Product Security Engineer

About Kustomer

Kustomer is the industry leading conversational CRM platform perfecting every customer experience.  Built with intelligent tools such as AI and Automation, no code-configuration and a connected data platform that unifies data from multiple sources through a single timeline, Kustomer empowers businesses to operate with greater efficiency and deliver more personalized service to customers across any channel, making every interaction more meaningful and memorable. Today, Kustomer is the core platform for some of the leading customer service brands like Ring, Glovo, Away Travel, Priceline and Sweetgreen.

Kustomer was founded in 2015 by serial entrepreneurs Brad Birnbaum and Jeremy Suriel and has raised over $200M in funding backed by leading VCs. Meta announced its intention to acquire Kustomer in 2020 and completed the transaction in 2022. Kustomer joined Meta’s Business Messaging Group to transform the way people and businesses communicate through modern messaging channels.  In 2023, Kustomer spun out from Meta as a standalone company backed by original partners, Battery, Redpoint and Boldstart Ventures, who have invested $60M in capital, ensuring Kustomer’s growth and success for many years to come. 

Our Krew is made up of passionate and collaborative people who really care about what they do and the people they help. We look for people who are passionate about enhancing the customer service experience for everyone involved, as it's the core of what we do. We're growing our business with no plans of slowing down. We actively seek individuals who want to learn and be challenged every day. We have also transitioned to a remote friendly company, with Krew members located throughout the U.S. coming together for Kamp Kustomer each year.

About the Role

Kustomer is looking for a highly skilled Product Security Engineer with a robust technical background, exceptional problem-solving abilities, and comprehensive expertise in product security. This pivotal role involves crafting and executing security strategies to safeguard our products and customers against cyber threats and collaborating closely with a team of proficient engineers. This role is not just about mitigating risks; it's about setting industry standards for product security, fostering a secure development lifecycle, and ensuring that security is an integral part of our product design and deployment process. Join us in our mission to deliver a secure Customer Experience, shaping the future of product security at Kustomer.

What You’ll Do:

• Take a lead role in formulating and deploying security measures to fortify Kustomer against cyber threats.

• Proactively hunt for potential vulnerabilities within our product, product designs and codebases, collaborating with our team to develop robust solutions that effectively mitigate risks and rectify security weaknesses.

• Keep abreast of emerging security trends, technologies, and practices, leveraging this knowledge to continuously enhance Kustomer's product security posture.

• Champion product security within the organization by utilizing your technical skills to maintain security documentation, enforce coding standards, and lead security training, thereby promoting a culture of security awareness and a proactive approach to safeguarding our offerings.

• Analyze security logs and reports meticulously, identifying and addressing security incidents swiftly.

• Collaborate with vendors and internal product and engineering teams to identify and prioritize security threats, ensuring they are effectively addressed from the early stages of product development to retrospective evaluations.

• Conduct detailed risk assessments and formulate strategies to mitigate risks for new and existing products.

• Serve as a subject matter expert for cybersecurity solutions, procedures, and implementation across product lines.

• Manage incident response situations and provide expert consultation on security lifecycle and technical assessments.

• Write clean, maintainable, and well-documented code following best practices and coding standards.

• Assist in security forensic investigations.
  

Your Qualifications:

• 5+ years of software development + security experience with significant experience in security architecture design and review.

• Strong proficiency in one of the modern server-side languages such as Java, Go, Python, JavaScript(React/node.js)

• Strong understanding of software engineering principles, design patterns, and best practices for building scalable and maintainable code.

• Experience in building web applications using React.js or similar frontend frameworks.

• Experience with RESTful API development, integrating with external services and databases.

• Familiarity with AWS and experience with cloud services like AWS Lambda or Firebase.

• Familiarity with Github and CI/CD pipelines and automation tools for building, testing, and deploying applications.

• Ability to diagnose and debug complex issues, optimize application performance, and identify areas for improvement

• Experience in cloud security, including knowledge of current and emerging threats.

• Strong interpersonal skills, with an ability to work independently or cross functionally as part of a remote team.

• Experience with data protection & archiving, disaster recovery, business continuity, and implementing security measures.

• Proven project management familiarity with Agile methodologies and working in an agile team environment

• You proactively identify challenges & opportunities 

• Ability to clearly communicate technical concepts and project information to both technical and non-technical audiences

Nice To Have:

• You have Github activity showing thoughtful, relevant contributions

• Strong Proficiency in AWS services such as EC2, S3, Lambda, API Gateway, and CloudFormation.

• Strong understanding of NoSQL databases, particularly MongoDB, including data modeling and query optimization.

• Experience with testing frameworks and methodologies (e.g., Jest, Mocha, Selenium) and a focus on code quality through unit testing and integration testing.

• Familiarity with containerization technologies like Docker and container orchestration frameworks like Kubernetes.

• Familiarity of HTML, CSS, and front-end development principles, including responsive design and cross-browser compatibility.

• Familiarity with authentication and authorization mechanisms (e.g., OAuth, JWT)

• Experience in crowd sourced vulnerability program

HIPAA Compliance

All roles at Kustomer may involve handling sensitive personal data.

Benefits

Kustomer offers an array of benefits including competitive salaries, stock options, 100% healthcare coverage, 401K, WiFi and Mobile reimbursement, and a generous vacation policy.

Diversity & Inclusion at Kustomer

Kustomer is committed to bringing together individuals from different backgrounds and perspectives.

We strive to create an inclusive environment where everyone can thrive, feel a sense of belonging, and do great work together.We are proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, Veteran status, or any other legally protected status.

Disclaimer: Kustomer only contacts candidates from company email addresses ending in kustomer.com and does not seek funds from candidates in any circumstances.