Lead Security Engineer
27 января 2019
34
It's 2019 isn't it time to find a job that lets you work where you want?
Who Is Follow Up Boss?
- We’re a simple, sales-focused CRM for real estate teams (and we use our own product)
- We’re a self funded, profitable company started back in April of 2011
- We’re a remote company with a mostly US-based team
- We don’t just claim to be customer-centric - we live it: https://www.facebook.com/followupboss/reviews
- Check out our video on how we work: https://www.followupboss.com/about/
Why Would You Want To Work Here?
- We’re a young, ambitious company who only answers to our customers
- Opportunity to have a big impact on our growth and your career
- No red tape or pointless meetings
- Competitive salary, health/dental insurance and 20 days paid holiday, $1000 to outfit your home office, yearly company meetup
This Role Is For You If…
- You are passionate about Information Security and have solid experience in the field.
- You would describe yourself as patient, empathetic and having a good sense of humour
- You’re independent, self-motivated and can stay efficient and productive without someone looking over your shoulder all day long
- Superb written and verbal skills (with a professional yet fun demeanor).
- You enjoy programming and creating solid, tested, reliable things over just breaking things.
- Reject the idea of security being a blocker, and enjoy collaborating with colleagues across teams to ship projects securely
- Have the ability to work with others and helping them to understand security is far more important than knowing about the latest ROP gadget finding techniques.
- This is a hands-on technical position where you will work with the Infrastructure and Product teams to ensure the secure release of applications.
- Security architecture experience and the ability to consult with engineering teams working on technology projects will be key to success.
- You have thorough familiarity with techniques used by real world attackers and should be able to prioritize detection and attack surface reduction efforts based on this knowledge.
Your qualifications:
- Self motivated and proactive mindset.
- Remote work experience is considered an asset.
- Based in the USA, quiet home office with fast internet.
- Strong experience in penetration testing or related activities, including at least network and application security experience.
- Understand modern web application architecture, TCP/IP, HTTP, and standard network and system security technologies
- A strong knowledge of securing production LAMP (PHP) stacks, as well as a solid understanding of iOS and Android apps is a must.
- Strong knowledge of internet security issues.
- Strong knowledge of UNIX and networking protocols.
Your responsibilities will include:
- Take a leadership role in driving security and privacy initiatives at Follow Up Boss.
- Establish, advocate and enforce security policies and best practices among our team members.
- Lead efforts to keep our customers' data and company assets safe.
- Review changes in internal processes and IT systems to make sure the changes being made don't have adverse effect on security.
- Provide security guidance for our products and technologies
- Collaborate with colleagues across a variety of teams to architect & ship projects securely
- Discover, analyze, assess, and respond to various threats in Follow Up Boss's web stack, iOS and Android applications.
- Investigate security-related reports from customers, internal team members or general public, assess risks and damage, plan recovery actions and lead the effort to execute the plan.
- Review changes in software we produce to make sure we follow best security practices and the changes being made don't have a negative effect on security.
- Evaluate and provide recommendations on third party applications and services and the security implications associated with their use.
- Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly.
- Instrument and perform anomaly analysis of systems and applications
- Ability to discover new and interesting security problems as well a fix them.
- Mentor other team members.
30 Day Targets:
- Become familiar with the product architecture, infrastructure, and existing tools.
- Pair with engineers to gain knowledge about the system and how we work.
- Improve the new hire onboarding process, by being a part of it.
60 Day Targets:
- Take active part in the internal security related work (e.g. assessing company VPN, implementing AWS IAM security best practices, SSH + 2FA, etc)
- Work with fellow engineers to ensure authorized access to internal tools, servers, and sensitive customer data.
90 Day Targets:
- Identify top security issues and develop a solid plan to address them
- Develop internal physical security policies.
- Review and produce plan to comply with Google Compliance External Security Audit.
Our Core Engineering Values
- Teamwork
- Communication
- Code Quality
- Focus and Prioritization
- Customer Driven
- Leadership Qualities
If this sounds like a great fit we would love to hear from you.
We're not accepting applications from agencies.
© 2019, Khashtamov