Security Engineer Cloud

Who we are

If you are looking to have an impact on the world then read carefully because at Choco, we are moving mountains to transition the world into sustainable food systems. The food industry is an industry with essential problems. Especially in the food-supply-chain.  We are now leveraging technology to bring change and start the necessary transformation the industry is craving for. We are building the digital platform on which the global food trade will operate. Our company has the potential to reduce food prices, decrease food waste by 30% and reshape one of the oldest and largest industries on the planet. 

In 2018 we entered the market with our chat-based ordering app and have drastically changed the way businesses work and order with their suppliers. Therefore, we are looking for more Chocorians who share our vision and want to join our journey here in Berlin.

Our founders have helped build companies such as Zalando (IPO’d), Lazada (sold to Alibaba) and Foodora (sold to DeliveryHero). We have just raised one of the largest Series A funding rounds in European history. 

Join us in building the next unicorn in Food.

 

What you will do

Here at Choco, we like to use the space shuttle as a metaphor for our engineering work. Now, you will join and help us bring the shuttle to the moon. You will take part in securing a platform that enables tech teams to autonomously develop, test, deploy and operate their stack in a secure and reliable way. We want you to be the all-seeing-eye of our entire infrastructure, keep our systems safe, healthy, speed up product development and increase the quality of our services.

As part of this role, you will mainly perform product security consulting, threat modeling, secure code reviews and help manage our bug platform. You will work with the team to ensure our products are designed securely and all known issues are timely triaged and remediated.

We are looking for someone with strong experience in penetration testing and automated vulnerability scanning to accelerate our Security Operations program and support our rapid growth. This role will drive security and risk reduction goals with our Product Teams, Engineering, Infrastructure and POPS stakeholders in technical and process improvements. Your contribution will be not only directly impacting Choco but even the users of our products themselves. 

  • In the first 3 months you will have the space, support and mentoring to understand our product, the infrastructure behind it and obtain any missing information or skill that’s needed for you to effectively contribute later. 
  • In 3 to 6 months you will be fully operational, independent, take stories on your own and run with them. You will dig deeper to understand the core of complex issues and provide reliable solutions that will stand the test of time.
  • Over time you will contribute to disaster recovery tooling, set up proper monitoring / alerting, make our systems more secure and automate wherever possible.

 

Our teach stack in the Platform Squad

We have a cutting-edge environment and use AWS AppSync, AWS Lambdas, GraphQL, NodeJS, AWS CloudFormation, AWS Cloudwatch, ELK stack, Epsagon, AWS CodePipeline, AWS DynamoDB, AWS SQS, AWS SNS, AWS S3.

 

What you will need to have an impact with us

  • 3+ years in a security engineering or operations role
  • Experience in one or more information security domains, e.g.
  • Authentication and authorization related systems
  • Development of security tooling and infrastructure
  • Network and operating systems security
  • Security architectures, principles, and assessment methodologies
  • Security monitoring/detection and incident response
  • Vulnerability assessment and/or penetration testing
  • Zero trust architectures and tools
  • Deep understanding of common web application vulnerabilities
  • Strong understanding of modern web applications and frameworks
  • 2+ years of working with AWS Cloud services (serverless is a big plus)
  • Experience working with Infrastructure as Code and CI/CD. CloudFormation and CodePipeline are ideal but similar alternatives will work too (e.g. Terraform or Jenkins)
  • Experience in deploying complex software and optimizing build processes
  • Scripting / Coding proficiency for tooling and automation (e.g. Python, Golang or similar)
  • Experience in cost analysis and optimization
  • Technical domain knowledge in areas adjacent to Application security. For example, Infrastructure  security, Cloud products (e.g. AWS, GCP, Azure), Linux, Windows, or MacOS based systems, Networking, Reliability, Software development
  • Proficiency using one or more scripting or high-level languages to automate tasks, manipulate data, or build small systems. E.g.: Bash, Python, Go, Rust, Ruby, NodeJS, C/C++, or Java

Communication, good learning ability, open-mindedness and good self-organizational skills will be absolutely key to the success of your work and the business overall. 

Responsibilities:

  • Maintain and improve the security bar of the Choco infrastructure
  • Protect customer data
  • Review current and upcoming infrastructure stack from a security perspective and provide hardening mechanisms and recommendations
  • Deploy, build, and/or operate security infrastructure solutions to scale security
  • Automate security controls using scripting 
  • Define security strategies for new infrastructure initiatives or program
  • Perform structured security risk assessment to identify, prioritize, and provide recommendations or solutions for issues found
  • Perform security assessments on third-party vendors and integrations
  • Participate in on-call for infrastructure security issues

You will impress us even more if you have

  • Experience in DevSecOps
  • Certified AWS cloud/security engineer

 

What it’s like to be a Chocorian

You will join a company filled with smart, humble and hard-working people. With founders who deeply trust their employees and where the employees trust and believe in their founders even more.

A startup where people put the team first, take ownership and truly understand what they are working for day by day. 

You will join a group of people from all around the world who share their experiences and contribute in their areas of expertise and learn from each other. 

You will join a passionate team that shares the same values and vision, a circle of friends that not only works hard but also laughs with- and cheers for each other.

With that said, it is absolutely crucial to find people who share this with us and who deeply identify themselves with the values of a Chocorian.

Apply for this Job

* Required