- Hardening our Kubernetes deployments
- Running and evolving our Bug Bounty Program
- Streamlining our product authorization model
- Optimizing access control company-wide
- Automating vulnerability management
- 5+ years of product-security experience: 4 years in appsec, 1 in cloudsec
- You write code and are fond of creating your own automation
- Deep understanding of software-security principles and a good understanding of cloud-infrastructure security principles
- Hands-on experience with many of the core infrastructure products that Hex is run on, including Kubernetes, AWS, and Terraform
- You perform code reviews regularly
- Proficient at threat modeling and keeping the models updated
- Able to break down a landscape of scattered security problems, whether complex, simple and/or varies, and group them into logical, achievable components to get the most bang for the buck during quarterly and annual planning
- Possess an instinct for strategic thinking and aligning with business and product goals, while keeping a healthy balance of velocity and security excellence.
- Excel at working with several different engineering teams and codebases, and at communicating with engineers and non-technical partners across many different backgrounds, demonstrating curiosity about how their work contributes to Hex's success.
- Experience scaling and optimizing a bug-bounty program with a good signal:noise ratio
- Involvement with your Security Community
- Interest in the data space, and a love of shipping great products and building tools that empower engineers and users to do more.
- Curious and willing to dive into the bigger picture of building a company, including go-to-market, customer development, people, and marketing.
- How we took down production...
- Beyond Linear Notebooks
- A pragmatic approach to live collaboration
- EKS
- RDS (Postgres)
- EC2
- S3
- TypeORM
- Apollo GraphQL
- React
- Redux
- ... and more
- TypeScript
- Python
- Node
- Terraform
-
Senior Security Engineer
2 weeks ago
HDI Service AG New York, United StatesIhre Aufgaben: · Verantwortung für den Betrieb und die Architektur der Splunk Infrastruktur · Weiterentwicklung der Splunk Plattform · Technische Beratung und Umsetzung von (Security) Use Cases · Ausbau der Interkonnektivität der Splunk Plattform · Integration, regelmäßige Ü ...
-
Junior Security Engineer
2 weeks ago
HDI Service AG New York, United StatesIhre Aufgaben: · Betrieb und Weiterentwicklung der technischen Cyber Security Lösungen (z.B. EDR, NDR, SIEM, Vulnerability-Scanning) · Administration von Security Agenten auf Endsystemen · Unterstützung bei der Planung, Installation, Konfiguration und Migration von innovativen ...
-
Web Application Security Engineer
5 days ago
Deutsche Telekom AG New York, United StatesAufgabe · Als Web Application Security Engineer (w/m/d) unterstützt Du unser Betriebsteam bei folgenden Aufgaben: · Konzeption, Implementierung und Betrieb der WAF- (Web Application Firewall), Reverse-Proxy- und Loadbalancing-Systeme · Unterstützung bei Netzwerk- und Security-Th ...
-
IT security/security engineer
3 weeks ago
Aurora Ventures College City, United StatesAs a major regional employer, the Diocese of Essen employs professionals and leaders from over 30 different professions. · The Diocese of Essen is the sponsor of numerous educational institutions such as schools of various types, adult and family education facilities, kindergarte ...
-
Security Engineer
2 weeks ago
Locke and McCloud New York, United StatesSecurity Engineer (SOC) - Hybrid Role · Are you a seasoned Security Engineer with a passion for protecting critical assets and ensuring operational resilience? We are thrilled to announce an exciting opportunity for a Security Engineer (SOC) to join a leading organization in Okla ...
-
Security Engineer
2 weeks ago
Foursquare New York, United StatesAbout Foursquare · Foursquare is the leading independent location technology and data cloud platform, dedicated to building meaningful bridges between digital spaces and physical places. Our proprietary technology unlocks the most accurate, trustworthy location data in the worl ...
-
Security Engineer
2 weeks ago
Paragon Alpha - Hedge Fund Talent Business New York, United StatesOur client are a Tier 1 Hedge Fund, who take a quant approach to investing, and look after $63 billion in assets. After consistent and strong returns across their portfolios, they are hiring technical talent for both the London and NY office. · This hedge fund places security at ...
-
Security Engineer
2 weeks ago
Nationstaff New York, United StatesAbout This Role · We are seeking a highly capable Security Engineer / Senior Security Engineer, who will be responsible for various technical and cryptographic security aspects. This role requires a certain range of experience and an in-depth understanding of security engineerin ...
-
Security Engineer
5 days ago
Green Key Resources New York, United StatesDepartment: Infrastructure Services · StaffTitle: Security Engineer · Reportsto: Director of IT · FLSAStatus: Exempt · WorkingConditions: Full-time (M-F), Office Business Settings. This is an On-Premises position. Monday through Thursday (9-5) and remote on Fridays only (No excep ...
-
Security Engineer
3 weeks ago
Meta Defunct New York, United StatesSummary: · Meta Security is looking for a Security Engineer with experience in threat modeling, TTP identification, and detection engineering. You'll work alongside Software Engineers and Offensive Security Engineers to identify critical assets, assess the top risks, and evaluate ...
-
Security Engineer
2 weeks ago
TSR Consulting New York, United StatesAbout TSR: · TSR is a relationship-based, customer-focused IT and technical services staffing company. · For over 40 years TSR, Inc. and its wholly owned subsidiary, TSR Consulting Services, have prospered in the Information Technology staffing business, earning the respect of co ...
-
Security Engineer
1 week ago
Wallero New York, United StatesTitle: Security Engineer · Position: Contract · PRIMARY LOCATION: New York · Note: Only who are willing work on our W2 · Description: · Highly motivated self-starter with excellent interpersonal and problem-solving skills · Bachelor s degree or equivalent work experience · Good o ...
-
IT Security Engineer
3 weeks ago
NYC Health Hospitals New York, United StatesMetroPlusHealth provides the highest quality healthcare services to residents of Bronx, Brooklyn, Manhattan, Queens and Staten Island through a comprehensive list of products, including, but not limited to, New York State Medicaid Managed Care, Medicare, Child Health Plus, Exchan ...
-
Security Engineer
1 week ago
Phyton Talent Advisors New York, United StatesResponsible for engineering and administrating Network and Security infrastructures. Ability to · Support large enterprise mission critical networks and develop new technology solutions. Provide · technical expertise in working with clients and other GS-IT groups on networks and ...
-
Security Engineer
4 weeks ago
PRI Technology New York, United StatesThis is an onsite role in New York, NY · MUST HAVES: · "The ideal candidate for this requirement would have experience in assessing, implementing solutions, designing, and executing security controls. An additional advantage, as mentioned in the requisition, is expertise in clou ...
-
Security Engineer
3 weeks ago
Betterment New York, United StatesAbout Betterment · Betterment is a leading, technology-driven financial services company that offers investing and retirement solutions for retail investors and investment advisors as well as financial wellness solutions, including a 401(k) for small and medium-sized businesses. ...
-
Security Engineer
5 days ago
MedReview Inc. New York, United StatesWorkingConditions: Full-time (M-F), Office Business Settings. This is an On-Premises position. Monday through Thursday (9-5) and remote on Fridays only . · PositionSummary –The Security Engineer is responsible for securing – maintaining and monitoring MedReview's enterprise infra ...
-
Security Engineer
3 weeks ago
Datadog New York, United StatesWe are looking for a Security Engineer for the Software Integrity and Trust team to build systems that protect Datadog against various forms of supply-chain attacks. · You'll join at an ideal time to make a big impact: supply-chain attacks continue to be one of the fastest growin ...
-
Security Engineer
2 weeks ago
Infojini New York, United States· •Develop security configurations. · •Establish security best practices as well as review all vendor designs ensuring compliance with security standards and governance models. · •Provide expertise in integration and engineering of Security platforms. · •Manage test cases and ...
-
IT Security Engineer
1 week ago
MetroPlus Health Plan New York, United StatesIT Security Engineer · Do you have the right skills and experience for this role Read on to find out, and make your application. · Job Ref: 99336 · Category: Information Technology · Department: MHP INFORMATION SECURITY · Location: 50 Water Street, 7th Floor, · New York, · ...
Product Security Engineer - New York, United States - Hex Technologies Inc
Description
===
Excerpt: Design and implement scalable security infrastructure and help build a culture of security for a rapidly growing team.
Status: Open
===
About the role
Don't you wish the security practice at your company was more modern, effective and not chasing its tail? Are you excited by the idea of tackling novel security problems while empowering a delightful experience for end users? If that energy isn't appreciated where you currently work, join us in developing a proactive, technology-forward product-security discipline, dedicated to eliminating vulnerabilities in application and infrastructure before they even occur. You'll own the SSDLC and ensure effective security measures are embedded throughout. You'll be building systems and occasionally building/buying tools that help all of Engineering truly shift left, so you can spend less time chasing vulnerabilities and more time on meaningful security engagement.
Additionally, this role includes practicing embedded security within Eng teams, teaching them to think through, prevent, and mitigate common security issues all on their own: everything from creating guardrails to implementing AuthN / AuthZ correctly to creating secure and resilient infrastructure as code. The security culture you help create permeates the entire company and has longevity, even when you're not in the room, because you will help a top-tier Eng team level up. Your work will inform the company's security roadmap, starting with delivering pieces of a high-speed, automated, and self-service security strategy.
So far the security projects we've worked on have been about:
About you
Must have's:
Nice to have's:
Our Engineering team
We're a group of engineers who are forging new ground together and love partnering with Security on our journey to pull ahead of our competition. You can read about how we think through problems as well as how we learn from mistakes on our blog here:
Our Tech Stack
runs on AWS:
uses:
is written in: