Senior Security Engineer

Remote, US

Applications have closed

Reverb

Join millions of music makers all over the world on Reverb. Find your next favorite new, used, or vintage instrument—or sell one of your own.

View company page

Company Description

Reverb is the largest online marketplace dedicated to buying and selling new, used, and vintage musical instruments. Since launching in 2013, Reverb has grown into a vibrant community of buyers and sellers all over the world. By focusing on inspiring content, price transparency, musician-focused e-commerce tools, a music-savvy customer service team, and more, Reverb has created an online destination where the global music community can connect over the perfect piece of music gear.

We love working at Reverb because we’re making the world more musical—through our marketplace and through Reverb Gives, which provides musical instruments to youth music education programs. We were named a “Best Place to Work” by Built in Chicago and a “Top Workplace'' by the Chicago Tribune.

Job Description

We’re looking for a full-stack engineer to join our security organization. We are a quickly growing team working on hardening all aspects of Reverb’s security posture. This role has room for creative analysis as well as implementation work! As a Security Engineer, you will have the chance to share your expertise on what we need to do to maintain and improve Reverb’s security baseline, and promote those practices to the broader organization.

This is a full-time position reporting to the Engineering Manager of our Security team. We are open to remote hires within multiple states as well as candidates locally in Chicago, IL. For candidates who will work remotely visit this link for a list of approved locations.

Core technologies we work with and secure:

  • Application layer: Ruby on Rails, React, Go
  • Data layer: Postgres, ElasticSearch, Redshift, Redis
  • Infrastructure: AWS IAM, VPC, Fastly, Terraform
  • Logging and Monitoring: Datadog, CloudTrail, Sentry

Projects you might work on in your first 12 months:

  • Hardening our application based on findings from internal testing, pen tests and our bug bounty program
  • Adding tools to our edge protection layer to help combat abusive traffic
  • Implementing risk-based security notifications
  • Integrating automated security testing into our CI/CD pipeline

Responsibilities:

  • Deliver well-tested, peer-reviewed features that improve the security experience of Reverb’s users and prevent abuse
  • Collaborate with other engineering teams to across the stack to deliver projects
  • Find opportunities to harden Reverb’s application, infrastructure and organizational security posture
  • Monitor and respond to security incidents
  • Make well-reasoned, technical decisions backed by data while understanding tradeoffs

Qualifications

  • 5+ years of experience contributing to the implementation and support of highly maintainable and scalable systems by contributing to all levels of the web applications stack
  • 3+ years of experience working in Ruby, Python or Node
  • Experience with CI/CD and comfort with developing in a codebase that is deployed to production multiple times a day
  • Understanding of basic software security patterns in development

Nice to Have

  • Knowledge of the UNIX command line and common tools
  • Experience with hardening applications to protect against the OWASP top 10 
  • Comfort with Docker in development and production
  • Experience with Terraform

Additional Information

Reverb offers compensation packages that include base, bonus, and equity in the form of Etsy restricted stock units. Some of our key benefits include but are not limited to the following:

  • 100% paid medical, dental, and vision coverage for employees and their eligible dependents (you read it right: no premiums!)
  • Life, AD&D, and supplemental long-and short-term disability insurance
  • A matching 401(k)
  • A generous PTO policy that includes vacation, sick/mental health days plus 11 paid holidays and two floating holidays
  • 18 weeks of gender-neutral parental leave for the birth or adoption of a child
  • Up to $7,500 reimbursement of adoption-related expenses
  • Paid sabbatical program
  • Ways to give back to your community through a charitable contribution match and volunteer time off

We're embracing a flexible work model, which empowers our people to do their best work一wherever they are. You can learn more about this approach throughout our interview process.

At Reverb, we believe that a diverse, equitable and inclusive workplace makes us a more relevant and resilient company. We welcome people from all backgrounds, ethnicities, cultures, and experiences. Reverb is an equal opportunity employer. We do not discriminate on the basis of race, color, ancestry, religion, national origin, sexual orientation, age, citizenship, marital or family status, disability, gender identity or expression, veteran status, or any other legally protected status. We will ensure that individuals with disabilities are provided a reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.

We know that the impostor syndrome and confidence gap are real. Please do not hesitate to apply!

Tags: AWS CI/CD Docker E-commerce Elasticsearch Full stack IAM Monitoring OWASP PostgreSQL Python Redis Ruby Terraform UNIX

Perks/benefits: 401(k) matching Equity Flex hours Flex vacation Health care Insurance Medical leave Paid sabbatical Parental leave Salary bonus Transparency

Regions: Remote/Anywhere North America
Country: United States
Job stats:  640  39  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.