Security Engineer

Job description

ChartMogul's Security Engineering is comprehensive and cross-functional. As the sole owner of this role, you will be responsible for enhancing the security of our applications and ensuring our SOC-2 compliance. You will collaborate with various teams to identify vulnerabilities, design and implement security product features, and maintain a robust application security posture. We especially want to hear from you if you are a software engineer focusing on application security.

As a Security Engineer, you will

• Be the main point of contact, internally and externally, for all security-related requirements

• Contribute to designing and implementing product features with security and privacy by design mindset

• Conduct comprehensive security assessments on our family of codebases to identify and fix vulnerabilities and weaknesses

• Facilitate and lead application security reviews and threat modeling, which includes code review and dynamic testing

• Foster a security-conscious culture by providing security training and awareness programs across the company

• Maintain infrastructure security at various levels, ranging from containers up to the perimeter

• Own, manage, and update our Incident Response plan

• Contribute to developing and maintaining SOC-2 controls, policies, and procedures

While this is a remote position, we are only able to consider candidates who are based in the EU.

Job requirements

What we’re looking for

• Demonstrable previous experience of at least 2 years as an Application Security Engineer

• Technical knowledge of techniques, standards, and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities, and remediation

• Working experience with at least one programming language, preferably Ruby (on Rails), Python or Javascript

• Knowledge of cloud environment(s), preferably AWS

• Proactive and independent, with a strong sense of urgency

• Excellent written and verbal communication skills in English

• Ability to collaborate effectively with cross-functional teams

• Experience translating security concepts into language for application developers and non-technical audiences

Nice to have

• Bachelor's degree in Computer Science, Information Security, or related fields

• Working experience in web application development

• Experience with Docker and Kubernetes

• Experience with Sysdig

What we offer

• Competitive compensation and equity package

• Annual performance and compensation review

• Flexible hours with a healthy work-life balance

• Paid holidays, paid sick leave, and parental leave

• Adventures of a highly innovative, market-leading company, where you’ll experience having an incredibly impactful job

• A team of kind and highly dedicated people who all have the same mission: helping SaaS companies succeed!

Application Process

1. Initial call with our tech recruiter

2. Security-related Technical interview

3. Hiring Manager + Team interview

4. Stakeholder interview with Legal Team

5. Final interview with VP of Engineering

6. Reference Checks

7. Offer

As a global, distributed workforce in over 20 countries, we know good ideas come from all over. Our different backgrounds, strengths, identities, and experiences make our product and company better. That's why we are committed to a diverse and inclusive workplace that fosters collaboration and innovation.