Senior Product Security Engineer
Overview
At Segment, we believe companies should be able to send their data wherever they want, whenever they want, with no fuss. Unfortunately, most product managers, analysts, and marketers spend too much time searching for the data they need, while engineers are stuck integrating the tools they want to use. Segment standardizes and streamlines data infrastructure with a single platform that collects, unifies, and sends data to hundreds of business tools with the flip of a switch. That way, our customers can focus on building amazing products and personalized messages for their customers, letting us take care of the complexities of processing their customer data reliably at scale. We’re in the running to power the entire customer data ecosystem, and we need the best people to take the market.
The Segment Product Security Team is growing to support our product security initiatives, and we’re looking for talented security software engineers who are excited to help us build a more secure product. As a Product Security Engineer at Segment, you’ll work alongside other security engineers and the rest of the engineering organization to build the security features of our product.
Who we are:
We're a small team with a passion for startup security, which means we are always thinking of newer and better ways to tackle hard security problems. We take on ambitious projects that have a big impact on our customers and the security of our company. We talk about our methods and accomplishments in public blogs, at conferences, and in presentations. If you want to be this kind of security person and work with a team that's like you, to create innovative security solutions for distributed systems and architecture, we'd love to hear about your approach and introduce you to our team.
A little more about our team:
- How we partner with engineering to build product security features
- Our CISO’s Approach to Building a Security Team and Program
- We deleted every employees’ AWS keys!
- We help organize the OWASP SF chapter, the AppSec California, B-Sides SF, and Day of Shecurity conferences
- How we help customers secure their accounts
What we do:
- We partner with our software engineering counterparts to build security features. If you are looking a role focused on DAST, SAST, SCA, engineering training, threat modeling, etc. please check out roles on our Application Security Team!
- We’ve helped build our authentication service, two-factor authentication (2FA), our password strength meterintegrated with Have I Been Pwned, and SCIM
- We believe that our app should make good security choices by default for our customers, but also allow for flexibility to serve the needs of our customers regardless of where they’re at on their own security journey.
- We are practical with our recommendations, but also want to delight our most security conscious customers.
Who we are looking for:
- You are not afraid to produce and ship production level code to implement new security controls.
- You are excited to work “full stack” on a variety of security challenges and initiatives.
- You're empathetic, patient and love to help your teammates grow more secure in their day to day.
- You're focused, driven and can get challenging projects across the finish line.
- You're proud of the projects you build, but you're also humble.
- You try converting a security “no” into a “yes” through technological innovation.
- You’re willing to share the awesome things you build to the greater application security community through open source and conference talks
Projects We’re Working On:
- Increasing customer engagement with existing Product Security features and tracking engagement
- Improving the way that Segmenters access workspaces to assist customers
- Helping customers secure their API keys
- Rolling out a Content Security Policy (CSP)
Requirements:
- You have a solid understanding of software security principles
- You can write maintainable software to solve security problems
- Excellent written and verbal communication skills
- Experience working cross functionally with a diverse group of stakeholders
- You can break down complex security problems into measurable and solvable pieces
- You have 4+ years of software security engineering experience or some cool projects on GitHub you think we'll love to check out
Bonus:
- Practical software development skills with Node, Typescript, and/or React
- Experience mentoring junior engineers
- Experience building product security features like Single-sign on (SSO), 2FA, or SCIM
- Experience building mitigations for account security risks
- Practical knowledge of web application vulnerabilities and mitigations
- You’re involved in the InfoSec community
- Experience implementing or maintaining a pragmatic Content Security Policy (CSP)
We encourage you to apply if this role excites you - even if you think you may not meet all of the qualifications. At Segment, we live by four values: karma, drive, tribe, and focus. We are always looking for outstanding individuals with diverse backgrounds and perspectives who embody these values. To learn more about life at Segment and our commitment to diversity, equity, and inclusion, visit our LinkedIn page. We’re excited to meet you!
Segment is an equal opportunity employer. We believe that everyone should receive equal consideration and treatment in all terms and conditions of employment regardless of sex, gender (including pregnancy, childbirth, breastfeeding or related medical conditions), sexual orientation, gender identity, gender expression, race, color, religion, creed, national origin, ancestry, age (over 40), physical disability, mental disability, medical condition, genetic information, marital status, domestic partner status, military or veteran status, height, weight, AIDS/HIV status, and any other protected category under federal, state or local law. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
#LI-Remote