Security Engineer

Bugcrowd is a crowdsourced security platform. It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model. It was founded in 2011 and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet.

The successful candidate will be passionate about security and be hungry to learn more, while adapting to a constantly changing environment. 

Description

The Security Engineer’s role is to aid the security efforts of Bugcrowd, while proactively making changes to further improve our security posture. 

To achieve this goal, we require a motivated team member who is willing to push their own boundaries and step out of their comfort zone.You will be challenged on a regular basis, especially because you are the last line of defense for one of the largest crowdsourced security platforms! The Mid-Level / Senior Security Engineer will provide mentoring to multiple junior security engineers and will work closely with other team members on a daily basis.

Responsibilities

• Aiding within the Incident Response process
• Threat hunting
• Developing patches and security controls within a Ruby on Rails application, Golang application, and Kotlin application
• Communicating across multiple teams converting technical knowledge into palatable words for multiple audiences. 
• Significant familiarity with AWS and network security controls
• Identifying vulnerability root causes
• Performing basic risk assessments and triaging
• Educating developers on security best practices
• Architecting solutions with developers to remediate any security concerns
• Performing basic red team assessments (including but not limited to phishing, vishing, spoofing technologies, etc.)
• Testing new features within the platform and services
• Automating security tasks to increase workflow efficiency
• Mentoring other team members

Position Requirements

• Experience with writing IR plans and operating within an IR practice (experience responding to incidents)
• Working knowledge of Threat Intelligence and how it can be used to proactively create security controls (automation)
• Familiarity with Pentesting techniques and OWASP Top 10
• Ability to understand a vulnerability and work with developers to patch it
• Scripting knowledge in at least one of: Bash, Python, JavaScript, Ruby
• Self motivated and organized - must be able to operate from a calendar and be punctual
• Cloud security experience or holds cloud certifications (AWS strongly preferred)
• Experience with Identity and Access Management (IAM) controls
• Ability to work autonomously within a global company, and critically think without intervention
• Familiarity with git
• Familiarity with a ticketing system / issue tracking system is a must (e.g: Jira)

Formal Education

The Mid level - Senior Security Engineer will have 3 - 5 years of experience in a similar role or its equivalent.