Security Engineer - DevSecOps
At Bitly, we believe in the power of the link or scan - to start a conversation, build a relationship or grow a business. Our mission is to turn every interaction into a catalyst for connections. It’s what motivates us to help people share, promote and engage everywhere on the Internet. We do this by being relentlessly product-focused, fostering the free-flowing exchange of ideas, and inspiring people around the world to dream up new ways of using Bitly.
The Role
We are seeking a talented and proactive Security Engineer to join our team. The ideal candidate will be passionate about cybersecurity and possess a strong technical background in application and cloud network technologies. In this role, you will collaborate closely with our application production engineering teams and the Infosec team to integrate security best practices into all aspects of our software development lifecycle.
What You'll Do
- Partner with rest of the InfoSec Team, IT and the Product-Engineering teams to implement the strategic security vision into our products
- Design, implement, and maintain robust security architectures for our applications and cloud infrastructure to ensure our systems' confidentiality, integrity, and availability
- Help implement Cloud Security Best Practices by configuring and managing security controls for cloud environments, including identity and access management (IAM), network security groups (NSGs), and encryption mechanisms
- Keep detailed documentation of security configurations, policies, procedures, and incidents to help keep track of the status of security initiatives and compliance efforts
- Implement security automation and orchestration workflows to streamline security operations and improve incident response times
- Perform security-focused code reviews
- Assist the InfoSec team in supporting the development and implementation of controls to achieve and maintain compliance with SOC 2 and other relevant industry standards
- Support and consult with product engineering teams in the area of application security, including threat modeling and appsec reviews
- Work closely with product engineering teams to embed security frameworks and security best practices throughout the software development lifecycle, including secure coding guidelines, static and dynamic code analysis, and dependency scanning
- Participate in the entire software development lifecycle (SDLC), including threat modeling, secure code reviews, and security testing
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities
- Take the lead in incident response efforts during security breaches or incidents, managing investigation, containment, eradication, and recovery activities while implementing preventative measures for the future
Who You Are
- An expert in application and cloud security with a deep understanding of the latest threats, vulnerabilities, and best practices
- A cybersecurity enthusiast with a substantial technical foundation and a drive to stay ahead of emerging threats
- Proficiency in programming and automation using Go, JavaScript, Bash, and Terraform
- A collaborative team player who can effectively communicate and work with cross-functional teams to integrate security into every phase of the software development lifecycle and convey technical concepts to non-technical stakeholders
- A problem-solver with a keen eye for detail and a proactive approach to identifying and addressing security vulnerabilities
- A continuous learner who thrives in a fast-paced environment and is eager to stay updated on emerging technologies and trends in cybersecurity
- Strong understanding of web application security principles, including OWASP Top 10 vulnerabilities and secure coding practices
- Familiarity with both AWS and GCP production environments
- Experienced in applying security best practices to meet industry compliance standards (e.g., SOC 2, PCI-DSS, HIPAA)
- (Bonus) Security certifications such as CISSP, CSSLP, CEH, or GCP Professional Cloud Security Engineer / AWS Certified Security Engineer
US Employee Benefits
Your benefits start on Day 1!
Health:
- Inclusive health, dental, vision built to support diverse lifestyles through Aetna & Kaiser
- One Medical membership: Doctors you can text, call or email 24/7 and receive access to expert insurance guidance
Wellbeing:
- Wellness reimbursement program
- Enhanced care for reproductive health, family planning, pediatrics with Maven
- Robust mental health support and Employee Assistance Program (EAP) with confidential counseling services through Lyra.
- Impactful community building through our Employee Resource Groups
- Global DEI training programs and guest speakers throughout the year
Financial:
- Generous HSA Contribution from Bitly
- 401k with up to 4% employer match through Betterment, access to a financial professional to offer our employees the opportunity to plan-ahead for a strong financial future well beyond their working years
- Company Stock Options
- Life Insurance - Company provided and supplemental
- Short-term and Long-term Disability
- Unlimited PTO Policy (vacation, sick, & personal), including Mental Health days and 2 annual “Recharge” weeks
- Partial cell phone and WiFi service reimbursement
- Full support for remote work, including a $500 home office stipend
- Voluntary Benefits: Pet Insurance, LegalShield, IDShield, Hospitalization, and Accident coverages
- Generous parental leave policies; maternity and parental leave for growing families
- Budget for professional development opportunities, including courses and conference attendance
- Coworking reimbursement - $350 on a quarterly basis
Eligibility & Closing
US applicants must be currently authorized to work in the United States on a full-time basis.
*** Must live in or be willing to relocate to one of the following states to be eligible for hire: Arizona, California, Colorado, Connecticut, Florida, Georgia, Illinois, Louisiana, Massachusetts, Michigan, Minnesota, New York, New Jersey, North Carolina, Pennsylvania, Texas, Vermont, Virginia, Washington ***
If you are based in California, we encourage you to read this important information for California residents linked here. (https://bitly.is/CPRACandidates)
#LI-AH1 #LI-Remote
Compensation
The salary range for this role takes into account a wide range of factors considered in making compensation decisions including, but not limited to, skill sets, tenure in role, experience and training, licensure and certifications as well as other business and organizational needs.
Pay Range
$105,600—$158,401 USD
At Bitly, it is not typical for an individual to be hired at or near the top of the range for their role. Realistic expectations for a first-year employee's salary will likely fall closer to the mid-point of the provided range.
Our Values
- Be a Catalyst. As an innovative technology company, we build our products to be a catalyst for connection and encourage our team to be catalysts for meaningful impact both at work and in the world
- Take Ownership. In our highly collaborative culture, Individual accountability is critical. We depend on each other to solve our customers' most challenging problems and celebrate the wins together
- Champion Diversity, Equity & Inclusion. Our product connects people of all backgrounds and abilities. And our company is built on the belief that our differences make us better and that everyone deserves the opportunity in which to thrive
- Show Integrity. We don’t cut corners. We don’t look for the easy way out. We approach every day with a shared mindset - let’s do the right thing, even if it’s the harder thing
- Have Fun. Whether your time is here is as short as a Bitly link or as long as the links your grandma sends you, we want your experience at Bitly to be fun and memorable. We hope the connections you make here last a lifetime
In keeping with our beliefs and goals, no employee or applicant will face discrimination or harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. Above and beyond discrimination/harassment based on “protected categories,” Bitly also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our office. Whether blatant or hidden, barriers to success have no place at Bitly.