Bitly is hiring a
Security Engineer

Summary

Join Bitly as a Security Engineer to collaborate with cross-functional teams and integrate security best practices into software development lifecycle.

Requirements

• An expert in application and cloud security with a deep understanding of the latest threats, vulnerabilities, and best practices
• A cybersecurity enthusiast with a substantial technical foundation and a drive to stay ahead of emerging threats
• Proficiency in programming and automation using Go, JavaScript, Bash, and Terraform
• A collaborative team player who can effectively communicate and work with cross-functional teams to integrate security into every phase of the software development lifecycle and convey technical concepts to non-technical stakeholders
• A problem-solver with a keen eye for detail and a proactive approach to identifying and addressing security vulnerabilities
• A continuous learner who thrives in a fast-paced environment and is eager to stay updated on emerging technologies and trends in cybersecurity
• Strong understanding of web application security principles, including OWASP Top 10 vulnerabilities and secure coding practices
• Familiarity with both AWS and GCP production environments
• Experienced in applying security best practices to meet industry compliance standards (e.g., SOC 2, PCI-DSS, HIPAA)

Responsibilities

• Partner with rest of the InfoSec Team, IT and the Product-Engineering teams to implement the strategic security vision into our products
• Design, implement, and maintain robust security architectures for our applications and cloud infrastructure to ensure our systems' confidentiality, integrity, and availability
• Help implement Cloud Security Best Practices by configuring and managing security controls for cloud environments, including identity and access management (IAM), network security groups (NSGs), and encryption mechanisms
• Keep detailed documentation of security configurations, policies, procedures, and incidents to help keep track of the status of security initiatives and compliance efforts
• Implement security automation and orchestration workflows to streamline security operations and improve incident response times
• Perform security-focused code reviews
• Assist the InfoSec team in supporting the development and implementation of controls to achieve and maintain compliance with SOC 2 and other relevant industry standards
• Support and consult with product engineering teams in the area of application security, including threat modeling and appsec reviews
• Work closely with product engineering teams to embed security frameworks and security best practices throughout the software development lifecycle, including secure coding guidelines, static and dynamic code analysis, and dependency scanning
• Participate in the entire software development lifecycle (SDLC), including threat modeling, secure code reviews, and security testing
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities
• Take the lead in incident response efforts during security breaches or incidents, managing investigation, containment, eradication, and recovery activities while implementing preventative measures for the future

Benefits

• Inclusive health, dental, and vision plans built to support diverse lifestyles
• Employer contribution to HSA plans
• Generous paid parental leave
• Enhanced support for reproductive health, family planning, and new parents
• Robust mental health support and Employee Assistance Program (EAP) with confidential counseling services
• Comprehensive well-being benefits including reimbursement program
• Flexible PTO policy and company breaks - At Bitly, we believe rest is essential for productivity and creativity