Staff Security Engineer

Summary

Join Discord's Platform Security Engineering team as a Staff Security Engineer and contribute to the security and privacy of our platform used by over 200 million people. You will guide security strategies, lead software engineering projects, consult on risk assessments, and develop secure baselines for cloud and bare-metal resources. This role requires extensive experience in building and operating production systems, software development, and securing systems with millions of users. You will collaborate cross-functionally and work on projects involving IAM systems, vulnerability scanning, and securing the software supply chain. The position offers a competitive salary, equity, and benefits. Discord is committed to empowering people to find belonging and creating a secure and enjoyable experience for its users.

Requirements

• You have 7+ years of experience building and operating production systems and infrastructure
• You have 5+ years of experience writing software in at least one general-purpose programming language (we mainly use Python and Rust)
• You have 4+ years of experience securing systems with millions of users
• You have been the tech lead for projects involving 3+ engineers and spanning multiple quarters
• You have designed and built user-facing software for customers beyond your immediate team
• You have experience securing cloud-based environments (e.g. GCP, Cloudflare)
• You have experience with technologies for defining and orchestrating containers (e.g. OCI, Docker, Distroless, Kubernetes)
• You understand modern authentication and authorization protocols and concepts (e.g. RBAC, OAuth 2.0, OIDC/SAML, Zero Trust network architectures, mTLS)
• You have experience with build and CI/CD technologies (e.g. Bazel, Buildkite, Terraform)

Responsibilities

• Guide strategy and lead software engineering projects on a small, highly-autonomous, horizontally-integrated security team with a lot of leverage. This is a code-forward role!
• Consult on risk assessments, architectural designs, threat models, code reviews, and more—pragmatically balancing security with other business considerations
• Develop and apply best-in-class secure baselines for cloud and bare-metal resources
• Secure our software supply chain, from a developer’s laptop through version control and CI/CD and into production
• Build and own IAM systems that are user-friendly and promote least privilege
• Manage third-party vulnerabilities while supporting rapid growth for Product Engineering
• Partner cross-functionally for security monitoring and incident response

Preferred Qualifications

• You have a system to discover industry tools that can multiply your team’s impact
• You have experience securing multi-cloud environments
• You have developed and debugged distributed systems atop GCP and Cloudflare
• You have built and operated a service mesh (e.g. Envoy, Istio, Linkerd)
• You have managed and secured VMs and bare-metal hosts (e.g. Linux, Salt)
• You have designed and applied Kubernetes security policies (e.g. OPA Gatekeeper, Kyverno)

Benefits

• Equity
• Benefits