Platform Security Engineer
ExtendExtend leverages cutting-edge technology to provide a better way for customers to protect the products they love. Our digitally-native solution delivers a modern experience that is a win for both merchants and their customers.
Extend is modernizing the $100 billion-per-year extended warranty and protection plan industry using cutting-edge technology, and top-notch customer service. After a $260M Series C financing round, we are ready to continue to scale our organization and grow beyond our $1.6B valuation.
Our API-first solution allows any merchant to offer extended warranties and protection plans, both online and offline, while also providing a merchant's end customers with a vastly improved and modern support experience that eliminates many of the issues customers face today with legacy underwriters.
We are a venture-backed startup based in downtown San Francisco that is led by founders who have previously had multiple successful exits. Extend is simplifying the technology stack for the extended warranty industry.
What You'll Do:
- Lead the development, design, and evolution of platform security serverless microservices for identity, authentication, and authorization, as well as tools and patterns providing data encryption and secrets management.
- You will be the security champion and advocate for platform application security services and best practices throughout the organization. The ability to clearly, concisely, and patiently communicate architectural/implementation risks to engineers, product owners, and leadership will be pivotal in this role.
- Share knowledge and expertise with platform security team members to aid in their growth and understanding, elevating the whole team and improving our efficacy.
- Document system, service, and data interactions and flows for consumption by engineers inside and outside of the platform security team.
- Encourage innovation and foster an environment of continuous improvement.
- Identify risks and aid in implementing process and implementation improvements in the overall platform.
- Provide code reviews for sensitive code bases with a focus on code quality and secure implementation.
What We Are Looking For:
- 5+ years of combined software, security, and cloud infrastructure engineering and/or architecture experience.
- Intimate familiarity with OAuth/OIDC flows, JWT tokens, and overall identity, authentication, and authorization principals.
- Understanding of modern cloud security and secure code operations, concepts, and practices.
- Experience with DevOps and secure SDLC tools, patterns, and methodologies for cloud architectures.
- Experience working with serverless services such as AWS API Gateway, Lambda, and DynamoDB.
- Experience with AWS IAM principals and configuration.
- Experience driving technical and security requirements with cross-functional teams.
- Strong understanding of cryptography, including best practices.
- Extensive knowledge around API development with HTTP, REST and JSON.
- Experience designing and implementing services in a high-security cloud-based environment.
- Able to respectfully provide and receive feedback in all situations.
- Self-motivated, able to take ownership of tasks and see-through completion.
- Must be well organized, able to thrive in a fast-paced startup environment, must have the ability to approach problems with a collaborative, team-player attitude.
- Strong communication skills in several mediums, working with a collaborative cross-functional team of peers and development teams throughout the company.
Nice to Haves:
- Experience with AWS CDK for infrastructure-as-code.
- Experience TypeScript (v4) and the related ecosystem.
- Familiarity with containers and general security principals.
- Familiarity with cloud networking security principles and technologies.
- Experience working closely with security operations teams, including SOCs, incident response, vulnerability management, and GRC.
Life at Extend:
- Working with a great team from diverse backgrounds in a collaborative and supportive environment.
- Competitive salary based on experience, with full medical and dental & vision benefits.
- Stock in an early-stage startup growing quickly.
- Unlimited vacation policy.
- 401(k) with Financial Guidance from Morgan Stanley.
Other jobs like this
Security Engineer, Detection & ResponseAutomation AWS Bash Blockchain Crypto EDR Exploits Finance Incident response Monitoring +4
Flex hours Gear Pet friendly Snacks / Drinks Team events
Flex hours Gear Pet friendly Snacks / Drinks Team events
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Head of Information Security jobs
- Open Senior Information Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Staff Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Cloud Security Automation Specialist jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cloud Security Operations Lead jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open Encryption-related jobs
- Open CEH-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Threat detection-related jobs
- Open Open Source-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open DevSecOps-related jobs
- Open Machine Learning-related jobs