Moltin is looking for a senior security engineer to help drive security facing activities alongside the Core Engineering team.
We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Core Engineering (who focus on anything from core payments APIs, to powerful dashboards, to mobile apps and consumer-facing products) to move quickly without compromising on safety.
What you will start off doing:
Some of the day to day responsibilities you might encounter in this role:
- Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production.
- Be a security subject matter expert and respond to any internal security engineering questions/request.
- Work with other teams to help architect solutions that are inherently secure.
- Correctly balance security risk and product advancement.
- Perform penetration testing on our internal and external applications.
- Threat model existing applications.
- Perform reactive incident response when a security event occurs.
- Perform proactive research to detect new attack vectors.
What we want you to become:
- To implement standard practices across the entire organisation.
- To implement training patterns and practices for our engineering teams.
- To begin to grow and scale this organisation around you to successfully support the company as it grows.
The ideal candidate:
The ideal candidate has either scaled a security operation from zero, or been part of a successful team scaling operation in another organisation and feels they have built the skills to take lead of this themselves.
We also look for the following:
- Has designed and implemented mitigations for common classes of bugs in a popular web framework before.
- Has software engineering experience in production environment.
- Has a deep understanding of the web’s architecture.
- Has a knack for finding flaws in software and can effectively communicate how to fix them.
- Is a strong communicator and is accustomed to working closely with a product team.
- Can think about problems from an out-of-the box perspective, doesn’t always default to industry norms.
- Can think like an attacker and use that context to develop threat models.