About the Role
STAFF PRODUCT SECURITY ENGINEER
Remote
Discord empowers people to create spaces where they can find a sense of belonging in their lives. Millions of people trust Discord to keep their communications secure, private, and out of the hands of evildoers, so security and privacy are necessary to Discord’s success.
We are looking for a Security Engineer reporting to the Product Security Engineering Manager to join our team in building a secure and protected platform for Discord’s users. If you are an Engineer with a wealth of experience making the secure way the easy way, a deep sense of curiosity, and an endless desire to improve Discord, read on!
What You’ll Be Doing
- Design and develop technical solutions to find and address security issues (including libraries and frameworks).
- Build tools with an emphasis on self-service, automation, and performance, to help identify and mitigate application security flaws.
- Perform reviews ranging from architectural design to threat modeling and source code level assessments, providing recommendations to make our products more secure.
- Review development frameworks for security functionality, consistency, and uplift opportunities.
- Deep-dive into the architectural and technical aspects of new projects, providing expert security guidance and/or writing technical security controls
- Discover weaknesses in Discord by using both manual and automated methods (code reviews, threat models, static scans, penetration tests).
You Will Thrive In This Role If
- You have 5+ years experience securing production applications.
- You have 5+ years of experience with application security tooling and processes, including code review, static code analysis, penetration testing, and risk management.
- You have 5+ years of experience programming in at least one general purpose programming language (e.g. Python, Rust, Go).
- You have experience leading multiple security projects with a cross-functional group.
- Expertise with common application vulnerabilities on the platforms Discord ships on (that’s all of them).
- You are well-experienced implementing and using application security tools.
- You have experience operating in cloud-based environments (we use Google Cloud, but experience with other platforms is ok too).
- You are an expert at reasoning about the security of complex systems, even if they contain components you aren’t familiar with.
- Experienced with Threat Modeling and analyzing complex designs.
Bonus Points
- Experience programming in at least one systems programming language (e.g. C, C++).
- Experience with Linux system administration (we use Ubuntu).
- Experience developing, operating, and debugging distributed systems.