Lead Security Engineer

Posted: February 2, 2019
Follow Up Boss : Lead Security Engineer

Company: Follow Up Boss
Headquarters: Remote
URL: https://www.followupboss.com

It’s 2019 isn’t it time to find a job that lets you work where you want? 
Who Is Follow Up Boss?
    • We’re a simple, sales-focused CRM for real estate teams (and we use our own product)
    • We’re a self funded, profitable company started back in April of 2011
    • We’re a remote company with a mostly US-based team
    • We don’t just claim to be customer-centric – we live it: https://www.facebook.com/followupboss/reviews
    • Check out our video on how we work: https://www.followupboss.com/about/
Why Would You Want To Work Here?
    • We’re a young, ambitious company who only answers to our customers
    • Opportunity to have a big impact on our growth and your career
    • No red tape or pointless meetings
    • Competitive salary, health/dental insurance and 20 days paid holiday, $1000 to outfit your home office, yearly company meetup
This Role Is For You If…
    • You are passionate about Information Security and have solid experience in the field.
    • You would describe yourself as patient, empathetic and having a good sense of humour
    • You’re independent, self-motivated and can stay efficient and productive without someone looking over your shoulder all day long
    • Superb written and verbal skills (with a professional yet fun demeanor).
    • You enjoy programming and creating solid, tested, reliable things over just breaking things.
    • Reject the idea of security being a blocker, and enjoy collaborating with colleagues across teams to ship projects securely
    • Have the ability to work with others and helping them to understand security is far more important than knowing about the latest ROP gadget finding techniques.
    • This is a hands-on technical position where you will work with the Infrastructure and Product teams to ensure the secure release of applications.
    • Security architecture experience and the ability to consult with engineering teams working on technology projects will be key to success.
    • You have thorough familiarity with techniques used by real world attackers and should be able to prioritize detection and attack surface reduction efforts based on this knowledge.
Your qualifications:
    • Self motivated and proactive mindset.
    • Remote work experience is considered an asset.
    • Based in the USA, quiet home office with fast internet.
    • Strong experience in penetration testing or related activities, including at least network and application security experience.
    • Understand modern web application architecture, TCP/IP, HTTP, and standard network and system security technologies
    • A strong knowledge of securing production LAMP (PHP) stacks, as well as a solid understanding of iOS and Android apps is a must.
    • Strong knowledge of internet security issues.
    • Strong knowledge of UNIX and networking protocols.
Your responsibilities will include:
    • Take a leadership role in driving security and privacy initiatives at Follow Up Boss.
    • Establish, advocate and enforce security policies and best practices among our team members.
    • Lead efforts to keep our customers’ data and company assets safe.
    • Review changes in internal processes and IT systems to make sure the changes being made don’t have adverse effect on security.
    • Provide security guidance for our products and technologies
    • Collaborate with colleagues across a variety of teams to architect & ship projects securely
    • Discover, analyze, assess, and respond to various threats in Follow Up Boss’s web stack, iOS and Android applications.
    • Investigate security-related reports from customers, internal team members or general public, assess risks and damage, plan recovery actions and lead the effort to execute the plan.
    • Review changes in software we produce to make sure we follow best security practices and the changes being made don’t have a negative effect on security.
    • Evaluate and provide recommendations on third party applications and services and the security implications associated with their use.
    • Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly.
    • Instrument and perform anomaly analysis of systems and applications
    • Ability to discover new and interesting security problems as well a fix them.
    • Mentor other team members.
30 Day Targets:
    • Become familiar with the product architecture, infrastructure, and existing tools.
    • Pair with engineers to gain knowledge about the system and how we work.
    • Improve the new hire onboarding process, by being a part of it.
60 Day Targets:
    • Take active part in the internal security related work (e.g. assessing company VPN, implementing AWS IAM security best practices, SSH + 2FA, etc)
    • Work with fellow engineers to ensure authorized access to internal tools, servers, and sensitive customer data.
90 Day Targets:
    • Identify top security issues and develop a solid plan to address them
    • Develop internal physical security policies.
    • Review and produce plan to comply with Google Compliance External Security Audit.
Our Core Engineering Values
    • Teamwork
    • Communication
    • Code Quality
    • Focus and Prioritization
    • Customer Driven
    • Leadership Qualities
If this sounds like a great fit we would love to hear from you.
We’re not accepting applications from agencies.

To apply: https://boards.greenhouse.io/followupboss/jobs/1526264