HN Jobs

Simple | Security Engineer | REMOTE or Portland, Oregon Hey everyone, my name is Dylan and I'm on the security team at Simple. We're looking to hire a new security engineer. Simple is a subsidiary of BBVA Compass that seeks to add superior engineering and transparent policies to the banking world. We've been around since 2009 and we have about 260 employees. Our security group is split into two teams - Security Operations and Security Governance. SecOps builds security software and features for our customers and employees (like two-factor authentication) and Security Governance performs security assessments on our existing and pre-release software. You would be joining me on the Security Governance team, doing web and mobile penetration tests, source code review and incident response. In this role, you'll be working through different parts of our frontend, backend and internal software and breaking it any and every way you can. You'll be working closely with the software engineering teams as a resident security authority. You'll also be checking IDS logs and working with tools like ThreatStack, CrowdStrike, Suricata, etc. Prior experience with those exact tools is helpful but not necessary, we'll get you up to speed regardless. More important is the ability to find real security flaws in applications and spot problems with source code. This is an ideal job for those who are technically competent and tired of working as a security consultant (however, you do not need to have been a consultant, we will consider virtually any background as long as you have solid skills). Some report writing will be required for you to document and track vulnerabilities, but you will not be using pages and pages of methodology or vulnerability diagram boilerplate. Most reports are about a page with a much simpler template, and posted right to GitHub. You'll be doing more direct communication with engineers via IRC or Zoom about vulnerabilities you find than you will be writing a report about it. Speaking of GitHub, we use it for everything. Even our HR and marketing teams use GitHub. We are a very engineering-heavy organization. We also offer a lot of support for remote employees - I work fully remote from NYC. We use a private IRC server and Slack for chat, Zoom for video conferencing and we even have two Double Robotics robots in our office to remote into. Finally, our tech stack consists of mostly Scala and Java on the backend and mostly JavaScript and Ruby on the frontend. We also use Python, R, Clojure and C for certain tools. People are free to write in whatever they want as long as it's effective. We also use AWS. You can see the full, slightly more HR'd job description here: http://banksimple.theresumator.com/apply/b9GKYw/Information-... Feel free to shoot me an email at dsaccomanni@simple.com, I'll be glad to talk more about the company or the role. If you'd like to apply, apply directly through the link above and I'll see your résumé.