Tumblr’s Security team is looking for a well-versed engineer and researcher with strong technical instincts who’s ready to take ownership of entire features in our code base. You’ll work on both the theory and operations of Tumblr security, helping us maintain our liberal content policy and defending our app and infrastructure from attackers.


What You'll Do:

  • Assume an active role in all aspects of Tumblr security:
    • Web application security
    • iOS/Android application security
    • Developer relations and code review
    • Bug-bounty review and remediation
    • Data center/Firewall security
    • Network architecture
    • IT and staff equipment security
    • Penetration testing in white, grey, black, and red boxes
    • Wargaming and CTF
  • Help update newly-developed Javascript libraries and make them secure from attack.
  • Stay one step ahead of 0days and leap into the fray when hearts start to bleed.
  • Tremble in the face of Advanced Persistent Threat, and then slap it down.

 What We’re Looking For:

  • 5+ years of experience with sites that rely on architecture beyond the basic LAMP stack.
  • A desire to be deeply involved in product definition. Our engineers are expected to contribute to the direction their products are heading.
  • A security pragmatist who is committed to building products that defend regular users.
  • A strong understanding of applied cryptography
  • Someone who can overflow more than the kitchen sink, but wears a white hat.
  • A deep understanding of Tumblr’s features.
  • Smarts, humility, and equal willingness to learn and teach.
  • Expert-level knowledge of Javascript and PHP, and their foibles.

 Tools We Like:

  • PHP, Javascript, Ruby, and Scala
  • MySQL taken to its furthest extent
  • Varnish, Redis, Memcached
Apply for this Job
* Required
File   X
File   X

Share this job: