DuckDuckGo: Senior Security Engineer at DuckDuckGo () (allows remote)
Posted: Jul 21, 2021
We are a diverse, fully distributed team from around the world, working toward a shared vision to raise the standard of trust online.
Join our team as a Senior Security Engineer and help build, maintain, and improve major components of our security technology.
As part of our growing team, you will collaborate with team members at all levels to develop robust security processes, implement security detection and prevention technologies, triage security incidents, and champion a culture of security-first thinking.
We empower our team to be self-directed and self-motivated in their work. If you'd thrive in that environment, and our core values resonate with you -- build trust, question assumptions, and validate direction -- you'll fit right in!
WHAT YOU WILL DO
· Lead projects from proposal through postmortem, assessing vague problems, proposing high-impact solutions, and executing them against a set of success criteria.
· Resolve security issues, large and small, that impact our organization.
· Build cultural awareness of strong security practices and procedures.
· Support engineering teams on security initiatives, advising on best practices around systems design, hardening, encryption, data protection, and authentication.
· Improve our security architecture by enhancing our defensive technologies, general product configuration, and ability to detect and respond to security incidents.
· Design security systems that uphold the strict privacy guarantees of DuckDuckGo.
· Mentor peers through remote collaboration opportunities, including product brainstorms, technical design discussions, and code reviews.
· Monitor, triage, and respond to security alerts, including light on-call rotations.
· Write pragmatic, testable code to automate common security tasks.
WHAT WE ARE LOOKING FOR
· 7+ years of experience working on security systems in an engineering capacity (implementing or maintaining security systems such as SIEM, HIDS, EVM, SAST/DAST, etc.).
· Deep technical understanding of blue team tactics, threat detection and response, and other security disciplines, including a familiarity with red team tactics.
· Proficiency in programming or scripting.
· Strong understanding of Linux system administration.
· Experience collaborating with a cross-functional team.
· Strong communication skills: You clearly articulate recommendations and decisions in verbal and written form.
· Ability to provide feedback to an array of stakeholders, internal and external.
Annual compensation: $144,000 USD and stock options.
Maintaining satisfaction at work is one of our company objectives, just like maintaining and improving our private search engine. Our Team Member Support Guide explains how we make you our top priority.
For over a decade, we've built a unique culture that helps us continuously improve job satisfaction and productivity. Want to know more? Check out DuckDuckGo Culture: How We Work for an overview of how we collaborate worldwide.
OTHER THINGS TO KNOW
- Sometimes we meet up! Expect to travel at least two times a year: once for our all-hands meetup and again for a team retreat (each ~4-5 days).
- While this is a full-time job and we offer a flexible work arrangement with no core hours, expect an average commitment of 40 hours per week.
Hiring works best when it's a two-way street. Learn how we help you get to know DuckDuckGo and envision your future role here. Find out more about how we hire.
DuckDuckGo provides equal work opportunities to all team members and applicants and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
If you think you might thrive in this environment, we would love to hear from you.
PLEASE NOTE THAT
- A successful candidate will be subject to a background check.
- By applying for this role, you confirm that information submitted is accurate and that you understand falsification is cause for denial of employment or termination.