portal resources jobs companies s segment application security engineer

Application Security Engineer


Overview  At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while engineers are stuck integrating the tools they want to use. Segment standardizes and streamlines data infrastructure with a single platform that collects, unifies, and sends data to hundreds of business tools with the flip of a switch. That way, our customers can focus on building amazing products and personalized messages for their customers, letting us take care of the complexities of processing their customer data reliably at scale. We’re in the running to power the entire customer data ecosystem, and we need the best people to take the market.  The Segment Security team is growing to support our application security initiatives, and we’re looking for talented security engineers who are excited to help us build a more secure product. As an application security engineer at Segment, you’ll work alongside other security engineers and the rest of the engineering organization to create tooling, processes, and services that enable our company to work more securely without sacrificing agility or flexibility. 

Who we are: 

We’re a small team of experienced security engineers with diverse technical and non-technical backgrounds. We’re a passionate group of individuals who enjoy challenging traditional, prescriptive security techniques of the past and adapting or reimagining them to work with Segment’s modern development technologies and practices. We talk about our methods and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you to create innovative security solutions for distributed systems and architecture, we'd love to hear about your approach and introduce you to our team. A little more about our team:
  • We discussed our overall approach to our security engineering program at LASCON [1]
  • Our CISO’s approach to Building a Security Team and Program [2]
  • We deleted every employees’ AWS keys [3]!
  • We help organize the OWASP SF chapter [4], OWASP Vancouver chapter [5], the AppSec California [6], B-Sides SF [7], BC AppSec Day [8] and Day of Security [9] conferences

What we do: 

  • We believe that good security practices should integrate seamlessly with our existing engineering workflows; we strive to build security controls that our developers will actually use
  • We work with our engineering team to ensure that the products that we are shipping are secure
  • We enjoy unorthodox means of training our developers (this year, we taught them how to threat model to have more eyes on the architecture)
  • We love conferences and meetups (we have hosted OWASP meetups where we spoke about usable security!)
  • We love open source: https://open.segment.com [10]

Who we are looking for: 

  • You are excited to work across the stack on a variety of security challenges and initiatives
  • You're empathetic, patient and love to help your teammates grow more secure in their day to day
  • You're focused, driven and can get challenging projects across the finish line
  • You're proud of the projects you build, but you're also pragmatic
  • You try converting a security “no” into a “yes” through technological innovation
  • You’re willing to share the awesome things you build to the greater application security community through open source, blogs, podcasts and conference talks

Projects We’re Working On:

  • We collaborated closely with our engineering organization to deliver an amazing training that developers actually wanted to take.
  • We’re building out tooling that will help us manage and eventually eliminate the overhead of vulnerable dependencies in our applications.
  • We're building a system to identify, classify, and track sensitive data within our infrastructure in real time.
  • We’ve built tooling to help eliminate the usage of credentials [11] within source code or config files.

Requirements:

  • You have a solid understanding of software security principles
  • You can perform a code review and discover security problems
  • You can break down complex security problems into measurable and solvable pieces 
  • You can review software architecture and provide security guidance to Engineering teams
  • You have 2+ years of application security engineering experience or some cool projects on GitHub you think we'll love to check out
Bonus: 
  • You have familiarity with AWS, Docker, Golang, Node.js - huge plus
  • Any official or non-official red team experience
  • You have run a bug bounty program 
  • You’re involved in the InfoSec community. Our team helps organize the OWASP SF chapter [12], OWASP Vancouver chapter [13], the AppSec California [14], B-Sides SF [15], BC AppSec Day [16] and Day of Shecurity [17] conferences.

We encourage you to apply if this role excites you - even if you think you may not meet all of the qualifications. At Segment, we live by four values: karma, drive, tribe, and focus. We are always looking for outstanding individuals with diverse backgrounds and perspectives who embody these values. To learn more about life at Segment and our commitment to diversity, equity, and inclusion, visit our LinkedIn [18] page. We’re excited to meet you! 

Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment in all terms and conditions of employment regardless of sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, race, color, religion, creed, national origin, ancestry, age (over 40), physical disability, mental disability, medical condition, genetic information, marital status, domestic partner status, military or veteran status, height, weight, AIDS/HIV status, and any other protected category under federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. #LI-Remote

  1. https://www.youtube.com/watch?v=ImJqBX0OXew
  2. https://www.youtube.com/watch?v=b0r5vc_eCoU
  3. https://segment.com/blog/secure-access-to-100-aws-accounts/
  4. https://www.meetup.com/Bay-Area-OWASP/
  5. https://owasp.org/www-chapter-vancouver/
  6. https://2018.appseccalifornia.org
  7. https://bsidessf.org
  8. https://www.owaspbcday.org/
  9. https://www.dayofshecurity.com
  10. https://open.segment.com
  11. https://segment.com/blog/the-right-way-to-manage-secrets/
  12. https://www.meetup.com/Bay-Area-OWASP/
  13. https://owasp.org/www-chapter-vancouver/
  14. https://2018.appseccalifornia.org
  15. https://bsidessf.org
  16. https://www.owaspbcday.org/
  17. https://www.dayofshecurity.com
  18. https://www.linkedin.com/company/segment-io/life/158aab60-769e-4b14-8505-f8063f6162f6/

Other jobs at Segment

4 jobs in the last 60 days · 5 in total · avg 0.45 jobs/mo · 141 job visits

Corporate Infrastructure Security Engineer

Corporate Infrastructure Security Engineer

Overview   Thousands of companies send their most sensitive data through Segment daily: personal data, user actions, and sensitive revenue metrics. Those companies have thousands (even millions) of customers each. Segment, as the platform that connec

today
Application Security Engineer

Application Security Engineer

Overview  At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, whi

today
 Principal Site Reliability Engineer (L5)

Principal Site Reliability Engineer (L5)

At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while enginee

today
Principal Site Reliability Engineer

Principal Site Reliability Engineer

At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while enginee

today
Enterprise Account Executive, Remote

Enterprise Account Executive, Remote

OVERVIEW At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, whi

11 months ago
Segment