Senior Application Security Engineer

San Francisco, CA

Applications have closed

Patreon

Patreon is the best place to build community with your biggest fans, share exclusive work, and turn your passion into a lasting creative business.

View company page

Do you believe that creators should have the ability to get paid for the value they give to their fans? 

We do, which is why we're building Patreon, a platform that powers membership services for creators with established followings. Patreon strives to provide creators with insight, education, and tools that make it possible to retain creative control while running their creative business, so creators can focus on creating and energizing their fanbases.

Our user base has doubled in the last year alone, and we have paid over $1 billion directly to creators on our platform. Bringing Patreon to creators and patrons all over the world is essential to achieving our mission. In order to support this growth, we are looking for a Senior Application Security Engineer

What you will do:

  • You will collaborate across teams at Patreon and it’s subsidiaries to create and execute security controls to defend Patreon from both internal and external attacks.
  • You will develop and iterate on a threat modeling framework and automation to help the software development lifecycle to comply with industry best practices such as CIS and NIST.
  • You will assist with security compliance-related questions and designs such as PCI, Sarbanes–Oxley Act, and Systems and Organization Controls Type 2 (SOC 2 Type 2). 
  • You will drive periodic penetration assessments of our web and mobile experience.
  • You will articulate risk to appropriate stakeholders including engineers, leaders, and executives.
  • You will participate  in vendor security risk assessments.

Skills and experience you possess:

  • You have significant experience across multiple technical stacks, with special attention to product scalability, usability, and performance.
  • You know industry best practices for software design and coding standards.
  • You are a great communicator who can explain technical issues and risks to a broad, non-technical audience. You work well with engineering, legal, product, executives, and others. You tailor your communication style, level of detail, and approach based on the audience.
  • You are a strong collaborator and can influence technical teams, and you take them along with you.
  • You operate effectively across teams and disciplines even in highly ambiguous situations.
  • You have experience building inclusive team cultures.
  • You care about building great products and a great company that matters.
  • You have  the ability to design and implement identity-based access management systems and controls.
  • You have knowledge of cryptography and cryptographic implementation of best practices.
  • You have experience building out a threat modeling program at another company.

Projects you may work on:

  • Cloud migration project from either on premise to cloud or from a single cloud provider to multiple cloud providers.
  • Assist with the migration to a secure service architecture.
  • Contribute to long-term secure Patreon API strategy.

What you will have the chance to learn:

  • Build a new cardholder data environment from the ground up.
  • Ability to collaborate on creating new technology to protect both the content creator and the patrons.

Who you'll work with:

At Patreon, you'll join a high-performing and highly-empathetic team of people who proudly work on fulfilling our mission of funding the creative class. Our culture of creator-first, thoughtful teammates keeps work creative, stretching, and rewarding.

Our Core Behaviors:

  • Put Creators First. Patreon is nothing without our creators. 
  • Achieve Ambitious Outcomes. Set, measure, and accomplish goals that deliver massive value to our creators and patrons. 
  • Cultivate Inclusion. We want an environment that retains and engages the diverse teams we build.
  • Bias Towards Action. When in doubt, we take the next best step, then course correct when needed. We go out of our way to fix problems when we see them. We take ownership seriously.
  • Be Candid and Kind. Be extremely caring and extremely direct in all you do at Patreon, especially when it comes to giving positive and constructive feedback. 
  • Be Curious. You don’t know it all, and that’s the fun part. Everything gets better when you’re curious. Things get more interesting, more clear, and more approachable. When you bring curiosity into the workplace, you’re growing yourself, your teammates, and Patreon as a whole.

Want to learn more about Patreon?

 

#LI-KM2

Tags: APIs Application security Automation Cloud Compliance Cryptography NIST SOC 2 Strategy

Perks/benefits: Startup environment

Region: North America
Country: United States
Job stats:  7  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.