Security Engineer - International Remote

Here at Hugging Face, we're on a journey to advance and democratize good machine learning for everyone. Along the way, we contribute to the development of technology for the better. Over five thousand companies are using our technology in production, including leading AI organizations such as Google, Elastic, Salesforce, Algolia, and Grammarly.

About the role

As a Security Engineer, you work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that Hugging Face products are secure. We are searching for someone who brings fresh ideas, demonstrates a unique and informed viewpoint, and enjoys collaborating with a progressive, nimble and decentralized approach to develop real-world solutions and positive user experiences at every interaction.

Objectives of this Role

• Engineer, implement and monitor security measures for the protection of computer systems, networks and information
• Identify and define system security requirements
• Measure and optimize security performance, with an eye toward pushing our capabilities forward, getting ahead of customer needs, and innovating to continually improve
• Design computer security architecture and develop detailed cyber security designs
• Prepare and document standard operating procedures and protocols
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement

Daily and Monthly Responsibilities

• Participate in and support application security reviews and threat modeling, including code review and dynamic testing
• Own and perform application security vulnerability management.
• Support the bug bounty program
• Facilitate and support the preparation of security releases
• Support and consult with product and development teams in the area of application security
• Assist in creation of security training
• Assist in development of automated security testing to validate that secure coding best practices are being used

Requirements and skills

• Experience identifying security issues through code review
• Familiarity with common security libraries, security controls, and common security flaws.
• Good coding skills. Python, Golang and Rust are preferred
• Detailed technical knowledge of operating system security
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Experience with OWASP, static/dynamic analysis, and common security tools.
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).

About you

You’ll enjoy working here if you love to talk tech, you know the different pros and cons of multiple languages and frameworks, and Github is in your favorite bookmarks. You care about users’ experience and understand diversity is great but inclusion is key. You like to build things (almost) from scratch and you thrive in a fast growing international environment, Hugging Face is an English first company. You also like to build great products and ship them to production, while ensuring everything works great and we support our community and customers to the best of our ability.

More about Hugging Face

We are actively working to build a culture that values diversity, equity, and inclusivity. We are intentionally building a workplace where people feel respected and supported—regardless of who you are or where you come from. We believe this is foundational to building a great company and community. Hugging Face is an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

We value development. You will work with some of the smartest people in our industry. We are an organization that has a bias for impact and is always challenging ourselves to continuously grow. We provide all employees with reimbursement for relevant conferences, training, and education.

We care about your well-being. We offer flexible working hours and remote options. We offer health, dental, and vision benefits for employees and their dependents. We also offer 12 weeks of parental leave (20 for birthing mothers) and unlimited paid time off.

We support our employees wherever they are. While we have office spaces in NYC and Paris, we're very distributed and all remote employees have the opportunity to visit our offices. If needed, we'll also outfit your workstation to ensure you succeed.

We want our teammates to be shareholders. All employees have company equity as part of their compensation package. If we succeed in becoming a category-defining platform in machine learning and artificial intelligence, everyone enjoys the upside.

We support the community. We believe major scientific advancements are the result of collaboration across the field. Join a community supporting the ML/AI community.