Security Engineer

Signifyd leads the world in bringing the insights, innovation and compassion required to foster fearless commerce in a time of increasing digital threats. Working with some of the industry’s most recognizable retailers and brands, we are focused on using technology to enhance customer lifetime value and protect enterprises from fraud so they can focus on growing their business. 

We process billions in ecommerce transactions annually through our Commerce Network of thousands of merchants selling in more than 100 countries. We focus every day on harnessing machine learning and artificial intelligence in more powerful ways to maximize our customers’ revenue and their security. None of that happens without the right people.

Our team’s strength is in its diversity and its acceptance of new ideas and new ways to look at old challenges. We are dedicated disruptors designing a new world of commerce at scale. We know humans are not one-dimensional and we celebrate the uniqueness each individual brings to the problems we solve and the culture we create.

About this role:

Signifyd is on a mission to defend e-commerce from fraudsters. Our Commerce Protection Platform collects transactions and behavioral data from thousands of merchants in over 100 countries, giving us a high-definition picture of global commerce. Our adaptive machine learning back-end sifts this vast dataset to automate order review and eliminate the worry of fraud for merchants, letting them trust more and grow fearlessly. Our customers' success depends on the Signifyd platform to be always-on, always-fast and always-secure.

We are looking for a Security Engineer to join our global team focused on mitigating threats to our platform and business. You will operate at the front line of risk by identifying vulnerabilities and threats, and partnering with Signifyers across the organization to implement defenses and bake security into our products and processes. This job is an early hire on our Infosec team. As such you will have tremendous influence to shape our security architecture and vision, and you will be directly involved in building our security stack and ISMS operations. You won't find silo working at Signifyd, just lots of smart peeps and a singular focus on improving the status quo.

This role will be focused on solving security challenges through software engineering. You will work side by side with other software developers to bolt robust security controls into our SDLC. You will assess the security of our cloud infrastructure and develop targeted improvements to our infrastructure-as-code patterns. You will own the triage, investigation and resolution of security incidents, enhance our security event detection code, and build chat-ops runbook automation. You will model threats to our services, proactively hunt for threats, and work to eliminate blind spots.

This position is fully remote, based anywhere in the US, and you will be working with a primarily remote team, using a robust set of online collaboration tools. Occasional participation in company on-site events may be required, but these are tentative depending on pandemic restrictions, and all travel and expenses are paid.

About you:

Equal parts security practitioner and code jockey, you are passionate about improving security by writing code and automating away the repetition. You love to dive into complex problems and can develop tactical solutions to guide people, processes and systems to successful outcomes. You can balance classic security-versus-usability tradeoffs (or can avoid them altogether) and have a mature conception of risk. You are conscientious in what you build, write and communicate, and strive to improve the status quo. You thrive when collaborating with others and are eager to extend a helping hand. You keep a watchful eye on the security savannah and can spot threats on the horizon.

Desired Skills:

• You are proficient in at least one programming language and have written software to solve problems in one or more security domains
• You can administer cloud systems from AWS, Azure or another major cloud provider, ideally using an infrastructure-as-code technology
• You have deployed, managed or secured microservice technology stacks running on Kubernetes
• You have experience with DevOps and Agile software development practices
• You have worked with a CI/CD system and understand its relation to change management controls
• You have first-hand knowledge of common software flaws, especially in web applications, and have experience mitigating or working around them
• You have audited complex systems or conducted threat modeling
• You have handled security incidents in a live business environment
• You know your way around a CLI and *nix or BSD systems are second nature to you

Don’t meet all of the above? Let us know in your cover letter. Passion and drive matters to us!

#LI-Remote