Senior Security Engineer
Reverb.com is hiring a Security Engineer to lead efforts to secure our application and infrastructure. You will work closely with the rest of the dev and infrastructure team to identify fixes and improvements to the security process across a range of applications written in Ruby, Golang, Python,and more running in a higly automated AWS environment. A passion for hacking and a deep understanding of Internet architecture and security is a must.
Responsibilities:
- Audit code for security risk and educate developers on an ongoing basis.
- Contribute to security fixes in the codebase and work with product team and other developers.
- Develop in-house pen-testing practice including automated tests.
- Manage bug bounty programs - triage, assess vulnerabilities, execute fixes.
- Audit cloud security of the entire AWS infrastructure, plan and execute improvements to security (IAM roles, encryption, security groups, VPC).
- Maintain documentation related to security architecture and business practices as relating to role segregation and data access.
- Work with legal to understand security regulations for internationalization; plan and drive execution of technical changes (application and infrastructure) required to operate internationally.
- Advocate for and oversee security throughout the tech organization (including overseeing IT implementations of internal security such as SSO, password management, etc).
Requirements:
- Advanced to expert knowledge of common security vulnerabilities (OWASP) and best practices.
- Mid level knowledge of AWS infrastructure security best practices.
- App development experience with in one or more of Ruby/Python/Golang.
- Prior experience in a security development role.
- Bonus: experience participating in hacker bounty programs and penetration testing of other websites.
What You'll Get:
- Competitive salary and stock options in a high growth company.
- No-bureaucracy environment where ownership and initiative is valued.
- Health insurance and a healthy work environment-- no 80 hour weeks.
- 401k with 4% match.
- Flexible vacation and sick days.
- A MacBookPro, monitor, keyboard, mouse of your choice. Even a stand up desk if you want!
- Discounts on music gear.
- This is a local position in Chicago, please no remote workers or recruiters.