Intercom: Senior Security Engineer (DevSecOps) at Intercom (London, UK) (London, UK)
Posted: Apr 9, 2019
The world’s first customer platform helping internet businesses accelerate growth
Intercom builds a suite of messaging-first products that all modern internet businesses can use to accelerate growth across the customer lifecycle, from acquisition, to engagement, and support. Today more than 25,000 businesses, including New Relic, Sotheby’s, and Shopify, use Intercom to connect with a billion unique people worldwide.
Intercom is a deeply creative company with the confidence to believe it can fundamentally change the future of internet business. Our people are incredibly ambitious, yet humble. Warm, accepting, and positive. Whether you build, market, sell or support product, we want you to make your mark with us.
What's the opportunity?
Our security team is responsible for making sure all our products are designed and implemented to the highest security standards. Keeping our customers' data secure is the most important thing that Intercom does. As both our product offering and our customer base continues to grow (we now have over 13k paying customers and counting!), we need to scale up our security and we’re looking for an experienced engineer to join our team.
This is a special role in that you would be working on all aspects of security (app, infrastructure, penetration testing, audit & compliance, development, etc.) rather than specialising in just one aspect, as is the case with larger teams in larger companies. Also unlike most companies, we design and build our product entirely in Dublin, so you will be uniquely positioned to own and drive security policies and technologies across all parts of Intercom. Find out more about our engineering culture here.
What will I be doing?
You will get to work directly with our product and infrastructure engineering teams, you will also build and own tools, services and infrastructure used across the company.
- Perform technical security assessments on web applications, mobile clients, and architecture designs
- Maintain and create secure development practices and programs for our growing engineering teams
- Communicate security risks to engineering teams through training and technical demonstration of vulnerabilities and secure design patterns for security topics
- Conduct security code reviews, and architectural reviews
- Partner with other teams at Intercom to constantly improve our defensive posture
- Work on new product features to make Intercom users and data more secure
- Help us maintain security compliance and certification
Example projects might include:
- developing a new secure signup workflow for the main Intercom application
- building a centralised, 2-factor authentication system to manage access to all internal Intercom systems
- evolving our operational logging infrastructure, adding alerting on unusual events
- helping us build a better corporate and production infrastructure
What qualifications do I need?
Typically, a degree level qualification but at least NQF Level 6 (or similar)
What skills do I need?
You need to be an experienced security engineer, preferably a generalist or a specialist with an interest in all aspects of security. You should prefer automating work over manual processes - we love automation and would love you to build your own tools for automating processes.
You also need:
- Practical experience and proficiency with a high level programming language (e.g. Ruby, Python, Perl) - this skill is essential for you to be able to create tools and work with product engineers on the existing body of code
- Solid understanding of web application architecture - Intercom is a web app, so you need to know how to secure web apps
Bonus skills & attributes
- Experience running and managing services on AWS or similar cloud services
- Familiarity with core internet technologies (e.g. TCP/IP)
- Background using Linux - all of our apps run on Linux