Security Engineer

Who we are

Our mission at Sourcegraph is to make it so that everyone can code, not just ~0.1% of the population. Our code intelligence platform helps developers and companies with billions of lines of code create the software you use every day. By enabling more people to code, we believe we will create economic opportunity across the world and will drive progress that benefits everyone.

It’s an exciting time to join Sourcegraph. Our business is growing rapidly: we’ve experienced exponential growth and our $125M Series D from Andreessen Horowitz and $50M Series C from Sequoia have given us the opportunity to make big ambitious bets on our future. We have a huge market (every company that builds software) and massive opportunity (most developers haven't even heard of code intelligence yet, but once you've used it, you can't live without it--just like Google). By continuing to hire exceptional people, we have the opportunity to make Sourcegraph one of the biggest technology companies in the world.

Working hours

Given that we are an all-remote company and hire almost anywhere in the world, we don’t have a location requirement for this role. However, your working hours must overlap with Central Standard Time (CST) Monday to Friday. 

Why this job is exciting

As a Security Engineer, you will be part of our exceptional security team tasked with building world-class security into our product offerings by working on vulnerability management, dynamic testing and scanning, bug bounty programs, and security reviews for both application and infrastructure security. Proactively improve the security of our codebase, our product, our cloud, and our customers' on-premise deployments. 

Within one month, you will...

• Contribute to the team's goals and deliverables for securing Sourcegraph, enabling customer to upload private code repositories

• Discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers

• Enhance our security with audits, best practices, code fixes, and continuous education

• Perform reactive incident response if a security event occurs

Within three months, you will...

• Enhance our security measures and policies to support organizations on Sourcegraph managed instances

• Work with other teams to triage, troubleshoot and mitigate customer concerns and questions about our security

• Work together with your manager on a career plan with actionable goals

Within six months, you will...

• Work with other teams and engineers to implement secure coding guidelines and best practices

• Perform proactive research to detect new attack vectors

• Perform threat modeling for existing and future applications 

• Assess and integrate new tools and technologies to improve our operational efficiencies

• Work towards compliance with SOC 2 & GDPR standards

About you 

Equal parts engineer and security professional, you are excited about joining a team that is building a world class security system trusted by some of the biggest tech companies in the world.  You and your teammates are Sourcegraph’s first line of defense against bad actors using all the newest and dirtiest tricks to hack us and (more importantly) our customers.  You want to be a part of the foundational team, the first steps we are taking to build something big, something trusted, something critical to software and our customers

Learn more about our team and our goals. Learn more about our company values and our guiding engineering principles.

Qualifications:

• You have practical experience securing SaaS applications including infrastructure security, application security, and compliance

• You have experience using and automating a wide range of defensive security tools

• You have experience developing software as an engineer (i.e., writing code and contributing directly to applications)

• You have experience working across engineering teams to support secure coding across the organization.

• You are high agency

• You communicate effectively in writing and documentation

Nice-to-haves:

• You have experience working in a startup or tech company environment

• You have experience with Go, Typescript, Terraform

• You have experience with Kubernetes, GCP

• You have experience with on-premise deployments