Bugcrowd is the world’s #1 crowdsourced security company. Our award-winning platform combines actionable, contextual intelligence with the skill and experience of the world’s most elite hackers to help leading organizations solve security challenges, protect customers, and make the digitally connected world a safer place.
As a Platform Security Engineer at Bugcrowd, you will help keep Bugcrowd secure. This will involve managing our Bug Bounty program, as well as using your security and technical knowledge to identify areas in our platform and processes which need improvement. You will work closely with the Engineering, Product Management and IT Security teams to drive these improvements.
Protect, Detect, Respond
"Blast containment" aka build it like it's broken - Input into architecture
- Manage our public security program via our Bug Bounty program
- Ensure processes for sensitive data access meet our compliance requirements and do not unnecessarily expose us to the possibility of unauthorized data access
- Ensure our platform meets our compliance requirements
- Participate in the discovery and planning process for new features that pertain to the integration with security systems and increasing internal efficiencies.
- Provide iterative feedback to Product Management, Design, Developers, Infrastructure, and Data Engineering.
- Communicate technical product details to any internal teams and stakeholders as needed.
- Assist with the development and review of shipped code as it relates to security systems and quality.
- Continuous development of incident detection and response tooling and process.
- BA/BS in Computer Science or closely related degree or equivalent practical experience.
- 3 years of hands-on commercial experience
- Proven work experience as a software security engineer
- Detailed technical knowledge of techniques, standards and state-of-the-art capabilities for authentication and authorization, applied cryptography, security vulnerabilities, and remediation
- Familiarity with compliance requirements for some certifications (eg ISO27001, SOC2)
- Knowledge of web-related technologies (Web applications, Web Services, and Service-Oriented Architectures) and of network/web security products
- Interest in all aspects of security research and development
- Experience with Amazon Web Services
- Experience with Linux Containers and Virtualization (Docker, ECS, Kubernetes, etc)
- Understanding of Software Development Life Cycle, Continuous Integration, and Continuous Delivery
- Comfortable with Agile methodologies and working closely within small teams
- Experience with version control systems (we use Git)
- Experience with logging and alerting on security incidents
- At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.
- We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.
- Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.
- We use an agile development methodology, but we’re not dogmatic about it. It’s meant to empower, not impose.
- Bugcrowd was founded in Australia, so expect a few Aussies here in SF, as well as our Sydney office. Vegemite is in the kitchen, but consumption is optional.
- We come from all over though: there are 24 different flags currently hanging in the office representing our countries of origin.
- Competitive salary and stock options.
- Features ship to users every single day. We deploy multiple times daily.
- Cool office in one of SF’s historic buildings right by the Embarcadero and Exploratorium.
- Opportunities to attend & host relevant conferences & meetups.
- Flexible vacation time.
- Exceptional medical, dental & vision coverage.
- Generous allowance to build the workstation that suits you.
- Company-sponsored off-sites and celebrations.
- Catered breakfast & lunches from local vendors to satisfy your inner foodie.
- Endless snacks and beverages to keep your brain juices flowing.
- Pre-tax commuter benefits.
At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring. We are a supportive & collaborative team who understand that reaching Bugcrowd’s potential depends on the happiness of the employee.
The company is authorized to obtain background checks for employment purposes and may include identity verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required by law and will be reviewed on a case by case circumstance.