Security Engineer
Remote
Applications have closed
Donorbox
Get more donations by embedding our optimized donation form, donate now button. Nonprofit donation software powering 50,000 organizations.About Donorbox
Donorbox.org is a leading fundraising platform and donor management system for nonprofit organizations. Our mission is to positively impact the world by helping nonprofits become highly effective at raising donations and managing their supporter base. We serve more than 40,000 organizations and process more than $360 million dollars annually. We are a profitable, bootstrapped company with a healthy run-rate — last year, we grew 127%!
Donorbox was founded in San Francisco in 2014 and currently has 50+ team members in 14 countries. We are a small, motivated company that is trying to help the world significantly. Our engineering team of 15 wants to build the best online donation experience for supporters as well as the best donor management tools to help nonprofits operate more efficiently. This year, we plan to work on CRM, membership, P2P campaigns, and one-click payments.
Work Culture
As a fully-distributed team, we value trust and communication. Our team also believes in prioritizing and working smart instead of working crazy hours. Our engineers work 40-45 hours a week max, with no weekend work (unless special circumstances arise).
Job Details
We're looking for a Security Engineer who has extensive experience and enjoys working in security to join our team.
We're fortunate to have team members based all around the world in all different time zones, and this role is no exception! We're looking for an engineer to work during normal working hours in the UTC-7 to UTC-9 time zones. You don't have to be based in these time zones, but you should be comfortable working in that schedule.
Responsibilities
- A couple of your main job duties would be to monitor logs, identify attacks, and prevent those attacks.
- Implement and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (GDPR and ISO 27001).
- Conducting security assessments through vulnerability assessments, penetration testing, and risk analysis.
- Continuously update the company’s incident response and disaster recovery plans.
- Maintain continuous compliance of data Loss Prevention (DLP).
- Identify, document and maintain information security risk register and report to the security lead and other stakeholders.
- Contribute to threat management, threat modeling, identifying threat vectors, and developing use cases for security monitoring.
Requirements
- Experience with security monitoring.
- Experience in security systems (firewalls, intrusion detection systems, authentication systems, log management).
- Familiarity with web technologies and Databases (Rails, Postgres, Redis).
- Familiarity with common threats including but not limited to malware, phishing, ransomware, DDOS, application security risks.
- Experience with Penetration Testing and Vulnerability Assessments.
- Knowledge of Data Protection Act & GDPR.
- Proficiency in Kali, BurpSuite, OWASP, Cloudflare is preferable.
- Self-learning history and readiness to expand technical skill-set, both though self study and formal training.
- Excellent communication and team working skills + ability to work remotely.
- Our software engineers must make decisions on their own without being told detailed specs. (We are not looking for a code monkey!) We hope to work with this professional for 4+ years.
Bonus Points
- Bonus points for certifications like Certified SOC Analyst, OSCP, and other Offensive Security Certificates.
- Bonus points if you have worked with Heroku and Rails.
Benefits
- Meaningful equity in our profitable, growing company. (We're working on setting up equity compensation for team members all around the world.)
- 75% of your family's medical healthcare insurance is covered.
- $4k laptop and home office credit.
- We cover the costs of your co-working space if needed.
- Company retreats in fun locations. (Post-apocalypse)
- Working at a company that is improving the world in a major way!
Application
If you'd like to apply, send us a short cover letter introducing yourself with answers to these following questions:
- What are your preferred technical books (could be related to Programming and/or Security)? Why are these books good?
- Who is your favorite Cyber Security professional and why?
- Share 2-3 links to your recently launched projects (or past employers). Let us know what role you played in those opportunities.
- What are your favorite tools in your toolkit?
- Have you ever did participated in bug bounties? Why?
- Show me 2 organizations that use Donorbox. Pick orgs that are not on our homepage.
- How do you refactor code? Show us how you think through the process.
- Attach a sample code from an interesting project. Explain what the code does.
- Include your resume and social profiles, e.g. Linkedin, Stackoverflow, Github, Twitter, Hackerone, and HTB, etc.
We look forward to hearing from you!
Tags: Application security Burp Suite Cloudflare Compliance DDoS Firewalls GDPR GitHub Heroku Incident response Intrusion detection ISO 27001 Kali Malware Monitoring Nonprofit Offensive security OSCP OWASP Pentesting PostgreSQL Redis Risk analysis Security assessment
Perks/benefits: Career development Equity Gear Home office stipend Salary bonus Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs