management, etc.
• As a security advocate you will take the initiative to collaborate with stakeholders across the organization, including software engineering teams and product owners, to provide pragmatic security solutions
• Adaptable at explaining security concepts to stakeholders of various backgrounds
• Understanding of how to diagnose software build and scan results, such as CI/CD, SAST, DAST, SCA, and Container scans
• Able to balance various stakeholder concerns with security requirements
• Bachelor's degree and/or equivalent experience in computer science, information technology, or related field

• Extensive experience writing and code reviewing Modern C++ codebases
• Strong experience with SaaS applications and Cloud technology such as GCP, AWS, Docker/Containers, Kubernetes, and microservice architectures
• Experience developing or maintaining CI/CD and scanning systems (e.g. can implement and maintain a system that helps find vulnerabilities)
• Experienced in software security testing (SAST, DAST, SCA, Manual Penetration Testing and Vulnerability Management)
• Demonstrable practical experience integrating and maintaining cryptographic systems/libraries into software projects, such as OpenSSL, NaCl, argon2, or bcrypt
• Strong knowledge of software design patterns and security analysis