RECUR is a technology company that designs & develops dedicated branded experiences that allow fans to buy, collect, and re-sell digital products and collectibles (NFTs). RECUR is the only blockchain-agnostic NFT platform ultimately giving its brand partners the widest range of distribution and their fan bases the widest range of utility. RECUR also co-authored the recurring royalty standard for NFTs, allowing for creators, artists, athletes, and brands to participate in the secondary sales of their assets in perpetuity.
We are looking for a Sr. Product Security Engineer to help scale our product security function, which works closely with engineering & product management to ensure that security is appropriately addressed across the RECUR NFT platform and ecosystem. This role will report to our Director of Cyber Security.
Security at RECUR is a remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy.
What do we at RECUR believe makes a great security engineering team?
Here are our core beliefs:
- It’s important to have team members that care about the team’s results more than their own individual achievements
- It’s important for leadership to be tolerant of making mistakes
- It’s important that the team members help, teach, and mentor one another
- It’s important not to place blame on individuals when things go bad but instead to evaluate as a team how we do it better the next time
- It’s important to be clear on what that mission is and minimize the distractions on the teams executing on that mission
- Small teams execute better than big ones, empower small teams with ownership and minimize the dependencies between them
- It’s important to encourage self-directed innovation
What you will do at RECUR
- Contribute to secure architecture and design of RECUR products.
- Work across various product and engineering teams to prioritize security features and bugs, and ensure implementation and mitigations.
- Monitor threats and vulnerabilities impacting RECUR products and services; triage reported vulnerabilities, identify mitigations and assess/communicate associated risk.
- Plan & execute security assessments (dynamic testing, static testing, code review, etc) and threat modeling of RECUR products, services, and associated cloud infrastructure.
- Build and implement security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc.
- Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.)
- Assist in execution of 3rd-party audits, penetration tests, and bug bounty programs.
- Contribute to the creation and delivery of security training.
- Research emerging attack vectors and techniques.
We are looking for talented self-starters with 4+ years of security experience. We will consider experienced engineers with less security-specific experience but the desire to learn!
What you bring to RECUR
- Product / service architectures in modern cloud environments (IaaS, SaaS, PaaS).
- Amazon Web Services (AWS), Microsoft Azure, and/or Google Cloud Platform (GCP).
- Modern engineering practices, processes, and tools, particularly related to the Go programming language and ecosystem.
- Secure development practices, and integration into broader engineering activities.
- Secure operations practices, specifically with regard to cloud environments.
- Application and infrastructure security testing methodologies and tools.
- Security design / architecture and threat modeling.
- Vulnerabilities (old and new), and options for defense / mitigation.
- Product vulnerability management lifecycle.
- Security audits, penetration tests, and/or bug bounty programs.
- Cryptography and cryptographic libraries.
Benefits & Perks
- Commitment to being a remote-first company & embracing remote work best practices
- Comprehensive insurance plans - health, dental, and vision + disability and life Insurance
- Equity in RECUR
- 401(k) with 2% company matching, no waiting period
- Flexible Spending Account and Dependent Care Accounts
- 4 weeks paid vacation, 11 company holidays, 3 floating holidays
- Parental Leave - Primary & Secondary
- $100 per month stipend for internet & cell phone
- Learning and development reimbursement (including online courses, certifications, conferences, seminars, etc.)
- Free monthly subscription to Headspace, Aaptiv, Omada