You.com is hiring a
Senior Security Engineer, Remote - United States

Summary

The job is for a Security Engineer at You.com, focusing on ensuring secure software and infrastructure design, build, test, and maintenance across the company. The role involves various responsibilities such as supporting engineers, collaborating with product and engineering teams, performing security assessments, developing automation of high-signal security tooling, supporting third-party consultants, crafting training courses, participating in on-call and incident response efforts.

Requirements

• Has 7+ years of experience working in software security roles or performing similar types of work (e.g. application security, security engineering, product security, security research)
• Read and write software in two or more of the following languages: Javascript or Python
• Proficient in identifying vulnerability classes, performing root cause analysis, defining remediation paths in code, technical coordination with engineers, and verifying fixes
• Has direct experience in activities such as threat modeling, penetration testing, creating security requirements, performing source code reviews, or leading security design reviews
• Experience building sustainable programs with an emphasis on partnership and enablement
• Experience with AWS cloud services, Github, and Kubernetes
• Exposed to incident response, on-call, and other security operations functions

Responsibilities

• Support engineers across the SDL as a security subject matter expert, including design reviews, threat modeling, code review, patch creation, and penetration testing
• Collaborate with product and engineering on architecting resilient, security-first services
• Perform deep, technical security assessments to ensure services follow secure design principles across our engineering portfolio
• Develop automation of high-signal security tooling through customizations and plugins
• Support third-party security consultants to provide external validation of product security
• Craft and deliver interactive security training courses to support engineer enablement
• Participate in on-call and incident response efforts

Benefits

• A remote-first work environment with hubs in California, NYC, and Canada that offer monthly in-person gatherings
• Unlimited PTO with 11 U.S. holidays observed and a week shutdown in December to rest and recharge
• Competitive health insurance plan, where 100% of the policyholder is covered
• 12 weeks of paid paternity leave in the US, additional time off also considered
• 401k program, 3% match coming January 2025
• $500 work-from-home stipend to be used up to a year of your start date
• $1,200 / year Health & Wellness Allowance to support your personal goals
• In-person coworking weeks 1 to 2 times a year
• Chance to collaborate with a team at the forefront of AI research