Security Engineer

Remote

Applications have closed

Donorbox

Get more donations by embedding our optimized donation form, donate now button. Nonprofit donation software powering 50,000 organizations.

View company page

About Donorbox

Donorbox.org is a leading fundraising platform and donor management system for nonprofit organizations. Our mission is to positively impact the world by helping nonprofits become highly effective at raising donations and managing their supporter base. We serve more than 40,000 organizations and process more than $360 million dollars annually. We are a profitable, bootstrapped company with a healthy run-rate — last year, we grew 127%!

Donorbox was founded in San Francisco in 2014 and currently has 50+ team members in 14 countries. We are a small, motivated company that is trying to help the world significantly. Our engineering team of 15 wants to build the best online donation experience for supporters as well as the best donor management tools to help nonprofits operate more efficiently. This year, we plan to work on CRM, membership, P2P campaigns, and one-click payments.

Work Culture

As a fully-distributed team, we value trust and communication. Our team also believes in prioritizing and working smart instead of working crazy hours. Our engineers work 40-45 hours a week max, with no weekend work (unless special circumstances arise).

Job Details

We're looking for a Security Engineer who has extensive experience and enjoys working in security to join our team.

We're fortunate to have team members based all around the world in all different time zones, and this role is no exception! We're looking for an engineer to work during normal working hours in the UTC-7 to UTC-9 time zones. You don't have to be based in these time zones, but you should be comfortable working in that schedule.

Responsibilities

  • A couple of your main job duties would be to monitor logs, identify attacks, and prevent those attacks.
  • Implement and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (GDPR and ISO 27001).
  • Conducting security assessments through vulnerability assessments, penetration testing, and risk analysis.
  • Continuously update the company’s incident response and disaster recovery plans.
  • Maintain continuous compliance of data Loss Prevention (DLP).
  • Identify, document and maintain information security risk register and report to the security lead and other stakeholders.
  • Contribute to threat management, threat modeling, identifying threat vectors, and developing use cases for security monitoring.

Requirements

  • Experience with security monitoring.
  • Experience in security systems (firewalls, intrusion detection systems, authentication systems, log management).
  • Familiarity with web technologies and Databases (Rails, Postgres, Redis).
  • Familiarity with common threats including but not limited to malware, phishing, ransomware, DDOS, application security risks.
  • Experience with Penetration Testing and Vulnerability Assessments.
  • Knowledge of Data Protection Act & GDPR.
  • Proficiency in Kali, BurpSuite, OWASP, Cloudflare is preferable.
  • Self-learning history and readiness to expand technical skill-set, both though self study and formal training.
  • Excellent communication and team working skills + ability to work remotely.
  • Our software engineers must make decisions on their own without being told detailed specs. (We are not looking for a code monkey!) We hope to work with this professional for 4+ years.

Bonus Points

  • Bonus points for certifications like Certified SOC Analyst, OSCP, and other Offensive Security Certificates.
  • Bonus points if you have worked with Heroku and Rails.

Benefits

  1. Meaningful equity in our profitable, growing company. (We're working on setting up equity compensation for team members all around the world.)
  2. 75% of your family's medical healthcare insurance is covered.
  3. $4k laptop and home office credit.
  4. We cover the costs of your co-working space if needed.
  5. Company retreats in fun locations. (Post-apocalypse)
  6. Working at a company that is improving the world in a major way!

Application

If you'd like to apply, send us a short cover letter introducing yourself with answers to these following questions:

  1. What are your preferred technical books (could be related to Programming and/or Security)? Why are these books good?
  2. Who is your favorite Cyber Security professional and why?
  3. Share 2-3 links to your recently launched projects (or past employers). Let us know what role you played in those opportunities.
  4. What are your favorite tools in your toolkit?
  5. Have you ever did participated in bug bounties? Why?
  6. Show me 2 organizations that use Donorbox. Pick orgs that are not on our homepage.
  7. How do you refactor code? Show us how you think through the process.
  8. Attach a sample code from an interesting project. Explain what the code does.
  9. Include your resume and social profiles, e.g. Linkedin, Stackoverflow, Github, Twitter, Hackerone, and HTB, etc.

We look forward to hearing from you!

Tags: Application security Burp Suite Cloudflare Compliance DDoS Firewalls GDPR GitHub Heroku Incident response Intrusion detection ISO 27001 Kali Malware Monitoring Nonprofit Offensive security OSCP OWASP Pentesting PostgreSQL Redis Risk analysis Security assessment

Perks/benefits: Career development Equity Gear Home office stipend Salary bonus Team events

Region: Remote/Anywhere
Job stats:  872  56  1

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.