Senior Security Engineer (Remote)
Do you want to change the world? At Cabify and Movo, that’s what we’re doing. We aim to make cities better places to live by improving mobility for the people living in them, connecting riders to drivers, providing mobility alternatives such as scooters and mopeds and many others to come, at the touch of a button. Maybe one day cities will be places where nobody needs a private car. But we’ve still got a long way to go...fancy joining us?
Right now we’re working on some pretty greenfield projects with a solid set of product ideas lined up ready for innovative engineers to tackle and of course we have big plans to take over the taxi app service industry!
Security Engineers at Cabify work on improving all aspects of our product and platform security.
They are a blend of operations engineers and software developers, who apply solid engineering principles, operational discipline and mature automation to improve existing systems from the security perspective. They work with developers to prevent potential design mistakes, to ensure our designs are solid and have enough security layers to prevent inevitable bugs becoming complete compromises.
As a Security Engineer, you will wear many hats, so you will:
* Own vulnerability management and mitigation approaches.
* Document every action so your learnings turn into security policies and automations.
* Review and advise on implementing secure architecture designs.
* [compliance] Assist internal and external auditors.
* [compliance] Design high level frameworks and policies for defining assets and classifying data.
* [compliance] Provide security training for internal teams, and develop security guidance and best practices documentation.
* [compliance] Work closely with Business Teams to define and classify assets.
* [secops] Work closely with Systems and Product teams on systems designs and risk mitigation.
* [secops] Define, implement, and monitor security measures to protect company assets.
* [appsec] Implement, manage and own the response of our bug bounty program.
* [appsec] Triage and manage vulnerabilities identified through pentests, bug bounty, or other means.
Projects you could work on:
* Designing, implementing, deploying and monitoring security solutions for all areas
of Cabify Platform: Clouds (GCP/AWS), Linux servers (Packerized and Snowflakes alike),
Networks, Databases, 3rd Party integrations, Mobile Applications, Orchestrators, Logging and
Monitoring systems, and so on.
* Performing pentests (black/white box) and working with 3rd party vulnerability researchers.
* Designing policies that will guide the course of the Platform development.
* Creating guidelines and teaching people about threats and how to effectively mitigate them.
You may be a fit to this role if you:
* Have obsessive attention to detail, especially ones that can be exploited or go wrong.
* Automate yourself of everything by nature, letting machines do the toil work for you.
* Know your way around Unix systems, networking stack, OSI model, containers,
and security aspects of the above.
* Obsessed about least privilege principle, and can explain why you value it so much.
* Have strong aversion to shortcuts, especially security related. Seeing secrets committed
to git makes you want to drop everything and fix things until you can rotate the credentials.
* Have strong programming skills at least in one language, and know your way around few more.
* Prefer transparency to obscurity when it comes to security solutions, and are aware of
dangers of security theater.
* Prefer taking action over waiting for things to happen.
* Strongly favor simplicity over complexity, knowing impact of both on security.
* Experience with Linux systems: running, monitoring and securing them.
* Experience with at least one major cloud provider: running, monitoring and securing workloads in it.
* Excellent written and verbal communication skills: you will work in an asynchronous remote team.
* Demonstrable development experience: you should be able to code your way out of the problem and create tools as you go.
* Familiarity with common security libraries, controls, and of course: flaws and pitfalls.
* Familiarity with security standards is a plus: ISO, PCI/DSS, NIST, or orange book.
* Strong empathy feelings
What’s it like to work at Cabify?:
We’re a company full of happy, motivated people and we never want that to change. Here are some more reasons why it rocks to be part of our family.
- Excellent Salary conditions at Engineering: Senior 48k-55k, Lead 55k-69k.
We also offer very competitive stock options plan. At Cabify we strongly believe highly committed, vision-aligned key roles must be long term invested in the company success, thus a significant portion of the compensation of roles such as this one goes in the form of stock options.
- We offer relocation package to those coming from other country or fully remote working conditions.
- Remote days available upon agreement if you decide to go on-site
- Flexible work environment & hours, we don’t track hours but delivered results
- Regular fun team events
- Cabify staff discount
- Personal development programmes
- Flexible remuneration: restaurant tickets, transport tickets, healthcare and childcare
- A pet room so you don’t have to leave your furry friend at home
- All the gear you need
- And last but not least...free coffee!
Cabify is proud of being an equal opportunity workplace. We celebrate diversity and we are committed to creating an inclusive environment for all employees regardless of background, gender, religion, orientation, age or ability. Join us!