Job Summary
- Technical Skill:
- Security Testing ,
- AWS ,
- GCP ,
- Software development ,
- CI ,
- CD
Job description
Overview of job
The high-level categories are:
- Managing the security engines
Making sure they are up-to-date, revisiting the rule curation, writing new rules, tuning false positives. Writing new engines for other programming languages (essentially wrappers for open source tools). But this will also cover new scanning techniques such as DAST, Container scans, infrastructure scans and cloud platform scans. - Performing security tests
Against GuardRails on the source code, runtime, and infrastructure level and make sure that issues will be detected by GuardRails in the future (where possible). Completed OSCP or similar certifications will come in handy here. - Research & Development
Support the machine learning initiative, research new ways how GuardRails can be improved, and share your learnings from 1/2/3 in blog posts, white papers, and other ways.
Your duties include the following:
- Perform penetration tests, code review, threat modelling of the entire GuardRails infrastructure and actively help making it secure.
- Manage all security testing engines and ensure they are continuously updated and improved (new rules, lower false positives). This includes supporting the addition of new scanning technologies (Docker scanning, DAST, Runtime monitoring, cloud infra security, CI/ CD security, security requirements etc)
- Help visualize security data for different stakeholders (CEO, CISO, VP Engineering, etc. ) via our dashboard. Support interview of stakeholders (reddit, users, customers, ...) about metrics and insights they would like to see.
- Participate in research of applied machine learning to find vulnerabilities, identify fixes and suggest auto fixes.
- May include figuring out how to create auto-exploits that result in automated tests for vulnerabilities.
- Create white-papers, blog posts, and other resources to share GuardRails cutting edge technology and your research findings.
- Regular management reporting of product status
- Ensure all documentation relating to your product contributions are up-to-date
- Support hiring and interview processes
Why You'll Love Working Here
GuardRails is tackling one of the hardest problems in software development, which is to empower software engineers to build applications securely. Joining our team, gives you the special opportunity to work on something meaningful with a tremendous impact on development teams around the world. Our list of users and customers is a testament to the importance of security.
- GuardRails is building a distributed remote-first team and this comes with a range of benefits, such as:
- Avoid the daily commute: Don’t spend hours in traffic just to get to your workplace
- Work on your schedule: We offer an unparalleled flexibility on working hours.
- Don’t catch the flu: Offices can be a place where infections spread easily, as is shown with the recent coronavirus, at GuardRails you don’t have to worry about that.
- Work from where you want: Everyone is unique, some people like to work from home, some from a co-working space, and others like to move from coffee shop to coffee shop or even travel to exotic places and work from the road. It’s up to you at GuardRails.
- Meet the team: We are arranging at least yearly events where we bring the whole team together in one location.
- Take the vacation you need: At GuardRails we don’t cap the amount of vacation and allow everyone to take the time they need to be rested and stay sharp. At the very least 2 consecutive weeks have to be taken every year.
Besides the remote benefits, we also offer some exciting perks for everyone that passes the probation phase:
- Performance bonus of up to 150% of your monthly salary.
- Ability to receive stock options in the company based on performance.
- Allowances for remote work, internet, health insurance, and gym memberships.
- A Macbook pro or other equivalent laptop.
- Allowances for external monitors and other essentials for setting up your home office.
Job Requirement
Your Skills and Experience
You have 5+ years of experience in security testing and securing production-level web applications, including:
- Great security engineering experience across the board with a strong knowledge in at least three programming languages
- Practical experience with securing containers
- Practical experience with securing cloud environments such as AWS or GCP
- Ability to rapidly apply your existing knowledge in new domains and new technologies
- Knowing the difference between relevant security vulnerabilities and noise
- Ability to determine false positives and codifying patterns to avoid them
If you have some of these skills, even better:
- Worked as security engineer in software development teams
- Experience with CI/CD for production environments
Languages
-
English
Speaking: Intermediate - Reading: Intermediate - Writing: Intermediate
Technical Skill
- Security Testing
- AWS
- GCP
- Software development
- CI
- CD
BUSINESS PROFILE
GuardRails is empowering modern development teams to find, fix, and prevent security vulnerabilities.
GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities and enables teams to create web and mobile applications securely, without needing external expertise.
GuardRails, an application security platform, provides a unique blend of scanning capabilities that can be deployed across entire organizations in minutes. Modern development teams can uncover critical vulnerabilities in their applications and rectify them before attackers are able to abuse them.
GuardRails currently integrates 19 finely-tuned scanning engines that support 7 of the most common programming languages and is trusted by over 400 teams around the world