Software Engineer, Application Security - Crypto Authentication

The company is an early stage, fast-growing contender to transform the antiquated user identity space by eliminating the need for passwords, with backing from top investors such as Tiger Global, Lightspeed Ventures, SV Angel, Social Capital, Northzone, Placeholder, Naval Ravikant, Alexis Ohanian, Ryan Hoover, and Balaji Srinivasan. Our mission is to safeguard the trust between users and Internet services by establishing a secure and authentic digital identity.

The company's vision is to build the passport of the internet. We are looking for team members who are not afraid to push beyond the status quo and create the most straightforward, most secure, and most long-term sustainable identity solution for app developers and end-users. This is a unique opportunity to help us disrupt the world of authentication.

We are looking for a Security Engineer who is experienced in product security and has a breadth of knowledge in best security practices. You will flow seamlessly from ensuring the security of our products and systems throughout the development life cycle (from both internal and external threats) to building out core backend systems, kick-ass features, and intuitive/performant APIs.

Requirements

Implement tools and automation to proactively detect security risks and threats for internal systems

Collaborate with other engineers to identify security gaps and integrate security into the software development process

Perform scheduled technical security exercises, security assessments, and code audits

Ensure best security practices and procedures are maintained and carried out by all engineering teams through system design input and code reviews

Work with our HackerOne program from triaging, to identifying solutions, to implementing fixes

Be the go-to expert for product security concerns on the team

Design and build backend systems that power the company's experience

Building and improving our APIs so that they are as scalable, performant, intuitive as can be

We are looking for someone who has:2+ years of work experience in any security engineering domain using SDL, threat modeling, SIEM, vulnerability scanning, pen testing, etc.

Proficient in Python, Go, and/or RubyIn-depth knowledge in secure coding practices and strong passion in helping other engineers to adopt themKeen awareness of application security, and knowledge of Open Web Application Security Project (OWASP) top 10 vulnerabilities

Relevant knowledge of modern web and mobile app security landscape, real-world attacks, and mitigations

Have hands-on experience in the public cloud environment leveraging best security practices

Bonus:

Experience in implementing an intrusion detection system with automated mitigation steps

DevOps experience in public cloud environments

Strong foundation in infrastructure security, applied cryptography, network, and computer security, authentication, and security protocols

Have participated in compliance audits (ex: SOC2 Type2, ISO27001, etc.)

Have a startup personality and mentality: smart, hardworking, productive, team player, integrity, can execute under pressure

The company is fully remote, though we would prefer this role specifically to be in a timezone where we can have more hours overlap with the North American team members due to the need for frequent communication and collaboration. #LI-Remote.