Senior Software Engineer – Vulnerability Management
Posted 1 month ago
Spotify listeners, creators and employees trust us to provide a safe digital platform that protects any sensitive information they share with us. Spotify Security is a distributed team that champions and delivers on initiatives with Spotify’s autonomous teams to ensure that our organization keeps information security appropriately prioritized and that the trust we have with these stakeholders is well-deserved. We focus on raising security awareness, providing security intelligence and building tools to enable these teams to feel a shared sense of responsibility for security and privacy concerns. We aim to constantly improve the security posture of our organization by iterating on our tooling and process.We are looking for senior software engineers to join our team of awesome engineers that share a common interest in distributed systems, their scalability and continued development, and information security. You will build the systems that help keep our product, users, and employees secure and help teams continuously improve their security and engineering practices. Above all, your work will impact the way the world experiences music.
What you’ll do
- Be a technical leader within Vulnerability Management team, the Security Tribe, and within Spotify in general. You will define and drive objectives for the team and will make sure that the technical achievements align with business needs. You will work together with other technical leaders and product managers to align on the technical needs and requirements.
- Lead the architecture and design of the vulnerability management platform: Define and design the interfaces with other backend systems and vulnerability sources, design an efficient and effective data model for vulnerability data, design the frontend and metrics integrations to enable the business to get the most insight out of vulnerability trends and patterns.
- Perform data exploration and visualisation to understand how vulnerability trends and patterns factor into our organization’s key performance indicators. We will collect a lot of metrics generated by the reactive controls and we will need to find patterns, overlay them to the org topology and present insights to the control owners, leadership and to the rest of Spotify.
- Coordinate and drive the vulnerability management process at Spotify. That will include managing relationships with SaaS, MSSP, and other vendors, defining remediation policies, coordinating with the Security Tiering efforts, and communicating the program inwards and outwards.
Who you are
- You are an experienced developer, who is confident writing software in Python or Java for use by thousands of engineers, supporting a product used by millions of end users.
- You are experienced with deploying and operating services on in the cloud on Linux.
- You have experience and passion for working with integrations and APIs with SaaS and Cloud platforms.
- You have experience working directly with stakeholders to understand, document and develop APIs and systems to meet their requirements, driving increased adoption and reducing reliance on custom one-off implementations.
- You are interested in data science and big data processing technologies.
- You care about quality and you know what it means to ship high quality code.
- You have understanding or interest in the security domain and how Vulnerability Management fits into the security program
- You are collaborative, solutions focused, and willing to contribute to a friendly and inclusive culture.
- You have experience working in agile environments, working with continuous improvements and willing to share knowledge.