Security Engineer

Summary

Join Sourcegraph's exceptional security team as a Security Engineer and build world-class security into our product offerings. You will work on vulnerability management, application security testing and vulnerability scanning automation, bug bounty programs, and security reviews for both application and infrastructure security. You will proactively improve the security of our codebase, product, cloud, and customer's on-premise deployments. This role requires practical experience securing SaaS applications, experience using and automating defensive security tools, and software development experience. Preferred qualifications include experience in a startup environment and familiarity with specific technologies like Go, TypeScript, and Kubernetes. The compensation includes an above-average salary, equity, and generous perks and benefits, with salary determined by your location zone and experience.

Requirements

• Practical experience securing SaaS applications, including infrastructure security, application security, and/or compliance
• Experience using and automating a wide range of defensive security tools
• Experience developing software as an engineer (i.e., writing code and contributing directly to applications)
• Experience working across engineering teams to support secure coding across the organization
• You are high agency
• You communicate effectively in writing and documentation

Responsibilities

• Contribute to the team's goals and deliverables for securing the largest deployment of Sourcegraph (sourcegraph.com), enabling customers to upload private code repositories
• Discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers
• Enhance our application security with audits, best practices, code fixes, and continuous education
• Perform reactive incident response if a security event occurs
• Enhance our security measures and policies to support organizations on sourcegraph.com and ampcode.com
• Work with other teams to triage, troubleshoot and mitigate customer concerns and questions about our security
• Work with your manager to create a career plan with actionable goals
• Work with other teams and engineers to implement secure coding guidelines and best practices
• Perform proactive research to detect new attack vectors
• Perform threat modeling for existing and future applications
• Assess and integrate new tools and technologies to improve our operational efficiencies
• Help maintain compliance with SOC 2, ISO 27001 & GDPR standards

Preferred Qualifications

• Experience working in a startup environment
• Experience with Go, TypeScript, Terraform
• Experience with Kubernetes, GCP
• Experience securing AI products

Benefits

• Above-average salary
• Equity
• Generous perks & benefits