RECUR needs a hands-on application security engineer to help architect and build security into our NFT platform and applications from the ground up. We are looking for someone that has deep and broad knowledge of how to secure and protect cloud platforms, web applications, and data. We are at a foundational stage and it is important that we have a security first mindset in order to protect our business and our customers.
What do we at RECUR believe makes a great engineering team?
Here are our core beliefs:
- It’s important to have team members that care about the team’s results more than their own individual achievements
- It’s important for leadership to be tolerant of making mistakes
- It’s important that the team members help, teach, and mentor one another
- It’s important not to place blame on individuals when things go bad but instead to evaluate as a team how we do it better the next time
- It’s important to be clear on what that mission is and minimize the distractions on the teams executing on that mission
- Small teams execute better than big ones, empower small teams with ownership and minimize the dependencies between them
- It’s important to encourage self-directed innovation
What you will do at RECUR
- Identify security weaknesses in our software and platform
- Build plans to improve our security posture and then implement them
- Continually educate our team on how to build secure internet platforms
- Be our security expert, be on top of the latest vulnerabilities, and manage our security backlog
- Be a key member of our incident response team; perform forensics analysis
- Review software designs to identify potential security holes and suggest improvements
- Setup and run our whitehat bug bounty program
- Build or integrate 3rd party solutions to solve various security problems such as: monitoring, code scanning, access control, intrusion detection, ATO prevention
- Program solutions to security problems in a language like Python or Go.
What you bring to RECUR
- You have 10+ years of experience developing software, more recently with a specialty in cyber security
- You have a strong understanding of the OWASP top ten and how to mitigate or eliminate these and other vulnerabilities
- You have threat modeling experience, and ability to develop threat modeling processes and threat scenarios to inform risk mitigation and secure development and deployment controls.
- You have hands-on experience with AWS and its bevy of services including WAF, CloudFront, API Gateway, Cloudwatch/CloudTrail, Route53, IAM Service Boundary, SCP, Shield or alternative solutions provided by Cloudflare or other vendors
- You have built and maintained internet applications in domains such as payments, trading, banking or eCommerce where keeping customer’s information and money safe is paramount
- Familiarity with modern software delivery practices (containers, blue/green deployments, CI/CD)
- You are familiar with architecting systems with appropriate controls, governance and documentation to achieve SOC2 attestation.
- Certifications such as CSSLP are interesting to us but not required
- You are a legally eligible to work in the USA
Benefits & Perks
- Commitment to being a remote-first company
- Company sponsored Health, Dental and Vision Benefits
- 401k with no waiting period for vesting
- 3 weeks paid vacation and 10 paid company holidays
- Industry focused lunch and learns
- Company swag
- Flexibility to get the tooling you need to do your best work
- The chance to work with incredibly passionate people on a mission to shape an industry!
This is a completely remote role and can work anywhere in the US.