At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while engineers are stuck integrating the tools they want to use. Segment standardizes and streamlines data infrastructure with a single platform that collects, unifies, and sends data to hundreds of business tools with the flip of a switch. That way, our customers can focus on building amazing products and personalized messages for their customers, letting us take care of the complexities of processing their customer data reliably at scale. We're in the running to power the entire customer data ecosystem, and we need the best people to take the market.
The Segment Security team is growing to support our application security initiatives, and we're looking for talented security engineers who are excited to help us build a more secure product. As a application security engineer at Segment, you'll work alongside other security engineers and the rest of the engineering organization to create tooling, processes, and services that enable our company to work more securely without sacrificing agility or flexibility.
Who we are:
We're a small team of experienced security engineers with diverse technical and non-technical backgrounds. We're a passionate group of individuals who enjoy challenging traditional, prescriptive security techniques of the past and adapting or reimagining them to work with Segment's modern development technologies and practices. We talk about our methods and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you to create innovative security solutions for distributed systems and architecture, we'd love to hear about your approach and introduce you to our team.
A little more about our team:
* We showcased the importance of making security tooling more usable by demoing our OWASP ZAP contributions at Appsec USA
* We discussed our overall approach to our security engineering program at LASCON
* Our CISO's approach to Building a Security Team and Program
* We deleted every employees' AWS keys!
* We help organize the OWASP SF chapter, the AppSec California, B-Sides SF, and Day of Shecurity conferences
What we do:
* We believe that good security practices should integrate seamlessly with our existing engineering workflows; we strive to build security controls that our developers will actually use
* We work with our engineering team to ensure that the products that we are shipping are secure
* We enjoy unorthodox means of training our developers (this year, we taught them how to use Burp so they could participate in a CTF)
* We love conferences and meetups (this July, we hosted an OWASP meetup where we spoke about usable security!)
* We love open source: https://open.segment.com
Who we are looking for:
* You are not afraid to produce and ship production level code to implement new security controls
* You are excited to work across the stack on a variety of security challenges and initiatives
* You're empathetic, patient and love to help your teammates grow more secure in their day to day
* You're focused, driven and can get challenging projects across the finish line
* You're proud of the projects you build, but you're also pragmatic
* You try converting a security "no" into a "yes" through technological innovation
* You're willing to share the awesome things you build to the greater application security community through open source, blogs and conference talks
Projects We're Working On:
* We collaborated closely with our engineering organization to deliver an amazing training that developers actually wanted to take.
* We're building out tooling that will help us manage and eventually eliminate the overhead of vulnerable dependencies in our applications.
* We've making the OWASP ZAP more usable for non-security folk by building a Heads Up Display for it.
* We're building a system to identify, classify, and track sensitive data within our infrastructure in real time.
* We've built tooling to help eliminate the usage of credentials within source code or config files.
* You have a solid understanding of software security principles
* You can write maintainable software to solve security problems
* You can break down complex security problems into measurable and solvable pieces
* You have 2+ years of software security engineering experience or some cool projects on GitHub you think we'll love to check out
* You have familiarity with AWS, Docker, Golang, Node.js - huge plus
* Any official or non-official red team experience
* You're involved in the InfoSec community. Our team helps organize the OWASP SF chapter and the AppSec California, B-Sides SF, and Day of Shecurity conferences.
Equal opportunity statement - this must go at the bottom of your job description
Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment in all terms and conditions of employment regardless of sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, race, color, religion, creed, national origin, ancestry, age (over 40), physical disability, mental disability, medical condition, genetic information, marital status, domestic partner status, military or veteran status, height, weight, AIDS/HIV status, and any other protected category under federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Segment develops a platform for collecting customer data.