Senior Application Security Engineer
San Francisco, CA
Patreon
Patreon is the best place to build community with your biggest fans, share exclusive work, and turn your passion into a lasting creative business.Do you believe that creators should have the ability to get paid for the value they give to their fans?
We do, which is why we're building Patreon, a platform that powers membership services for creators with established followings. Patreon strives to provide creators with insight, education, and tools that make it possible to retain creative control while running their creative business, so creators can focus on creating and energizing their fanbases.
Our user base has doubled in the last year alone, and we have paid over $1 billion directly to creators on our platform. Bringing Patreon to creators and patrons all over the world is essential to achieving our mission. In order to support this growth, we are looking for a Senior Application Security Engineer.
What you will do:
- You will collaborate across teams at Patreon and it’s subsidiaries to create and execute security controls to defend Patreon from both internal and external attacks.
- You will develop and iterate on a threat modeling framework and automation to help the software development lifecycle to comply with industry best practices such as CIS and NIST.
- You will assist with security compliance-related questions and designs such as PCI, Sarbanes–Oxley Act, and Systems and Organization Controls Type 2 (SOC 2 Type 2).
- You will drive periodic penetration assessments of our web and mobile experience.
- You will articulate risk to appropriate stakeholders including engineers, leaders, and executives.
- You will participate in vendor security risk assessments.
Skills and experience you possess:
- You have significant experience across multiple technical stacks, with special attention to product scalability, usability, and performance.
- You know industry best practices for software design and coding standards.
- You are a great communicator who can explain technical issues and risks to a broad, non-technical audience. You work well with engineering, legal, product, executives, and others. You tailor your communication style, level of detail, and approach based on the audience.
- You are a strong collaborator and can influence technical teams, and you take them along with you.
- You operate effectively across teams and disciplines even in highly ambiguous situations.
- You have experience building inclusive team cultures.
- You care about building great products and a great company that matters.
- You have the ability to design and implement identity-based access management systems and controls.
- You have knowledge of cryptography and cryptographic implementation of best practices.
- You have experience building out a threat modeling program at another company.
Projects you may work on:
- Cloud migration project from either on premise to cloud or from a single cloud provider to multiple cloud providers.
- Assist with the migration to a secure service architecture.
- Contribute to long-term secure Patreon API strategy.
What you will have the chance to learn:
- Build a new cardholder data environment from the ground up.
- Ability to collaborate on creating new technology to protect both the content creator and the patrons.
Who you'll work with:
At Patreon, you'll join a high-performing and highly-empathetic team of people who proudly work on fulfilling our mission of funding the creative class. Our culture of creator-first, thoughtful teammates keeps work creative, stretching, and rewarding.
Our Core Behaviors:
- Put Creators First. Patreon is nothing without our creators.
- Achieve Ambitious Outcomes. Set, measure, and accomplish goals that deliver massive value to our creators and patrons.
- Cultivate Inclusion. We want an environment that retains and engages the diverse teams we build.
- Bias Towards Action. When in doubt, we take the next best step, then course correct when needed. We go out of our way to fix problems when we see them. We take ownership seriously.
- Be Candid and Kind. Be extremely caring and extremely direct in all you do at Patreon, especially when it comes to giving positive and constructive feedback.
- Be Curious. You don’t know it all, and that’s the fun part. Everything gets better when you’re curious. Things get more interesting, more clear, and more approachable. When you bring curiosity into the workplace, you’re growing yourself, your teammates, and Patreon as a whole.
Want to learn more about Patreon?
#LI-KM2
Tags: APIs Application security Automation Cloud Compliance Cryptography NIST SOC 2 Strategy
Perks/benefits: Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs