We are looking for a Security Engineer to join Root’s Product team.
We're fast-growing tech startup and we’re on a mission to build the future of insurance.
We are looking for a skilled individual to create a world-class secure platform and security-first culture to help prevent breaches, taps, and leaks by taking responsibility for the security of the Root platform. This role involves implementing security testing and monitoring processes, working across the codebases, CI/CD process, infrastructure, software development process and beyond.
You'll help us create a renowned developer customer experience and contribute to identify and solve interesting and challenging problems to scale the Root platform.
This full-time role is based at our De Waterkant office in Cape Town, but is remote-friendly.
What you'll do:
- Tech security
- Ensure that there is continuous and up-to-date scanning for platform vulnerability.
- Proactively identify and reduce security risks in the code, application and infrastructure.
- Ensure that Root is up-to-date and compliant on all OWASP and other industry-standard requirements.
- Team and security culture
- Educate and guide fellow engineers on secure coding best practices.
- Collaborate with Engineers and other Product team members in analysing and proposing application security standards, methods and architectures.
- Put a basic bug bounty and threat disclosure process in place.
- Manage communication with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
- Managed security incidents to reduce impact and reputation risk.
- Implement security processes for SOC2 compliance.
- Coordinate and facilitate regular penetration testing.
We are looking for someone with:
Core requirements to perform responsibilities:
- Competencies and role knowledge:
- Bachelor's degree in Computer Science, Engineering or equivalent working experience.
- 5+ years experience working as a Security Software Engineer within cloud-based environments.
- Strong security, risk and threat awareness mindset.
- Experienced with cloud-based back-end frameworks (Node.js/Express, Spring, Laravel, Django, ASP.NET etc.).
- Experienced with AWS infrastructure.
- Strong familiarity with general security standards, such as the OWASP Top 10 list.
- Experienced with building and maintaining highly secure and scalable applications.
- Experience with security compliance process implementation (ISO, SOC2, PCI-DSS).
- Role based skills:
- Able to engage and clearly articulate themselves to a technical and non-technical audience.
- Able to work well under pressure and manage your time effectively.
- High confidence, low ego.
- Enjoys working in small teams.
- Driven to continuously improve and succeed.
- Cares about own opinion and backs opinions with data.
- A passion for security and open source software
The Root Team and how we enable success:
Our team is made up of smart, passionate, and kind individuals working together to build a world-class company. We take the time to develop personal relationships with each other. Over and above daily team lunches, we do frequent team outings and ad-hoc adventures (when global pandemics permit).
We create and enable an environment for people to do their best work. To support this, we focus on a culture of autonomy, transparency and trust. As a startup, we care a lot about innovation and believe in an iterative way of working to drive innovation forward. We encourage each other and foster a working culture of sharing early versions of your work and getting quick feedback.
Why join us?
We have ambitious goals. Our mission is to power innovators in insurance, globally, and we’re well on our way there. You’ll join at a very exciting part of the journey, and your contribution over the next few years will directly and visibly impact Root’s global success.
Our team is incredibly friendly and collaborative. If you care about solving challenging problems with people you enjoy being around, this is the place for you.
Root has an inclusive culture. We encourage applicants from diverse backgrounds to apply and introduce their skill set to us. Open positions at Root are competitive and we often receive high volumes of applicants. If you have not received further updates on your application after three weeks, you’re welcome to request feedback.