Infrastructure Security Engineer

Summary

Join Descript as a talented infrastructure security engineer to protect our platform, systems, and user data. You will identify vulnerabilities, implement and improve security controls, and ensure security is embedded in our products. Design and build security-focused infrastructure, perform security assessments and code audits, lead remediation of issues, and partner with engineering teams. Conduct assessments to identify attack vectors, help with penetration testing and compliance, and advocate for security best practices. This role requires 5+ years of software development experience with a focus on platform, infrastructure, or security, along with strong understanding of web application and cloud security. Proficiency in a programming language (TypeScript preferred) and experience with authentication and authorization systems are also needed. The base salary range is $187,000-$227,000/year.

Requirements

• 5+ years of experience building software with at least 2 years focused on platform, infrastructure, and/or security
• Strong understanding of web application security, cloud security (GCP preferred), and secure coding practices
• Proficiency in at least one general purpose programming language (TypeScript experience preferred)
• Experience with authentication and authorization systems
• Strong communication and interpersonal skills, with demonstrated experience collaborating across functions
• Desire to work in a fast-paced environment, continuously grow, and master your craft

Responsibilities

• Design and build security-focused infrastructure primitives and integrate them into our existing products and development processes
• Perform technical security assessments, code audits, and design reviews
• Lead remediation of prioritized issues across our technology stack
• Partner with engineering teams to design and deploy solutions which are inherently secure
• Conduct assessments to identify current and new attack vectors against our products and services
• Help run penetration testing and our security-related compliance efforts
• Advocate for security best practices throughout the organization

Preferred Qualifications

• Experience with TypeScript and GCP (GKE and other core services)
• Experience with Terraform infrastructure as code
• Background in developing security tooling and automation
• Experience working on identity and access management systems
• Demonstrated ability to make hard prioritization decisions in security controls

Benefits

• Generous healthcare package
• Catered lunches
• Flexible vacation time