Reddit

Subscribe job alerts


Remote Job

Senior Software Engineer, Security

Reddit
  • full_time
  • Posted : 4 years ago

"The front page of the internet,” Reddit brings over 430 million people together each month through their common interests, inviting them to share, vote, comment, and create across thousands of communities. Come for the cats, stay for the empathy.

The Reddit Security team is rapidly developing, and this is an opportunity to get in and have an outsized impact on a highly skilled and motivated team. We look for humble experts with a relentlessly resourceful and entrepreneurial, “can do” view of security. We want to deliver facts and not FUD to the business to enable Reddit to manage risk more effectively. Culture is important to us and a learning and developing mentality is vital regardless of the work assigned. 

How You’ll Make Impact

If you like breaking software, finding root cause and connecting with teams so it can be fixed at scale, we need you. The ideal candidate will work tirelessly to uncover security issues before the bad guys do and will work with developers to shift security to the left in the SDLC.

This role is responsible for assessing and assuring the integrity of Reddit’s applications for millions of users. We partner with product and engineering throughout the software development life-cycle to ensure applications are designed and built securely.  If you evangelize security and love to train developers to build better, more secure software, this position is for you.  

In addition to normal Application Security responsibilities, this role will also be charged with architecting new security features in our applications, improving authentication and authorization, improving auditing, and assisting with web framework upgrades as necessary.

Primary Job Responsibilities:

  • Develop application security and product best practices to standardize security practices
  • Implementing new application security features, re-architecting existing application security services, and upgrading old code to modern security standards
  • Provide security guidelines for the organization to protect critical assets and data
  • Drive the software security certification process
  • Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements
  • Work with DevOps engineers to integrate static and dynamic analysis security tools into CI/CD pipelines
  • Serve as subject matter expert for static and dynamic analysis security tools
  • Interpret security tools and penetration testing results and describe issues and fixes to developers
  • Provide vulnerability remediation guidance and mentoring to product development software engineers
  • Develop a product fuzzing system to find security defects and where they reside in source code
  • Develop company wide security projects to discover security defects in source code, dependencies, and/or other artifacts
  • Build metrics to track security defects and automate collection of security information to derive metrics
  • Enable automation of product security testing and find innovative ways to scale the security team
  • Evaluation of new technologies, tools, and/or development techniques that impact security

Qualifications:

  • Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms
  • Experience with Cloud and virtualized technology in environments such as AWS or GCP
  • Extensive coding experience in Python and Javascript web frameworks (code samples may be requested)
  • Candidates must be able to explain vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 to any audience, and discuss effective defensive techniques
  • Deep understanding of HTTP and SSL/TLS protocols, and Web applications
  • Deep understanding of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
  • Familiarity with dynamic and static analysis tools
  • Deep understanding of continuous integration / continuous deployment processes and tools
  • Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security experts
  • Ability to automate tasks using a scripting language (Python, Ruby, etc)
  • Ability to program in Python, experience with Go, Scala, Lua, C, and/or C++ a plus
  • Familiarity with common reconnaissance, exploitation, and post exploitation frameworks

Qualities:

  • Humble expert with a sense of urgency
  • Skilled at taking complex topics and making them simple
  • 5+ years of experience in application security or related fields
  • 3+ years of professional programming experience
  • Transparent judgment and stands behind their decisions, right or wrong
  • Team focus with an ability to work in a matrixed organization

 

Skills
  • cloud
  • python
  • security
Apply

Similar Jobs

Remote Job

Senior Full-stack React Developer

Lemon.io
  • 2 weeks ago

    • Are you a talented senior developer looking for a remote job that lets you show your skills and get better compensation and career growth? Look no further than Lemon.io - the marketplace that connects you with hand-picked startups in the US and Europe.What do we offer:We respect your time: here is n
Remote Job

Data Engineer/Data Scientist

Lemon.io
  • 3 weeks ago

    • Are you a talented senior engineer looking for a remote job that lets you show your skills and get better compensation and career growth? Look no further than Lemon.io - the marketplace that connects you with hand-picked startups in the US and Europe.What do we offer:We respect your time: here is no
Remote Job

OpenStack Cloud Engineer (DevOps)

VEXXHOST, Inc.
  • 4 weeks ago

    • We are seeking someone with a strong background in Linux and cloud technologies. In this role, you will not only support our customers using Atmosphere, our open-source cloud product, but also provide critical support to our internal CloudOps team that manages our public and private cloud infrastruc
Remote Job

Cybersecurity Writer (Remote)

Eleven Writing
  • a month ago

    • We are currently looking for writers with professional or first-hand experience in Cybersecurity and/or Digital Password Protection to help us create high-performing blog articles for our client who is a major player in the space of IT and Technology.Our ideal applicants have one or more of the foll
Remote Job

Senior Big Data Engineer

Reviewshake, Inc.
  • 2 months ago

    • Hi, we're Shake 👋 We’re helping bring businesses closer to their consumers, by building solutions for the most customer obsessed companies in the world. As a tech startup we’re developing innovative technology that unlocks the power of the vast quantities of data available online.
Remote Job

UX/UI Designer

Modivcare
  • 2 months ago

    • Are you passionate about making a difference in people's lives? Do you enjoy working in a service-oriented industry? If so, this opportunity may be the right fit for you!Modivcare is looking for an experienced UX/UI Designer. In this role, you will help establish the user experience by designing dig
Remote Job

Frontend Engineer

1st10
  • 2 months ago

    • 1st10 is a new recruiting venture that works with early-stage founders to build early engineering teams. The team behind 1st10 helped build early Robinhood, Pinterest, Ripple, Parse, Firebase and many more.-------------------------------------------------------------------------------Join a seed-fun
Remote Job

Presales Engineer

DQLabs
  • 3 months ago

    • About DQLabsDQLabs is a Modern Data Quality Platform that helps organizations deliver reliable and accurate data for better business outcomes. With an automation-first approach and self-learning capabilities, the DQLabs platform harnesses the combined power of Data Observability, Data Quality, and D
Remote Job

Marketing Specialist

Oter app
  • 3 months ago

    • Oter, a micro book appUnlock wisdom from the world’s greatest books with Oter. We are on a mission to make world’s books knowledge available to everyone. We are here to transform your reading experience by making reading easy, convenient, social and fun. Marketing specialist at OterWe are seekin
Remote Job

Sales Representative - Cloud Infrastructure

VEXXHOST, Inc.
  • 3 months ago

    • About VEXXHOSTVEXXHOST specializes in providing high-performance cloud solutions, leveraging a fully integrated OpenStack environment to deliver scalable and secure infrastructure services for businesses of all sizes.About the Role:We are seeking a motivated and results-driven Sales Representative w
View All