Staff Software Security Engineer

CircleCI is looking for an experienced full stack developer to join our team. The Security team is a highly-distributed team that’s building a paved security path so our team of roughly 200 engineers can ensure our infrastructure provides value to legitimate customers. You'll write sustainable, resilient code as part of an engineering organization that values teamwork, trust, and learning.

In this role, you'll be part of a team at the heart of CircleCI’s business that's responsible for build environments used by thousands of development teams every day!

What You’ll Do:

• Share rotating on-call duties for our incident response.
• Contribute to building the standard methodologies of a growing team and organization.
• Be a leader in educating peers across the organization on security issues.
• Contribute to internal and external security outreach programs, including writing blog posts and leading workshops.
• Respond to reports from security researchers and lead the coordination of remediation efforts.
• Collaborate with the Security team and partners to prioritize, project manage and report out on various projects.
• Collaborate to build tooling and processes to support the engineering organization in the creation of secure and robust software
• Take leadership on particularly critical code reviews in multiple code languages

About You:

We’re seeking someone who thrives in a collaborative environment, is curious and interested in learning, brings strong communication and teamwork skills, and helps others grow by sharing their expertise and encouragement.

Process makes you feel good. Mentoring is a primary reason why you love this profession. Learning something new every day is essential to your happiness. You are conscientious and genuinely like people. Javascript is the best or worst thing in your world depending on the day. Leftpad is never far from mind.

Below you can find a list of skills and practices we value in candidates - you don’t need to be experienced in all of them to apply!

• Security mentality
• Web penetration testing and OWASP Top 10 experience
• A focus on delivering high-quality code through strong testing practices. You write functional code that’s easily readable, testable, and maintainable.
• Ability to manage customer demands and collaborate with internal partners of various level and expertise to solve them
• ~5 years of development experience with distributed systems
• Pair programming, both synchronous and asynchronous
• Experience working in a modern cloud company with Docker, Kubernetes, Terraform, Helm, AWS, and GCP. An ability and interest in learning new languages and technologies. We use Clojure and Go, JavaScript/React, Kubernetes/Helm, MongoDB and PostgreSQL, and RabbitMQ. More details on our tech stack can be found here.
• Experience with agile software development practices, focusing on incremental delivery of value. Demonstrated ability to lead multiple, complex projects simultaneously.
• Ability to manage the ambiguity of a rapidly-growing company: adjusting to changing priorities, making conscious tradeoffs when guidance is limited and information is incomplete, and instituting standard methodologies from scratch when needed.
• Strong analytical skills and communication skills, both written and verbal
• Calm in a fast paced environment

CircleCI Engineering Career Growth System:

This role equals level E4 on our Engineering Competency Matrix, our internal career growth system for engineers. These are the minimum expectations for this position, but we are always willing to discuss bringing people on at more senior positions when appropriate. Find more about the matrix in this blog post.

#LI-MA1

Level: Mid-Senior Level