Full Time Senior-level / Expert
Donorbox.org is a leading fundraising platform and donor management system for nonprofit organizations. Our mission is to positively impact the world by helping nonprofits become highly effective at raising donations and managing their supporter base. We serve more than 40,000 organizations and process more than $360 million dollars annually. We are a profitable, bootstrapped company with a healthy run-rate — last year, we grew 127%!
Donorbox was founded in San Francisco in 2014 and currently has 50+ team members in 14 countries. We are a small, motivated company that is trying to help the world significantly. Our engineering team of 15 wants to build the best online donation experience for supporters as well as the best donor management tools to help nonprofits operate more efficiently. This year, we plan to work on CRM, membership, P2P campaigns, and one-click payments.
As a fully-distributed team, we value trust and communication. Our team also believes in prioritizing and working smart instead of working crazy hours. Our engineers work 40-45 hours a week max, with no weekend work (unless special circumstances arise).
We're looking for a Security Engineer who has extensive experience and enjoys working in security to join our team.
We're fortunate to have team members based all around the world in all different time zones, and this role is no exception! We're looking for an engineer to work during normal working hours in the UTC-7 to UTC-9 time zones. You don't have to be based in these time zones, but you should be comfortable working in that schedule.
- A couple of your main job duties would be to monitor logs, identify attacks, and prevent those attacks.
- Implement and oversee enforcement of policies, procedures, standard and associated plans based on industry-standard best practices (GDPR and ISO 27001).
- Conducting security assessments through vulnerability assessments, penetration testing, and risk analysis.
- Continuously update the company’s incident response and disaster recovery plans.
- Maintain continuous compliance of data Loss Prevention (DLP).
- Identify, document and maintain information security risk register and report to the security lead and other stakeholders.
- Contribute to threat management, threat modeling, identifying threat vectors, and developing use cases for security monitoring.
- Experience with security monitoring.
- Experience in security systems (firewalls, intrusion detection systems, authentication systems, log management).
- Familiarity with web technologies and Databases (Rails, Postgres, Redis).
- Familiarity with common threats including but not limited to malware, phishing, ransomware, DDOS, application security risks.
- Experience with Penetration Testing and Vulnerability Assessments.
- Knowledge of Data Protection Act & GDPR.
- Proficiency in Kali, BurpSuite, OWASP, Cloudflare is preferable.
- Self-learning history and readiness to expand technical skill-set, both though self study and formal training.
- Excellent communication and team working skills + ability to work remotely.
- Our software engineers must make decisions on their own without being told detailed specs. (We are not looking for a code monkey!) We hope to work with this professional for 4+ years.
- Bonus points for certifications like Certified SOC Analyst, OSCP, and other Offensive Security Certificates.
- Bonus points if you have worked with Heroku and Rails.
- Meaningful equity in our profitable, growing company. (We're working on setting up equity compensation for team members all around the world.)
- 75% of your family's medical healthcare insurance is covered.
- $4k laptop and home office credit.
- We cover the costs of your co-working space if needed.
- Company retreats in fun locations. (Post-apocalypse)
- Working at a company that is improving the world in a major way!
If you'd like to apply, send us a short cover letter introducing yourself with answers to these following questions:
- What are your preferred technical books (could be related to Programming and/or Security)? Why are these books good?
- Who is your favorite Cyber Security professional and why?
- Share 2-3 links to your recently launched projects (or past employers). Let us know what role you played in those opportunities.
- What are your favorite tools in your toolkit?
- Have you ever did participated in bug bounties? Why?
- Show me 2 organizations that use Donorbox. Pick orgs that are not on our homepage.
- How do you refactor code? Show us how you think through the process.
- Attach a sample code from an interesting project. Explain what the code does.
- Include your resume and social profiles, e.g. Linkedin, Stackoverflow, Github, Twitter, Hackerone, and HTB, etc.
We look forward to hearing from you!
Explore more Information Security career opportunities
- Open Senior Infrastructure Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open SOC Analyst Jobs
- Open Senior Penetration Tester Jobs
- Open IT Security Engineer Jobs
- Open Information Security Architect Jobs
- Open Principal Security Engineer Jobs
- Open Information Security Officer Jobs
- Open Staff Security Engineer Jobs
- Open Vulnerability Analyst Jobs
- Open Personnel Security Officer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Senior Information Security Analyst Jobs
- Open DevOps Security Engineer Jobs
- Open Software Security Engineer Jobs
- Open Senior Information Security Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Senior Incident Response Analyst Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Privacy Manager Jobs
- Open IAM Engineer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Cybersecurity Analyst Jobs
- Open Clearance-related jobs
- Open NIST-related jobs
- Open PCI-related jobs
- Open Open Source-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Machine Learning-related jobs
- Open Ruby-related jobs
- Open Intrusion detection-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open IPS-related jobs
- Open Encryption-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open Cryptography-related jobs
- Open HIPAA-related jobs
- Open TCP/IP-related jobs
- Open DevSecOps-related jobs
- Open Unix-related jobs
- Open PowerShell-related jobs
- Open DNS-related jobs