Security Engineer
Synthesia- Posted : one year ago
TL:DR
🎬 We are making the future and changing everything we think we know about video production
📌 The role is remote in Europe or US Eastern Time, or on-site from our offices (London, Copenhagen, Munich, Amsterdam, New York)
👩💻 We are looking for our 1st dedicated Security Engineer
💶 90-130k € gross yearly + stock options
🦄 We finished last year with a 50 million € Series B investment, and 70% of our clients are B2B, including a lot of Fortune 500 enterprises. We have a very high NPS of 71 and customer reviews of 4.8/5 on G2.
⬇ Below, you find much more info and the apply button ✅
Who are we
On a mission to make video easy for anyone …
Synthesia is the world’s #1 AI video generation platform. Well, it’s actually a video production studio — in a browser. As in, no cameras or film crews at all. You simply choose an avatar, enter your script in one of 60 languages, and your video is ready in minutes. In Synthesia, you can build personalised on-the-fly videos, give your chatbot a human face or run 24/7 weather channels in different languages, to name just a few of the possibilities. 🎬
We believe the future of media is synthetic, and we are on a mission to turn cameras into code and make everyone a creator. Not sure what we’re talking about? Check out our brand video that explains what we’re doing at Synthesia in a way that even our grandparents *kind of * understand what this AI video stuff is all about.
About the position
We are looking to onboard our first dedicated Security Engineer! You will be part of the Security department, and will report to the Head of Security - while working very closely with our product development team.
We are seeking a highly motivated individual with a strong blue team focus to join us. As a key member of our product security program, you will be responsible for helping to establish and maintain a secure environment for our products. You will be hands-on in solving security issues. We arenotlooking for internal pentesters. In other words, we want someone who removes work for the dev teams, not someone who creates more work.
Responsibilities include building a scalable security presence within development teams by establishing an Application Security Champions program, facilitating the integration of security tools with the development pipeline, making them self-service for engineering teams, running and scaling security activities such as threat modeling, code scanning, web app scanning, threat detection, and architectural and code reviews. Additionally, you will provide subject matter expertise on topics such as secure design, security controls, programming practices, encryption, and web security standards. You will lead vulnerability management and exposure assessments when vulnerabilities are discovered and ideally, even fix vulnerabilities yourself. You will also implement or assist in the implementation of security-related product features.
Requirements
- You have a passion for security engineering and you want to share this passion with as many like-minded colleagues as possible. You have worked for 2-3 years in an Information Security team, or you have championed security within engineering teams, you a proponent of DevSecOps and you want to deal with interesting problems.
We would expect you to have experience in:
- Web application security principles and have worked hands-on with the OWASP Top 10, the OWASP ASVS or the CWE Top 25
- Working with a Secure Development Lifecycle model (e.g. OpenSAMM, BSIMM)
- Software development (we use Python and TypeScript, running on Docker)
- Working with vulnerability assessment / management tools (e.g. Wiz, Snyk, SynAck)
- Working within the context of an Information Security framework (e.g. ISO 27001, SOC 2, PCI DSS)
- Working with security in the cloud (we are on AWS)
- Working with Github
Bonus points for:
- Any relevant Information Security certification, e.g AWS Certified Security, GIAC GWEB, OSCP, or CSSLP.
- A university degree in Computer Science, IT, Systems Engineering, or a similar field.
The good stuff...
💸 You will be compensated well (salary + stock options + bonus)
📍 You will work in a remote-first environment with offices in 5 locations
🏝 You get 25 days of annual leave + public holidays in the country where you are based
🥳 You will join an established company culture with regular socials and company retreats
🤩 You get 4 weeks paid sabbatical after 4 years at the company + $10,000!!
🍼 You get a paid parental leave
👉 You can participate in a generous referral scheme
💻 You get a brand new computer of your choice (if that still counts as a benefit 🤔)
🚀 You will have huge opportunities for your career growth
Skills
- security
- python
- encryption
- docker
- aws
