Love music? Come sit with us. At our core, we help creative people make better music with cutting edge technology.

Output is one of the most influential and fastest-growing music-making software companies in the world used by the likes of Drake, Bjork, Rihanna, and Coldplay, to name a few. Our focus is to inspire a new generation of music makers with a platform that brings the power of a studio to anyone, wherever they are. With groundbreaking products providing new sources of inspiration and sound; here at Output, we are on an endless journey to revolutionize the way creators make music. 

Since raising a $45 million Series A investment, the Output team is growing, and we’re looking for an experienced Senior Software Engineer who specializes in the Security and Identity domains.  The ideal candidate will be an expert on auth best practices, architecture and implementation, and equally comfortable providing incident support during an bot attack, providing mitigations and updating our WAF firewall rules.  We’re looking for someone with a broad tech background to be able to mentor backend, web and frontend engineers on security best practices, and able to guide us to stamp out security vulnerabilities over time.  They will need to work closely with engineering and business stakeholders across platform and client engineering.  A successful candidate must be self-motivated, detail-orientated, technically savvy, and energized to chart the course for the Output’s future security engineering roadmap.

 

How you'll add value:

  • Provide security tech leadership - Be able to work cross-team across engineering, with a focus on platform engineering including the web and API teams
    • Security
      • Ability to identify and prioritize security vulnerabilities - across website, APIs, client applications, and internal tools - and work with teams to execute tasks to improve 
      • Web security setup and configuration via CloudFlare or other providers - including WAF configuration, DNS, firewall rules, API rate limiting approaches and tools
      • Experience configuring VPN, VPC, etc with cloud providers like GCP, AWS, etc.
      • Security attack incident management and response for DDOS, cred-stuffing, etc - Able to identify impact and prescribe short- and long-term remediations to minimize security risks and customer impact
      • Familiar with recaptcha, MFA, and other verification methods 
      • Prioritize security risks, create team follow-up actions, organize security bug bounties and bashes as needed
      • Be a voice and advocate for security best practices - Plan and execute security projects across the org to increase security awareness and reduce vulnerabilities
      • Problem solver - Able to identify source and intent of attacks and potential security breaches, find commonalities in malicious traffic patterns
    • Identity
      • Be a subject matter expert on authentication and authorization
      • Work closely with our backend team on auth related projects and ensure code meets security standards
      • Be the tech lead for data privacy related projects
      • Deep experience applying latest auth technologies and techniques including migrating to more secure approaches on productions systems at scale
      • Familiar with JWT, token revocation, HTTPS/TLS, etc.
      • Experience with cloud identity providers and IAM (GCP, AWS, Auth0) 
      • Able to guide tech teams on identity architectural patterns and best practices
      • API keys, request signing, public/private key approaches, CAs, encryption algorithms and hashes
      • Experience including security in CI/CD processes
    • Act as an engineering role model for security engineering at Output
      • Set high standards and lead by example on security engineering best practices - including how security concerns impact architecture, code reviews, development best practices, API services design, database implementation, CI/CD processes, prod-readiness, etc.
      • Lead the charge to improve security through metrics, KPIs and concrete measurable next steps
  • Be able to wear the tech product owner and project manager hat as needed in the security engineering space as needed

What you'll need to be successful in this role:

  • 5+ years hands-on experience in security and identity software engineering for production systems 
  • CS / EE degree or similar experience
  • Strong leadership, mentoring, and communications skills to advocate for security
  • Strong partnership and relationship building skills - Able to partner closely with Product, Engineering, and QA peers 
  • Strong decision making, prioritization skills and focus - Able to shield the team from external noise while focusing them on the highest value work
  • Broad exposure to software technologies, languages, frameworks, and tools ranging from web tech to backend api’s and services, to client UI frameworks, libraries, and binaries  
  • Strong stakeholder management skills - Able to manage stakeholder expectations, project risk, and anticipate stakeholder needs
  • Experience in setting up security observability, monitoring, and alerting
  • Bonus: Passion for democratizing music making and empowering creative music makers

Output has made a name for itself as one of the fastest growing, creative, and influential music-making software companies in the world. The likes of Kendrick Lamar, Bjork, Rihanna, James Blake, Imagine Dragons, Justin Timberlake, Nine Inch Nails and many more use our software to write music as well as hit shows and films like Stranger Things, Game of Thrones, and Black Panther.

We are a strong group of like-minded music makers and music lovers sharing the common goal of helping music makers around the world be creative. We’re bonded by music. We’re motivated by challenging and fulfilling work. And we always do it while having fun. 

We have adapted our working styles and have successfully launched new products, achieved record sales and we continue to thrive as a team all while working remotely. We have embraced the “work from anywhere revolution” and will continue to hire all roles remotely unless otherwise stated. Our Los Angeles office will remain open to those needing a space or looking for a place to collaborate with other teams. Our culture has always valued our employee’s work-life balance and we offer 5 weeks of PTO, excellent health care, and a community of music enthusiasts- with access to our music studios (once it is safe to return).

Privacy Policy for California Candidates

Apply for this Job

* Required
  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Output are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.