Redefining the way companies apply ML to business
Internal Security Engineer
The hCaptcha security team is responsible for designing mitigations for broad classes of bugs. Because of the nature of hCaptcha's product, security, availability, and privacy are core mission goals. Through a practice of DevSecOps we use state of the art tools, maintain the infrastructure that supports our efforts, and empower business and development to move quickly without compromising on safety for our millions of daily users.
- Work on our production code. We have many security-related features you will help to improve, including state-of-the-art applications of ML to the security domain.
- Inform the techniques of how our code is built through this experience. This can include adding scanners, fuzzers, or other automatic analysis or improving processes. The goal is to develop new techniques to ensure engineering teams find flaws before they are introduced into production.
- Be a security subject matter expert and respond to any security engineering question. Provide on the job training on new security technologies and techniques.
- Work with engineering teams to design solutions that are inherently secure.
- Work along side of our security vendors to crush risk.
- Correctly balance security risk and product advancement
- Participate in software security initiatives
- Participate in threat modeling discussions
- Evaluate the security posture of existing applications
We’re Looking For Someone Who Has
- Software engineering experience in a production environment with both - - - Python
- Familiarity with Kubernetes will also be helpful.
- Familiarity with common fuzzers, and ideally experience deploying them in a - CI/CD pipeline
- A knack for finding flaws in software and can efficiently communicate how to fix them
- Strong communication skills and is accustomed to working closely with a product team
- Doesn’t always default to industry norms when solving a problem
- An ability to think like an attacker to develop threat models
- Has designed and implemented mitigations for common classes of bugs.
- Nice to have: experience with SOC-2 Type 2 compliance processes.
We are a fully remote company
We have just enough meetings. Not too much, not too little. Everyone is remote-first enabling a worldwide workforce.
We have a very generous paid vacation program. The best in the industry.
Our san francisco office is pet friendly
Our SF office is fully optional but we supply free food and a place for dogs to play.