Senior Security Engineer, InfraSec

About us

Forter provides new-generation fraud prevention to meet the challenges faced by modern enterprise e-commerce. Only Forter provides fully automated, real-time Decision as a Service™ fraud prevention, with approve/decline decisions backed by a 100% chargeback guarantee. The system eliminates the need for rules, scores, or manual reviews, making fraud prevention friction-free. The result is fraud prevention that is invisible to buyers and empowers merchants with increased approvals, smoother checkout, and the near elimination of false positives - meaning more sales and happier customers.

About the team

Forter has a complex set of cloud applications and infrastructure with petabytes of sensitive data flowing through numerous datastores and thousands of cloud compute instances providing logic for real-time decision making. Securing this system in a way that makes the perimeter and the internals safe from sophisticated attackers, satisfies its customers, and still provides the engineers with a smooth development experience is a world-class challenge. The Security Team’s mission is to help design secure products and features from the very start while engaging with every engineering team, as well as evaluating and overhauling everything that has been built over the years. The team also develops security features to add to Forter’s infrastructure, choosing and deploying external security tools to complement its abilities where needed.

What you'll be doing:

• Represent the Security Team as point of contact and source of knowledge in Design Review meetings across Engineering
• Perform threat analysis, define security controls and security KPIs for implementation and tracking across the organization
• Improve the company’s security standing by developing security features for use in the company’s cloud infrastructure (identity and access management, key and secret management, security monitoring, production machine access)
• Select and deploy tools from external vendors for continuous application and infrastructure security scanning, tracking, and resolution (SAST, IDS, IPS, DDoS, etc.)

You'll be expected to:

• Work very well cross-functionally, think rigorously, and make hard decisions despite tradeoffs
• Perform risk assessments and prepare recommendations for how to invest security resources
• Design, build, evangelize, and maintain security infrastructure and tools that all Forter's engineering teams will enjoy using
• Mentor engineers to design secure applications, provide design reviews
• Work in “brownfield” environments, imagining the next evolution of legacy systems alongside new ones 

What you'll need:

• 6+ years of experience working with public clouds (AWS / GCP / Azure)
• Experience with complex software projects (Python / Ruby / Go / NodeJS / etc.) or infrastructure as code tools (Cloudformation / Terraform / Pulumi / etc.) 
• Extensive knowledge of every layer of the stack (Hardware / OS / Network / Application / Database / Storage / etc.) 
• Hold yourself and others to a high bar when working with production
• Fluent written and spoken English, excellent listening and presentation skills
• Experience leading cross-team efforts (champion an idea, get buy-in, reach widespread adoption)

We would especially love to hear if you:

• Have experience with threat modeling, performing security audits, penetration testing, and SAST tools.
• Have production experience with CNCF technologies like Kubernetes, Istio, Prometheus, Vault, Consul, etc.
• Have experience developing multi-cloud SAAS platforms.
• Contributed to open-source application security tooling or standards.
• Have experience with certification and compliance programs such as PCI-DSS, SOC II, and ISO27001.

Why Forter:

In Forter, engineers who have founders’ mentality thrive. With many technical challenges alongside complex systems, developers get to lead and impact as much as they can and want. From leading cross-team, highly coordinated projects, to deeply technical and highly challenging, long-term projects.

We work together. It’s important for us to cultivate the team mindset and know that people care about our well-being and are there to help when needed. We try as best as we can to keep office politics outside.

We don’t have QA, we don’t have Architects (“CTO team”), we don’t have a NOC or SOC team. We look at our team as part of the system that we build, so we optimize the process and tools to fit our team. Most of our team has a generalist mindset, but our system is vast and we have people developing expertise in areas they are passionate about. 

We are big believers in having Skin in the game as a way of setting the alignment of incentives to build things right, and picking boring technology as we respect the complexity of our system and business.

At Forter, we believe unique people create unique ideas, and valuable experience comes in many forms. So, even if your background doesn't match everything we have listed in the job description, we still encourage you to apply and tell us why your skills and values could be an asset to us. By welcoming different perspectives, we grow together as humans and as a company.

Forter is an Equal Employment Opportunity employer that will consider all qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law.