===
Excerpt: Design and implement scalable security infrastructure and help build a culture of security for a rapidly growing team.
Status: Open
===
Don’t you wish the security practice at your company was more modern, effective and not chasing its tail? Are you excited by the idea of tackling novel security problems while empowering a delightful experience for end users? If that energy isn’t appreciated where you currently work, join us in developing a proactive, technology-forward product-security discipline, dedicated to eliminating vulnerabilities in application and infrastructure before they even occur. You’ll own the SSDLC and ensure effective security measures are embedded throughout. You’ll be building systems and occasionally building/buying tools that help all of Engineering truly shift left, so you can spend less time chasing vulnerabilities and more time on meaningful security engagement.
Additionally, this role includes practicing embedded security within Eng teams, teaching them to think through, prevent, and mitigate common security issues all on their own: everything from creating guardrails to implementing AuthN / AuthZ correctly to creating secure and resilient infrastructure as code. The security culture you help create permeates the entire company and has longevity, even when you’re not in the room, because you will help a top-tier Eng team level up. Your work will inform the company’s security roadmap, starting with delivering pieces of a high-speed, automated, and self-service security strategy.
So far the security projects we’ve worked on have been about:
Must have's:
Nice to have's:
We’re a group of engineers who are forging new ground together and love partnering with Security on our journey to pull ahead of our competition. You can read about how we think through problems as well as how we learn from mistakes on our blog here:
app.hex.tech runs on AWS:
app.hex.tech uses:
app.hex.tech is written in: