Security Engineer

FullStack Labs is the fastest-growing software consultancy in the Americas. We help organizations like Uber, GoDaddy, MGM, Siemens, Stanford University, and the State of California, build distributed software development teams, and deliver transformational digital solutions. As an employee-first company, we focus on hiring the most talented software designers and developers in the western hemisphere, by creating a positive, respectful, and supportive work environment where they can achieve their greatest potential. We? re most proud of: *Offering life-changing career opportunities to talented software professionals across the Americas. *Building highly-skilled software development teams for hundreds of the world? s greatest companies. *Having delivered hundreds of successful custom software solutions, which have positively impacted the lives and careers of millions of users. *Our client Net Promoter Score of 64, twice the industry average. *Sustained growth of 100% - 200% per year. The Position: We're looking to hire several mid-level and senior security engineers to join our team. As a Security Engineer at FullStack Labs you will: be a proactive member of the security team that drives complex security efforts for internal projects and external customers. provide client engineering teams with well-researched security advice to demonstrate vulnerabilities, collaborate with all teams to provide secure development guidance. triage vulnerabilities that are found internally or reported through client bug bounty programs. serve as an escalation point of contact. conduct threat modeling, penetration testing, data security, DevSecOps, vulnerability management, and security metrics. work across Ruby on Rails, Apache, Nginx, PostgreSQL, AWS tech stacks. You'll work with our incredible clients in one of two ways: Team Augmentation / Staffing: You willintegrate yourself directly into our client's team and work alongside their existing designers and engineers on a daily basis. Design & Build: You will work on a FullStack Labs product team to build and deliver a product to our clients. What We're Looking For: 4+ years of combined experience in Security, Software Engineering, and DevOps, with coding experience in an object-oriented language in a SaaS multi-tenant environment. Knowledge in OWASP practices. Degree in Computer Science or equivalent practical experience, MS in Computer Science preferred. Experience with: leading small initiatives with the ability to course-correct as needed. conducting threat assessments and creating remediation plans based on the results of threat assessments. penetration testing, threat modeling, open-source, and commercial security tools. AWS and tools (GuardDuty, Tenable, Cloudconfirmity, Macie, Snyk, Cloudfront). infrastructure/cloud automation tooling (e.g. CloudFormation, Terraform, Packer). containers and Container Management (Docker, Kubernetes, Helm, Spinnaker). configuration and Security Management (e.g. SSL Certs, Puppet, Ansible, Salt, Vault, KMS). security tools: (scanners, Interactive security testing tools, Burp Suite). Technical Certifications are a plus (GIAC, OCSP, CISSP, OSCP). working on large, complex systems. working on Agile / Scrum teams. Ability to consistently work 40 hours per week. Competitive pay in US dollars 27 days per year of Paid Time Off (vacation, sick leave, holidays) 100% remote work, now and post COVID. The ability to work with leading startups and Fortune 500 companies Virtual company events each month Ample opportunity for career advancement Continuing education opportunities FullStack Labs is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know by completing our Accommodations for Applicants form, which can be provided upon request during our hiring and interview process.