Reporting to the head of security, the Senior Product Security Engineer will be responsible for secure code reviews of teams using Javascript, front-end frameworks like React, building internal libraries that enable developers, setting up static code analysis, and partnering with Platform Security Engineers building shared tooling used across all Engineering.

You'll join a highly-distributed team that’s building a paved security path so our team of more than 130 engineers can focus on their core competencies and worry less about security issues. You'll write sustainable, resilient code as part of an engineering organization that values collaboration, trust, and learning. You’ll be part of a team at the heart of CircleCI’s business responsible for build environments used by thousands of development teams every day.

What You’ll Do:

  • Consult as the Javascript security subject matter expert in standup, sprint planning and OKR meetings with Growth and Front End development teams.
  • Participate in bi-monthly third-party penetration tests.
  • Write and maintain sustainable, high-quality, high-performance code.
  • Identify and build user-friendly tools to create a paved path for secure Javascript development.
  • Participate in the Security Team’s on-call incident rotation.
  • Respond to bug emails submitted by security researchers and work on remediation.
  • Backlog grooming and chipping away at technical debt.
  • Be a leader on third-party library security.
  • Write blog posts, lead internal workshops and education efforts.

What We're Looking For:

Process makes you feel good. Mentoring is a primary reason why you love your profession. Learning something new every day is essential to your happiness. You are compassionate and genuinely like people. Javascript is the best or worst thing in your world depending on the day. Leftpad is never far from your mind.

Does that sound like you? If so, here’s the experience we’re looking for:

  • Security mindset.
  • Strong analytical skills.
  • Excellent communication skills.
  • Calm under high-pressure situations.
  • Five years experience as a Javascript developer and operating production micro-services.
  • Deep knowledge of Node.js, NPM, Yarn and React.js.
  • Web penetration testing and OWASP Top 10 experience.
  • Experience conducting secure code reviews of Javascript projects and packages
  • Experience working in a modern cloud company with Docker, Kubernetes, Terraform, Helm, AWS, and GCP.
  • A willingness to learn Clojure and new languages.
  • A focus on delivering high-quality code through strong testing practices.
  • Ability to manage customer demands and work with internal stakeholders to solve them.
  • Demonstrated ability to lead multiple, complex projects simultaneously.

CircleCI Engineering Competency Matrix: 

The Engineering Competency Matrix is our internal career growth system for engineers. This position is level E3. If you’re not sure this is you, we encourage you to apply. Find more about the matrix in this blog post.

We know there’s no such thing as a “perfect” candidate - we’re all a work in progress and are growing new skills and capabilities all the time. CircleCI welcomes those who are enthusiastic about learning and evolving, so however you identify and whatever your background, if this looks like a role where you could do work that excites you, we hope you’ll apply.

Work remotely with our globally distributed team!

We’re a distributed company with teammates across the world. For this role, we are hiring engineers to work remotely in The United States and through our affiliate, Continuous Labs, in the following Canadian provinces: Alberta, British Columbia, Manitoba, New Brunswick, Newfoundland and Labrador, Nova Scotia, Ontario, Prince Edward Island and Saskatchewan.

About CircleCI

CircleCI is the world’s largest shared continuous integration and continuous delivery (CI/CD) platform, and the central hub where code moves from idea to delivery. As one of the most-used DevOps tools that processes more than 1 million builds a day, CircleCI has unique access to data on how engineering teams work, and how their code runs. Companies like Spotify, Coinbase, Stitch Fix, and BuzzFeed use us to improve engineering team productivity, release better products, and get to market faster. 

CircleCI is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

Apply for this Job

* Required

  
  


Demographics

At CircleCI we deeply understand the value of bringing together a team with different perspectives, backgrounds and experiences, and welcome all applicants regardless of race, color, religion, creed, age, national origin or ancestry, ethnicity, sex, sexual orientation, gender identity or expression, disability, military or veteran status.

While the disclosure of your personal information is optional, completely anonymous and not attached to your application, we ask you to consider sharing this information to help us understand who is interested in working here, and help us get better at providing a positive, fair and unbiased experience for all applicants.  We understand that many applicants, especially those of marginalized groups, are often fearful that disclosing this personal information might create a barrier of entry for them.  We want to assure you that your answers will remain absolutely anonymous, and that we will use this data only to help us get better at supporting all candidates as they move through our interview process.

We appreciate your help and for your trust in our efforts to make CircleCI a place of equal opportunity for everyone.

How do you identify your gender?





Are you a veteran?



What is your ability status?



Which races/ethnicities do you belong to?