Role at a glance
We are seeking an extraordinary Staff Software Engineer to add to our Engineering Team, focused on Security. You are sharp, results-oriented, knowledgeable, ambitious, and resolved, taking pride and ownership in everything you build.
You will lead all Cyber Security efforts at Plastiq and be responsible for securing Plastiq’s applications and infrastructure, working closely with multiple security partners and other members of the Engineering organization including Architecture, Infrastructure and Product Development.
Why this role is awesome
- You will be a key technology leader with a vision within our organization around security
- You will set the Cyber Security program for Plastiq and take our current practices to the next level
- You will mentor peers with the latest in Information Security techniques to deliver our software securely at scale
- You will be a resource for your peers when it comes to evangelizing the latest in Cyber Security developments and trends
- You will be collaborating with a fun, supportive, and high energy team that takes pride in building exceptional software
Plastiq operates a Continuous Delivery Model using GitHub and Jenkins. We are building a component-based front-end written in React.JS. On the back-end servicing the front-end, we use node.js/GraphQL, which sits in front of our own Payments Processing Platform built in Java.
- 12+ years experience in Software Development organizations, with at least 5 years in a Cyber Security/Information Security role
- Deep knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses
- Mastery of multiple security domains such as intrusion detection, incident response, malware analysis, and forensics.
- Strong knowledge of UNIX operating systems
- Hands-on expertise operating in an AWS environment with mastery of architecture and security capabilities in the cloud
- Strong knowledge of web application security, browser security models, and application security vulnerabilities such as the OWASP Top Ten
- Deep understanding of network attacks, DDoS, Phishing, email protocols/security/spam, encryption, authentication, logging and log analysis, IP and device reputation, and security rules and policies
- Experience with Bug Bounty programs such as Hackerone or Bugcrowd
- You learn quickly, and you’re adaptable and versatile
- Professional certifications such as: CISSP, CEH, OSCP, OSCE, GPEN or other relevant industry certification strongly preferred
- Execute penetration tests and perform secure code reviews for our products
- Teach secure development practices to our engineers
- Work with Product Teams to threat model their projects in all aspects of the SDLC
- Make recommendations to help improve Plastiq’s application security posture
- Keep key Engineering Security documentation and policies up to date
- Establish and operate our bug bounty program, working with security researchers to find security flaws in our code
- Support third-party audits and compliance reviews (PCI, SOC2, ISO 27001)
- Support 3rd party security vulnerability scans and triaging of found risks
- Continuously advance your personal knowledge of software security to stay bleeding edge
A little bit about us
Plastiq is billpay with benefits.
Everyday payments have become second nature: we swipe a card, tap a button, or press submit. But many of our most important bills — a child's care or tuition, critical business expenses, or taxes and rent — haven't caught up. Billions of checks are still written today. Wire transfers can be confusing. Payments are slow, late, or even unaccounted for.
We set out to pursue these challenges.
Our mission? To make bill payment simple and seamless. Plastiq lets you pay bills in the way that works best for you. We hope you love the service.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.