Application Security Engineer
Who we are:We’re a small team of experienced security engineers with diverse technical and non-technical backgrounds. We’re a passionate group of individuals who enjoy challenging traditional, prescriptive security techniques of the past and adapting or reimagining them to work with Segment’s modern development technologies and practices. We talk about our methods and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you to create innovative security solutions for distributed systems and architecture, we'd love to hear about your approach and introduce you to our team. A little more about our team:
- We discussed our overall approach to our security engineering program at LASCON
- Our CISO’s approach to Building a Security Team and Program
- We deleted every employees’ AWS keys!
- We help organize the OWASP SF chapter, OWASP Vancouver chapter, the AppSec California, B-Sides SF, BC AppSec Day and Day of Security conferences
What we do:
- We believe that good security practices should integrate seamlessly with our existing engineering workflows; we strive to build security controls that our developers will actually use
- We work with our engineering team to ensure that the products that we are shipping are secure
- We enjoy unorthodox means of training our developers (this year, we taught them how to threat model to have more eyes on the architecture)
- We love conferences and meetups (we have hosted OWASP meetups where we spoke about usable security!)
- We love open source: https://open.segment.com
Who we are looking for:
- You are excited to work across the stack on a variety of security challenges and initiatives
- You're empathetic, patient and love to help your teammates grow more secure in their day to day
- You're focused, driven and can get challenging projects across the finish line
- You're proud of the projects you build, but you're also pragmatic
- You try converting a security “no” into a “yes” through technological innovation
- You’re willing to share the awesome things you build to the greater application security community through open source, blogs, podcasts and conference talks
Projects We’re Working On:
- We collaborated closely with our engineering organization to deliver an amazing training that developers actually wanted to take.
- We’re building out tooling that will help us manage and eventually eliminate the overhead of vulnerable dependencies in our applications.
- We're building a system to identify, classify, and track sensitive data within our infrastructure in real time.
- We’ve built tooling to help eliminate the usage of credentials within source code or config files.
- You have a solid understanding of software security principles
- You can perform a code review and discover security problems
- You can break down complex security problems into measurable and solvable pieces
- You can review software architecture and provide security guidance to Engineering teams
- You have 2+ years of application security engineering experience or some cool projects on GitHub you think we'll love to check out
- You have familiarity with AWS, Docker, Golang, Node.js - huge plus
- Any official or non-official red team experience
- You have run a bug bounty program
- You’re involved in the InfoSec community. Our team helps organize the OWASP SF chapter, OWASP Vancouver chapter, the AppSec California, B-Sides SF, BC AppSec Day and Day of Shecurity conferences.
We encourage you to apply if this role excites you - even if you think you may not meet all of the qualifications. At Segment, we live by four values: karma, drive, tribe, and focus. We are always looking for outstanding individuals with diverse backgrounds and perspectives who embody these values. To learn more about life at Segment and our commitment to diversity, equity, and inclusion, visit our LinkedIn page. We’re excited to meet you!Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment in all terms and conditions of employment regardless of sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, race, color, religion, creed, national origin, ancestry, age (over 40), physical disability, mental disability, medical condition, genetic information, marital status, domestic partner status, military or veteran status, height, weight, AIDS/HIV status, and any other protected category under federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.