Lead Security Engineer

Follow Up Boss · Mar 1st 2019

Apply on Remotive

It’s 2019 isn’t it time to find a job that lets you work where you want?

Who Is Follow Up Boss?

  • We’re a simple, sales-focused CRM for real estate teams (and we use our own product)
  • We’re a self funded, profitable company started back in April of 2011
  • We’re a remote company with a mostly US-based team
  • We don’t just claim to be customer-centric – we live it: https://www.facebook.com/followupboss/reviews
  • Check out our video on how we work: https://www.followupboss.com/about/

Why Would You Want To Work Here?

  • We’re a young, ambitious company who only answers to our customers
  • Opportunity to have a big impact on our growth and your career
  • No red tape or pointless meetings
  • Competitive salary, health/dental insurance and 20 days paid holiday, $1000 to outfit your home office, yearly company meetup

This Role Is For You If…

  • You are passionate about Information Security and have solid experience in the field.
  • You would describe yourself as patient, empathetic and having a good sense of humour
  • You’re independent, self-motivated and can stay efficient and productive without someone looking over your shoulder all day long
  • Superb written and verbal skills (with a professional yet fun demeanor).
  • You enjoy programming and creating solid, tested, reliable things over just breaking things.
  • Reject the idea of security being a blocker, and enjoy collaborating with colleagues across teams to ship projects securely
  • Have the ability to work with others and helping them to understand security is far more important than knowing about the latest ROP gadget finding techniques.
  • This is a hands-on technical position where you will work with the Infrastructure and Product teams to ensure the secure release of applications.
  • Security architecture experience and the ability to consult with engineering teams working on technology projects will be key to success.
  • You have thorough familiarity with techniques used by real world attackers and should be able to prioritize detection and attack surface reduction efforts based on this knowledge.

Your qualifications:

  • Self motivated and proactive mindset.
  • Remote work experience is considered an asset.
  • Based in the USA, quiet home office with fast internet.
  • Strong experience in penetration testing or related activities, including at least network and application security experience.
  • Understand modern web application architecture, TCP/IP, HTTP, and standard network and system security technologies
  • A strong knowledge of securing production LAMP (PHP) stacks, as well as a solid understanding of iOS and Android apps is a must.
  • Strong knowledge of internet security issues.
  • Strong knowledge of UNIX and networking protocols.

Your responsibilities will include:

  • Take a leadership role in driving security and privacy initiatives at Follow Up Boss.
  • Establish, advocate and enforce security policies and best practices among our team members.
  • Lead efforts to keep our customers’ data and company assets safe.
  • Review changes in internal processes and IT systems to make sure the changes being made don’t have adverse effect on security.
  • Provide security guidance for our products and technologies
  • Collaborate with colleagues across a variety of teams to architect & ship projects securely
  • Discover, analyze, assess, and respond to various threats in Follow Up Boss’s web stack, iOS and Android applications.
  • Investigate security-related reports from customers, internal team members or general public, assess risks and damage, plan recovery actions and lead the effort to execute the plan.
  • Review changes in software we produce to make sure we follow best security practices and the changes being made don’t have a negative effect on security.
  • Evaluate and provide recommendations on third party applications and services and the security implications associated with their use.
  • Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly.
  • Instrument and perform anomaly analysis of systems and applications
  • Ability to discover new and interesting security problems as well a fix them.
  • Mentor other team members.

30 Day Targets:

  • Become familiar with the product architecture, infrastructure, and existing tools.
  • Pair with engineers to gain knowledge about the system and how we work.
  • Improve the new hire onboarding process, by being a part of it.

60 Day Targets:

  • Take active part in the internal security related work (e.g. assessing company VPN, implementing AWS IAM security best practices, SSH + 2FA, etc)
  • Work with fellow engineers to ensure authorized access to internal tools, servers, and sensitive customer data.

90 Day Targets:

  • Identify top security issues and develop a solid plan to address them
  • Develop internal physical security policies.
  • Review and produce plan to comply with Google Compliance External Security Audit.

Our Core Engineering Values

  • Teamwork
  • Communication
  • Code Quality
  • Focus and Prioritization
  • Customer Driven
  • Leadership Qualities

If this sounds like a great fit we would love to hear from you.

We’re not accepting applications from agencies.

The post Lead Security Engineer appeared first on Remotive.

Apply on Remotive