Templafy is pioneering the content enablement category and defining the future of work by helping companies worldwide accelerate the business performance of content. Our platform allows companies to align workforces and effortlessly govern content while supporting teams and employees as they create on-brand, high-performing business content – like documents, presentations, and emails, faster. Templafy supports over 2.8M users and enables over 600 enterprise customers such as KPMG, IKEA, and BDO.
Founded in Copenhagen, Denmark, in 2014, Templafy's success is built by our 60+ employee nationalities found at offices in New York, Copenhagen, London, Berlin, Eindhoven, and Sydney. We believe when people feel they belong, have a voice, and feel heard, they are happier and perform better, and that way, everyone wins. Our innovation, diversity, and unique product have raised over $125 million in funding from Insight Venture Partners, Dawn Capital, and Blue Cloud Ventures. The future of work relies on content enabled by Templafy.
Information Security at Templafy
The Security organization is an aspirational, hardworking, and friendly group working together on an important mission, improving the security posture of Templafy to industry leading levels.
You will be an essential part of the team assessing the security of the Templafy platform and third-party applications, services, infrastructure, and processes.
You will be reporting directly to our CISO and assisting with all security initiatives. As an engineer on the Information Security team, you will also work with engineering teams throughout their development cycles conducting security review, threat modelling, security design verification, and sharing security improvements. You will continuously maintain and optimize the security of our cloud environments for our products and will be responsible for handling production security incidents. You will automate and advocate for system-wide security improvements by partnering with IT, site reliability engineers, and other security functions across Templafy.
You are an engineer at heart, with a deep technical understanding of operating systems and web applications. You stay up to date on the latest news and technology trends and keep yourself informed about current security best practices.
You have a mix of engineering and security experience. You are self-organizing, process-oriented, and able to work independently to complete tasks and projects. You are a great communicator, used to interacting with many different parts of the business.
You should be motivated by learning new technologies. Your ownership of vulnerability, risk, and compliance processes will have you working hand-in-hand with engineering, IT and privacy teams to ensure the security, compliance, and privacy of critical customer systems.
- 5+ years of experience with application security and experience assessing the security impact of new products, features, systems and tooling.
- Advise on secure infrastructure and cloud services, as well as an understanding of common infrastructure components including load balancing, network architecture, virtualization, Kubernetes.
- Threat modeling frameworks and techniques
- Conducting security reviews or testing of software/infrastructure components.
- Using programming and scripting languages such as .NET, Typescript and PowerShell
- Understanding of DevSecOps processes
- Implementing systems for monitoring and threat detection/mitigation
- Professional written and verbal communication skills in English with technical and non-technical people across functional teams
- Ability to build and maintain strong internal and external collaborative relationships.
Nice to have
- Preferred Azure security engineer associate certification and any other relevant.
Technologies we use
- Backend: .NET 5.0, C# 9.0, Web API, Entity Framework, VSTO, etc.
- Frontend: React, Redux, TypeScript, CRA, Sass, yarn, WPF, etc.
- Testing: Cypress, TypeScript, etc.
- Hosting: 100% Azure, Web Apps, Docker, Kubernetes, Terraform, Azure SQL, Azure Service Bus, Application Insights, Azure Data Lake, etc..
How we work
- Guilds: Guilds are a place to share knowledge and experiences, and to get help and ideas from others. We currently have a DevOps, Cloud, Back-end, Front-end, Security, QA, and Tracking guild.
- Architecture: We build software using a flavour of microservices called self-contained systems and we practice the principles of Domain Driven Design with Event Driven Architecture. Yet, we are careful to avoid over-engineering and always strive for the simplest solution possible.
- Test focused: We like to test the code we build, and we have a continuous integration infrastructure in place that runs our tests on every push and notifies the team on Slack if something breaks. Even when we are busy, we do not compromise on quality.
- DevOps mindset: We are cloud first, and everything is hosted in Microsoft Azure. Each team is responsible for deployments and monitoring of their own services. All work is managed through Azure DevOps including backlog management, source control, pull-requests, releases, and testing.
- Automation: We like to automate everything from deployment to setting up new infrastructure. We have built custom tools for configuring our local development environment, publish release notes to Wiki and Slack, nudge engineers about stale tasks, branches, and pull-requests, and more. When NPM or NuGet packages are updated a bot automatically creates a pull-request. All this enables us to do more than 30 daily releases to production on average!
- Design: We have a written coding standard, and we follow clean code principles. We develop most of our features using pair programming. Every change is peer-reviewed. We have tools for automatic code clean-up that ensure consistent formatting and structured and fail builds if any rule is violated.
- Tools: We use the best tools available for the job including Visual Studio 2019 Enterprise, ReSharper, Visual Studio Code, JetBrains Rider, Slack, Zoom, Git, Azure DevOps, Microsoft Azure, Docker Desktop, WSL2, SonarQube, Cypress, etc.
- Learning: We believe in lifelong learning and encourage everyone to read books, go to conferences, take courses, and certifications. We want to invest in everyone’s personal and professional development, and therefore we provide the necessary resources to support this. Every quarter we will gather together as a team to discuss our learnings to knowledge share.
- Flexible: We have distributed teams across offices in Copenhagen, Berlin and Eindhoven. Yet, all meetings and work happen online. This gives us freedom to work from home when you have a repair person coming, your child is sick, etc., and enabled us to initiate the necessary measures within a minimal amount of time when COVID-19 hit the world.
What else to know
The position is a great opportunity to join, influence and impact a company in rapid growth with rising organizational and development opportunities. At Templafy you will get a combination of stable working conditions, great colleagues, and genuine entrepreneurship in an equal opportunity workplace.
Templafy is a workplace of belongingness. To us this means that you have a voice, you dare to speak up, and your voice is heard. We focus on offering an environment that allows all employees to feel that they belong regardless of race, color, ancestry, religion, gender, gender identity, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or other status.