Senior Security Engineer

Communication has changed for people. It’s changed for businesses, too.

Intercom is the only suite of customer messaging products that drives growth at every stage of the customer lifecycle—across acquisition, engagement, and support. Today more than 30,000 businesses use Intercom to connect with a billion people worldwide.

Join the company helping businesses grow revenue through live chat, and so much more.

What's the opportunity? 🤔

Join a high-performing team within the Information Security group, responsible for ensuring Intercom remains secure & trusted for more than 30,000 businesses. Building secure software is recognised as critical to the company’s success and is baked into how we build our product. 

As a senior engineer on the Security Solutions team, you will be given the opportunity to use & develop your understanding of hard security problems, how they intersect with our products and how best to tackle them in the name of safeguarding our people, products & customer data. You will lead and execute on highly impactful projects that reduce our risk, affect our bottom line and help us in our drive towards IPO.

You will be a lead engineer in a globally distributed team with a strong bias for automation, eliminating toil, and helping each other work sustainably. You will have continuous opportunity and support for your career growth in a company that is invested in helping people do the best work of their careers. Learn more about our engineering culture at intercom.engineering

What will I be doing? 🚀

• Define & drive our technical strategy through influencing security engineering team roadmaps, as well as leading & delivering impactful projects.

• Do hands-on engineering work at every level of our stack, building software components that our engineering teams can use to tackle common software vulnerabilities and raise the security bar across our core infrastructure.

• Design improvements to the security architecture around our production environment, applying the principle of least privilege to improve our identity and access management for customers, users and applications.

• Assess the security of planned features and applications as well as our core infrastructure, partnering with the relevant teams to identify and mitigate risks prior to release.

• Act as the lead in our response to security incidents, working as part of a cross-functional incident response team to rapidly contain and mitigate security incidents.

• Partner with other engineers in the information security group, providing guidance and technical mentorship for others to help them grow and do the best work of their careers.

• Deliver focused security training to other engineers within the company, making them aware of the common pitfalls around software development and educating them on best practices and support in the form of existing security solutions.

What skills do I need? 📖

You need to have professional experience which includes some or all of the following areas of security engineering:

• Applying security processes as part of the Secure Software Development Lifecycle (e.g. threat modelling, security architecture reviews)

• Knowledge of common web-based vulnerabilities (e.g. CSRF, XSS) and the mechanisms to defend against them (e.g. HSTS, CSP, TLS etc)

• Building controls which implement security standards/frameworks, such as authentication (e.g. SAML), authorization (e.g. Oauth, Oso) or applied cryptography

• Leveraging automation to secure cloud infrastructure, e.g. implementing identity & access controls, managing secrets, segmenting networks.

In addition:

• You have deep knowledge of a high-level programming language (e.g. Ruby, Python etc.). Note that the language doesn’t have to be one that we use here!

• You have proficiency and prior experience in writing & delivering software in a production environment.

• We build on AWS; experience in building & operating distributed systems in the cloud is an advantage.

Benefits 😍

We are a well-treated bunch, with awesome benefits! If there’s something important to you that’s not on this list, talk to us! :)

• Competitive salary and meaningful equity

• Fully funded comprehensive medical, dental, and vision coverage

• Regular compensation reviews - great work is rewarded!

• Open vacation policy and 10 corporate holidays

• Paid Parental Leave Program

• 401k plan

• In-office bicycle storage

• Fun events for Intercomrades, friends, and family!

*Proof of eligibility to work in the United States is required.

Intercom values diversity and is committed to a policy of Equal Employment Opportunity. Intercom will not discriminate against an applicant or employee on the basis of race, color, religion, creed, national origin, ancestry, sex, gender, age, physical or mental disability, veteran or military status, genetic information, sexual orientation, gender identity, gender expression, marital status, or any other legally recognized protected basis under federal, state, or local law.