At Cloudflare, we have our eyes set on an ambitious goal: to help build a better Internet. Today, Cloudflare runs one of the world’s largest distributed networks that powers more than 1.5 trillion page views each month across 5 million Internet properties. More than 10 percent of all global Internet requests flow through Cloudflare’s network. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code.
Our customers range from Fortune 500 companies and nonprofits to small businesses and budding entrepreneurs. Every day, about 12,000 new customers sign up. We’re working to create a faster, more secure, and more reliable experience for anyone online and given the scale at which we operate, our mission is big. Our team is hard at work shaping the future of the Internet by solving some of its toughest challenges. Come join us.
About the Role
We are looking for experienced Application Security Engineers to help us in our mission to build a better internet. Part engineer, part hacker, you will work in our product security team building and breaking new products and services.
About the Department
Information Security is divided into 4 areas - Product Security, Infrastructure, Compliance and Threat Intel. The Product Security team works closely with developers and product designers, ensuring that security is baked into every new system or service Cloudflare launches. Where we find weaknesses, we try to break things before bad guys can. Our mission is to help the company launch new services as quickly and as securely as possible.
Cloudflare’s Engineering Team builds and runs the software that handles about 10% of HTTP requests on the Internet today. We also build and run the internal tools that builds and runs our software. The Engineering Team is split into two groups: one handles product development and the other handles operations. Product development covers both new features and functionality and scaling our existing software to meet the challenges of a massively growing customer base. The operations team handles one of the world’s largest networks with data centers in 110 cities worldwide.
- Use penetration testing skills and methodology to hack new applications and services
- Perform application security design reviews against new products and services
- Perform code and design reviews of internal products and services.
- Track and prioritize all security issues you find
- Build internal security tools that help fix security problems at scale
- Ability to write code and work to prioritize, fix, and understand vulnerabilities.
- Champion security in the engineering organization.
- Ability to investigate the impact of security problems.
- Strong knowledge of web application security issues.
- Be passionate about information security
- Ability to recognize application vulnerabilities and exploit them.
- Familiar with dynamic and static testing techniques
- Familiarity with fuzzing as a way to find bugs
- Familiarity with secure coding practices and the OWASP top 10.
- Working knowledge of cryptography.
- Excellent communication skills.
- Ability to be hands on and drive solutions to completion.
What Makes Us Special
We’re not just a highly ambitious, large-scale technology company. We’re a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet. In 2014, we launched Project Galileo, an initiative through which we partner with global NGOs to identify websites at risk of attack and provide the same state-of-the-art mitigation technology already used by Cloudflare’s enterprise customers--at no cost. Project Galileo equips politically and artistically important organizations and journalists with powerful tools to defend themselves against attacks that would otherwise censor their work.
Additionally, in 2016, we announced our partnership with Path Forward, a nonprofit organization that works with companies to create 18-week positions for mid-career professionals who want to get back to the workplace after taking time off to care for a child, parent, or loved one. With the lofty goal of shaping the future of the Internet, we’re focused on recruiting the best and the brightest, no matter what.
Cloudflare hires the best people based on an evaluation of their abilities and effectiveness. We don't discriminate against employees on the basis of any other personal characteristic or any classification protected by federal, state or local law.