Job Summary 

The Security Engineer’s role is to aid the security efforts of Bugcrowd, while proactively making changes to further improve our security posture. 

To achieve this goal, we require a motivated team member who is willing to push their own boundaries and step out of their comfort zone.You will be challenged on a regular basis, especially because you are the last line of defense for one of the largest crowdsourced security platforms! The Security Engineer will provide mentoring to multiple junior security engineers and will work closely with other team members on a daily basis. 

**Please note this role will be working PST business hours

Essential Duties and Responsibilities

• Aiding within the Incident Response process
• Threat hunting
• Developing patches and security controls within a Ruby on Rails application, Golang application, and Kotlin application
• Communicating across multiple teams converting technical knowledge into palatable words for multiple audiences. 
• Significant familiarity with AWS and network security controls
• Identifying vulnerability root causes
• Performing basic risk assessments and triaging
• Educating developers on security best practices
• Architecting solutions with developers to remediate any security concerns
• Performing basic red team assessments (including but not limited to phishing, vishing, spoofing technologies, etc.)
• Testing new features within the platform and services
• Automating security tasks to increase workflow efficiency
• Mentoring other team members

Education

• Bachelor’s Degree in a relevant field or commensurate experience
• 3 - 5+ years of professional experience in a similar role or its equivalent.

Knowledge, Skills, and Abilities

•  Experience with writing IR plans and operating within an IR practice (experience responding to incidents)
• Working knowledge of Threat Intelligence and how it can be used to proactively create security controls (automation)
• Familiarity with Pentesting techniques and OWASP Top 10
• Ability to understand a vulnerability and work with developers to patch it
• Scripting knowledge in at least one of: Bash, Python, JavaScript, Ruby
• Self motivated and organized - must be able to operate from a calendar and be punctual
• Cloud security experience or holds cloud certifications (AWS strongly preferred)
• Experience with Identity and Access Management (IAM) controls
• Ability to work autonomously within a global company, and critically think without intervention
• Familiarity with git
• Familiarity with a ticketing system / issue tracking system is a must (e.g: Jira)

Working Conditions & Physical Requirements

Sitting and / or standing - Must be able to remain in a stationary position 50% of the time

Carrying and / or lifting - Must be able to carry / move laptop as needed throughout the work day.

Environment - remote, work-from-home 100% of the time.

ADA Statement: Bugcrowd is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Bugcrowd will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please contact HR at [email protected].

Pay Range Disclosure: The base pay range for this role takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to Qualifications, Geographical Location, Education/certifications, Experience, Skill Sets, Training, and other business and organizational needs. 

A reasonable estimate of the current range for the position of Security Engineer base is: $97,000- $106,000.

This position may also be eligible to participate in a discretionary bonus program or commission plan, subject to the rules governing the program, whereby an award, if any, depends on various factors, including, without limitation, individual and organizational performance.