What you’ll do:

• Own core pieces of our security program based on your skill set and interest
• Find, manage, and fix vulnerabilities in the product, coordinating with development teams on their remediation, and building tooling to prevent them from  reappearing or being created in the first place
• Design and build application frameworks and services to improve the security of a cloud, container-based microservice application stack
• Collaborate with dev teams and other stakeholders as their dedicated Security Partner, including threat modeling, security design, implementation, and process building
• Roll out and manage cloud infrastructure security initiatives
• Expand our  logging, alerting, and detection automation, and respond to potential incidents
• Help manage corporate security initiatives in collaboration with other teams, including SSO, MDM,EDR and network security
• Drive compliance initiatives that add real security value

Skills / Qualifications:

• The right candidate for this role will definitely have:
• 3+ years of experience in secure software development.  Computer science degree or similar preferred.  Proficiency with Python, Javascript, TypeScript,  Node.js, or JVM preferred.  Experience building and securing backend  Node.js + TypeScript services is ideal
• Experience with finding, triaging, and fixing web application vulnerabilities, covering at least the OWASP Top 10, is required
• The ability to quickly pick up new technologies and finding problems in unfamiliar systems or code bases
• The ability to communicate security concerns effectively to technical and non technical stakeholders via written and verbal mediums
• A proficiency for automating as much as possible, and a desire to solve problems once
• A passion for security and building resilient systems
• Experience with one or more of the following is preferred:
• Experience with securing microservice architectures based around public cloud services, containers, Docker, and Kubernetes.
• Familiarity with managing public clouds (AWS, Azure, GCP) using infrastructure–as-code (Terraform) and automation (Ansible, Puppet, Chef, etc) preferred. 
• Knowledge of cloud security best practices is a plus
• Experience building out a Secure Software Development Life Cycle (SSDLC), including integrating automated security testing, SAST, DAST, SCA, fuzzing, and variant analysis within a CI/CD pipeline
• Experience with SIEM tooling preferred. 
• Experience with log management and alert automation is a plus