Security Engineer

Posted Aug 25

Job description

Security Engineering at ChartMogul is comprehensive and cross-functional. As the sole Security Engineer, you will own various security aspects, including infrastructure, implementing security-related improvements, promoting company-wide security awareness, and managing policies to ensure ongoing SOC-2 Type 2 compliance. This unique position will provide plenty of flexibility and multiple opportunities to help you grow as a security professional in diverse ways.

As a Security Engineer, you will

  • Maintain infrastructure security at various levels, ranging from containers up to the perimeter
  • Own and independently execute a long-term security product roadmap that includes both core security work and security-related product features, while collaborating with the Infrastructure team, Engineering leadership, and respective Product Managers to achieve this goal
  • Own, manage, and update our Incident Response plan
  • Identify and fix security risks and vulnerabilities within our various codebases independently and through collaboration with other engineers
  • Support our engineering teams on application security throughout the different stages of the development lifecycle, and propose secure-by-default building blocks
  • Facilitate and lead application security reviews and threat modeling, which includes code review and dynamic testing
  • Lead annual security exercises related to our SOC-2 policies
  • Work with Ops and Legal Teams to coordinate SOC-2 Type 2 annual renewal efforts
  • Increase security awareness within the organization
  • Continuously assess our security needs; Identify appropriate tools, speak to potential vendors, and find the right balance between buying and building solutions
  • Be the main point of contact, internally and externally, for all security-related requirements

What we work with

  • Ruby / Ruby on Rails framework
  • Vue.js and Typescript
  • Postgres and Snowflake
  • AWS, Docker/Kubernetes and Terraform
  • Sidekiq and/or Faktory
  • DataDog and CI/CD systems
  • Sysdig

While this is a remote position, we are only able to consider candidates who are based in the EU.

Job requirements

What we’re looking for

  • Bachelor's Degree in Computer Science or related field
  • 2+ years of professional experience in a technical role with security responsibilities
  • Comprehensive understanding of various security fundamentals, including cloud security, networks, cryptography, and web security
  • Knowledge of cloud environment(s)
  • Technical experience working with web applications, including coding and debugging
  1. While we don't expect you to code extensively for this role, having a strong coding background will help you onboard more quickly and excel in your job. It will enable you to independently support the security aspect of our core products and services
  2. Although we welcome any language or web development experience, we expect you to be willing to learn and work with our primary languages of choice (Ruby, JavaScript, Python) in order to conduct security-related code reviews, such as checking for potential vulnerabilities or security issues
  • Proactive and independent, with a strong sense of urgency
  • Able to make practical and effective decisions applicable to the dynamic nature of our product development world
  • You can break down complex technical work into meaningful presentations for non-technical audiences
  • Next to speaking English fluently, you are able to understand and translate business requirements into clearly articulated technical solutions

What we offer

  • Competitive compensation and equity package
  • Annual performance and compensation review
  • Flexible hours with a healthy work-life balance
  • Paid holidays, paid sick leave, and parental leave
  • Adventures of a highly innovative, market-leading company, where you’ll experience having an incredibly impactful job
  • A team of kind and highly dedicated people who all have the same mission: helping SaaS companies succeed!

Application Process

  1. Initial call with our tech recruiter
  2. Technical interview
  3. Team interview (Policy and process related)
  4. Stakeholder interview with Legal Team (SOC-2 related)
  5. Final interview with VP of Engineering
  6. Reference Checks
  7. Offer

As a global, distributed workforce in over 20 countries, we know good ideas come from all over. Our different backgrounds, strengths, identities, and experiences make our product and company better. That's why we are committed to a diverse and inclusive workplace that fosters collaboration and innovation.