2018-02-17

Product Security Architect

Posted on Feb 17

Location: San Francisco, CA
Job Type: Full Time
Job ID: W4150452

 

Opportunity to build out a team
 

• Discovering and fixing vulnerabilities via code audits, fuzzing, and static analysis

• Working with and supporting the backend and UI teams to fix vulnerabilities found internally and by researchers through our bug bounty program

• Designing and building secure systems to handle application secrets such as encryption keys

• Identifying places to add audit trails to improve accountability

• Re-architecting our core infrastructure to reduce the attack surface of critical services and mitigate the impact of exploits

• Augmenting our backend with the latest intrusion-detection systems

Job Description

• Discovering and fixing vulnerabilities via code audits, fuzzing, and static analysis

• Working with and supporting the backend and UI teams to fix vulnerabilities found internally and by researchers through our bug bounty program

• Designing and building secure systems to handle application secrets such as encryption keys

• Identifying places to add audit trails to improve accountability

• Re-architecting our core infrastructure to reduce the attack surface of critical services and mitigate the impact of exploits

• Augmenting our back-end with the latest intrusion-detection systems

Qualifications

  • Have 5+ years of production experience in web, database, and/or infrastructure security
  • Easily recognize SQL/command injection, XSS, CSRF, SSRF, and other vulnerabilities
  • Enjoy working across teams to get security vulnerabilities fixed and being a resource for other developers and teams
  • Can design, plan, and implement security-focused architectures and frameworks
  • passionate about ensuring that security remains a first-class concern. 
  • Bonus points for: A BS/MS/Ph.D in Computer Science, Computer Engineering, or a STEM field
  • Fluency in at least one of the following languages: Ruby, Scala, C/C++, Java, Python
  • Deep knowledge in key security concepts such as authentication, authorization, public/private key encryption, role-based access control, and security by design
  • Demonstrated ability to ship production-quality software in a dynamic environment
  • Experience with large-scale distributed systems and client-server architectures
ProgrammerAnalyst.com is owned, operated, and copyrighted by Career Marketplace (© 2002-2019, All Rights Reserved)
CAREERMARKETPLACE INC BBB Business Review