Security Engineer [IC3]

Description

Sourcegraph is the world's most powerful code intelligence platform. As a Security Engineer, you will join the security team building world-class security into Sourcegraph's product offerings — covering security operations, monitoring and alerting, on-call rotations, incident response, application security testing, bug bounty programs, and security reviews for both application and infrastructure security. You will proactively improve the security of the codebase, product, cloud, and customers' on-premise deployments. This is a generalist role primarily focused on Security Operations, working across all facets of the security program. Teams at companies like Stripe, Uber, and Dropbox rely on Sourcegraph to ship faster and with higher quality. Sourcegraph is backed by a16z, Sequoia, and Redpoint and operates as a globally distributed team. Working hours must overlap with EST for at least 20 hours/week. Preferred location: Europe.

Responsibilities

Within one month: onboard to the alerting and monitoring stack and participate in on-call rotations; discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers. Within three months: maintain internal systems and automations that assist in alert triaging; work with other teams to triage, troubleshoot, and mitigate customer security concerns; enhance application security with audits, best practices, code fixes, and continuous education; perform reactive incident response if a security event occurs. Within six months: perform proactive research to detect new attack vectors; perform threat modeling for existing and future applications; assess and integrate new tools and technologies to improve operational efficiencies; help maintain compliance with SOC 2, ISO 27001 & GDPR standards.

Requirements

Practical experience reviewing SIEM alerts and participating in on-call rotations. Practical experience securing SaaS applications as a security generalist, including infrastructure security, application security, and/or compliance. Experience with Go, including writing and maintaining internal tooling along with code reviews. Experience with Elastic stack and GCP. Experience using and automating a wide range of defensive security tools. Experience working across engineering teams to secure projects across the organization. High agency and effective written communication. Nice to haves: Experience developing software as an engineer; startup environment experience; TypeScript and Terraform; Kubernetes; securing AI products.

Required Skills