Security Engineer – ReCharge Payments

Security Engineer

Work Remotely from anywhere Worldwide 

ReCharge Payments

Job Overview:

As our first security hire reporting to the Manager of Infrastructure Operations you will work closely with all of our internal development teams to ensure we build in security from day one and follow best practices. Ideally, you will have a development background and have progressed to be a security expert. Your ability to keep up to date on all new security challenges and work with our teams to develop protection mechanism is key.

Our stack includes: Python, Flask, Redis, Docker, GCP, Terraform, Detectify, Linux, Windows, OSX

Job Responsibilities:

• Live by and champion our values: #ownership, #empathy, #simple-solutions.
• Perform application and workstation security assessments including architecture review, threat modeling, code review and penetration testing.
• Assist and enable engineering teams to adopt secure development practices.
• Implement new technologies to solve ReCharge’s technical challenges as they arise.
• Provide software security advice to cross-functional teams including product, engineering, and support and work with engineering and product teams to drive security issues to resolution.
• Define user/workstation security posture and support enforcement tools.
• Bring your security expertise to grow your skills related to SDLC security activities.
• Develop security guidance including training material, best practices and secure coding checklist.
• Deliver security testing at scale by building and implementing static and dynamic analysis tools.
• Implement security tools and technologies such as penetration testing, vulnerability scanning and reporting.
• Champion good habits within your team; improve engineering standards, tooling, and processes.
• Find and address performance issues throughout the application.

Job Requirements:

• Typically, 6+ years of relevant experience in fast paced engineering environments
• 3+ years experience performing secure SDLC activities like Threat Modeling, DAST, SAST, OSS and manual pen testing
• Expert understanding of common software and web application security vulnerabilities
• Knowledge of crypto primitives, authentication protocols and authorization standards (e.g. SSL/TLS, SAML, OAuth, JWT tokens)
• Experience with security related to CI/CD workflows preferred and desire to grow in this area
• Experience with tools used throughout secure SDLC (e.g. Burp Suite, AppScan, Fortify, CheckMarx) a plus
• Knowledge of OSS scanning tools like Black Duck, SourceClear, WhiteSource and basic knowledge of network architecture, protocols, and standards
• Ability to work remotely and desire to make an impact at a boot-strapped start-up
• Bachelor’s degree or equivalent experience desired

How To Apply:

Click “Apply’ button to process your Job application!