We are seeking a highly technical Security Engineer to join our Product Security team. This role is integral to ensuring the security and integrity of our products and services. You will conduct in-depth code reviews, implement security best practices, and influence the overall security strategy. Your expertise in TypeScript, Kubernetes, CI/CD, SAST, DAST, and terraform orchestration will be crucial in identifying and mitigating potential security vulnerabilities. You will also structure complex problems, diagnose root causes independently, and clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact.
You will:
- Conduct in-depth code reviews to identify and remediate security vulnerabilities.
- Evaluate and enhance the security of our product offerings, through RFC and service review.
- Implement and maintain CI/CD pipelines with a strong focus on security.
- Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities in production code.
- Utilize terraform orchestration to ensure secure and efficient infrastructure management.
- Guide engineering teams to build robust long-term solutions that consider security and privacy.
- Clearly explain the mechanics and significance of security vulnerabilities, including their exploitability and potential impact.
- Influence the security strategy and direction of the team, advocating for best practices and continuous improvement.
Ideally, you’d have:
- Proven experience as a Security Engineer with a focus on product security.
- Proficiency in NodeJS, TypeScript, and Kubernetes.
- Strong understanding of modern Javascript application design.
- Production experience with Kubernetes backed services
- Hands-on experience with SAST and DAST tools and methodologies.
- Familiarity with terraform orchestration for infrastructure management.
- You can structure complex problems and diagnose root causes independently, providing actionable insights without requiring manager input.
- Excellent communication skills, with the ability to clearly present technical concepts and their implications to both technical and non-technical stakeholders.
- Demonstrated ability to influence security strategies and drive improvements within a team.
- Relevant security certifications (e.g., CISSP, CEH, OSCP) are a plus.
- Experience in a senior or lead security role is preferred.
The base salary range for this full-time position in our hub locations of San Francisco, New York, or Seattle is $160,000 - $192,000. Compensation packages at Scale include base salary, equity, and benefits. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position, determined by work location and additional factors, including job-related skills, experience, interview performance, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Scale employees are also granted Stock Options that are awarded upon board of director approval. You’ll also receive benefits including, but not limited to: Comprehensive health, dental and vision coverage, retirement benefits, a learning and development stipend, and generous PTO. Additionally, this role may be eligible for additional benefits such as a commuter stipend.
