Principal Offensive Security Engineer
San Francisco, CA

Job Description

Fastly helps the world's most popular digital businesses keep pace with their customer expectations by delivering fast, secure, and scalable online experiences. Businesses trust Fastly to accelerate the pace of technical innovation, mitigate evolving threats, and scale on demand. Founded in 2011, Fastly powers online destinations including Airbnb, GitHub, Alaska Airlines, Pinterest, Vimeo, The Guardian, and The New York Times.

The worldwide cloud services market is projected to grow rapidly to $236 billion in 2020, according to Forrester, Inc. As more and more businesses move operations to the cloud, Fastly is well positioned to continue increasing CDN, cloud networking and cloud security market share with edge cloud services that reach beyond content delivery.

We're building a better Internet. Come join us.

Principal Offensive Security Engineer

Fastly is looking for a Principal Offensive Security Engineer to join our Discovery, Detection and Response Team. This person will be responsible for leading penetration tests and security reviews for core Fastly applications and APIs. You will be responsible for discovering vulnerabilities at Fastly and have consistent track record of doing this over your career. In addition to finding new bugs, you will be called upon to demonstrate your offensive security knowledge and penetration testing experience during Red Team exercises, with the goal of improving Fastly's security posture and strengthening our security incident response program.

At the Principal level, you are a technical leader at Fastly. You will have not only have Security Team resources at your disposal, but all of engineering on your side in the constant work of making our applications, our infrastructure and the Internet a better place. You will also be held accountable for mentoring staff and continuing to build out our security team, so having contacts and a solid reputation in the security community are essential.

This is a role which has high impact on human lives. You will be supported by a friendly security team, where you can learn and develop. We check our egos at the door. You'll make sure our customers benefit from services built to the highest security standards in the industry. We pride ourselves in our involvement in the larger security community and encourage our team to present at network and security conferences, submit to bug bounties and participate in the open source community. We are a distributed security team with the commitment and tools in place to make it work.

What You'll Do

* Collaboratively define threat models, scope, and prioritize offensive security engagements. Integrate offensive security into security development lifecycle
* Research, reproduce and respond to various security vulnerabilities reported to Fastly
* Collaboratively define roadmap for bug bounty and manage relationships with external security researchers
* Participate in purple-team exercises to improve efficacy of internal security programs
* Develop training programs on security-related topics such as threat modeling and secure coding for larger engineering team
* Apply and improve automated vulnerability discovery infrastructure, including continuous fuzzing
* Recruit, champion and support a team to execute on your vision of building a successful Offensive Security capability at Fastly

What We're Looking For

* Significant experience with the x86/x64 low level architecture and the ability to conduct vulnerability research against applications compiled for that architecture using code-assisted discovery techniques.
* Significant experience with the Linux Kernel, both in user space and kernel space.
* Significant experience in security assessment of networked systems and protocols.
* Moderate experience reviewing source code for control flow and security flaws.
* Moderate experience in dynamic instrumentation, integrating solvers to identify and reach vulnerable code paths, creating and instrumenting emulators and JIT engines to discover new classes of vulnerabilities
* Moderate experience in security assessment of emerging web protocol and technology development (network protocols, browser technology, etc.)
* Ability to scope security engagements and vet capabilities of security researchers and third-party consultants.
* Proven ability to work within a collaborative, cross-functional environment and mentor and develop the next generation of strong security engineers.
* Strong communication skills; proven ability to effectively communicate security risks
* High emotional intelligence. Fastly teams care about one another, collaborate regularly and are part of a people first organization

Why Fastly?

* We have a huge impact. Fastly is a small company with a big reach. Not only do our customers have a tremendous user base, but we also support a growing number of open source projects and initiatives. Outside of code, employees are encouraged to share causes close to their heart with others so we can help lend a supportive hand.
* We love distributed teams. Fastly's home-base is in San Francisco, but we have multiple offices and employees sprinkled around the globe. In fact, 50% of our employees work outside of SF! An international remote culture is in our DNA.
* We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits like up to 20 weeks of paid parental leave, options for free medical/dental/vision plans, and an open vacation program that enables our folks to take the time they need to recharge (some benefits may vary by location).
* We value diversity. Growing and maintaining our inclusive and diverse team matters to us. We are committed to being a company where our employees feel comfortable bringing their authentic selves to work and have the ability to be successful -- every day.
* We are passionate. Fastly is chock full of passionate people and we're not 'one size fits all'. Fastly employs authors, pilots, skiers, parents (of humans and animals), makeup geeks, coffee connoisseurs, and more. We love employees for who they are and what they are passionate about.

We're always looking for humble, sharp, and creative folks to join the Fastly team. If you think you might be a fit please apply!

Fastly is committed to ensuring equal employment opportunity and to providing employees with a safe and welcoming work environment free of discrimination and harassment.

Employment decisions at Fastly are based on business needs, job requirements and individual qualifications, without regard to race, color, religion, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability*, age, veteran status, or any other status protected by the laws or regulations in the locations where we operate. Fastly encourages applicants from all backgrounds.

* Applicants with disabilities may be entitled to reasonable accommodation under the terms of the Americans with Disabilities Act and certain state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on Fastly. Please inform us if you need assistance completing any forms or to otherwise participate in the application process.