Extend is modernizing the $100 billion-per-year extended warranty and protection plan industry using cutting-edge technology, and top-notch customer service. After a $260M Series C financing round, we are ready to continue to scale our organization and grow beyond our $1.6B valuation.
Our API-first solution allows any merchant to offer extended warranties and protection plans, both online and offline, while also providing a merchant's end customers with a vastly improved and modern support experience that eliminates many of the issues customers face today with legacy underwriters.
We are a venture-backed startup based in downtown San Francisco that is led by founders who have previously had multiple successful exits. Extend is simplifying the technology stack for the extended warranty industry.
What You'll Do:
- Lead the development, design, and evolution of platform security serverless microservices for identity, authentication, and authorization, as well as tools and patterns providing data encryption and secrets management.
- You will be the security champion and advocate for platform application security services and best practices throughout the organization. The ability to clearly, concisely, and patiently communicate architectural/implementation risks to engineers, product owners, and leadership will be pivotal in this role.
- Share knowledge and expertise with platform security team members to aid in their growth and understanding, elevating the whole team and improving our efficacy.
- Document system, service, and data interactions and flows for consumption by engineers inside and outside of the platform security team.
- Encourage innovation and foster an environment of continuous improvement.
- Identify risks and aid in implementing process and implementation improvements in the overall platform.
- Provide code reviews for sensitive code bases with a focus on code quality and secure implementation.
What We Are Looking For:
- 5+ years of combined software, security, and cloud infrastructure engineering and/or architecture experience.
- Intimate familiarity with OAuth/OIDC flows, JWT tokens, and overall identity, authentication, and authorization principals.
- Understanding of modern cloud security and secure code operations, concepts, and practices.
- Experience with DevOps and secure SDLC tools, patterns, and methodologies for cloud architectures.
- Experience working with serverless services such as AWS API Gateway, Lambda, and DynamoDB.
- Experience with AWS IAM principals and configuration.
- Experience driving technical and security requirements with cross-functional teams.
- Strong understanding of cryptography, including best practices.
- Extensive knowledge around API development with HTTP, REST and JSON.
- Experience designing and implementing services in a high-security cloud-based environment.
- Able to respectfully provide and receive feedback in all situations.
- Self-motivated, able to take ownership of tasks and see-through completion.
- Must be well organized, able to thrive in a fast-paced startup environment, must have the ability to approach problems with a collaborative, team-player attitude.
- Strong communication skills in several mediums, working with a collaborative cross-functional team of peers and development teams throughout the company.
Nice to Haves:
- Experience with AWS CDK for infrastructure-as-code.
- Experience TypeScript (v4) and the related ecosystem.
- Familiarity with containers and general security principals.
- Familiarity with cloud networking security principles and technologies.
- Experience working closely with security operations teams, including SOCs, incident response, vulnerability management, and GRC.
Life at Extend:
- Working with a great team from diverse backgrounds in a collaborative and supportive environment.
- Competitive salary based on experience, with full medical and dental & vision benefits.
- Stock in an early-stage startup growing quickly.
- Unlimited vacation policy.
- 401(k) with Financial Guidance from Morgan Stanley.