Key skills
PythonRustCloud infrastructure securityGCPCloudflareAWSKubernetesDockerDistrolessOCITerraformBazelBuildkiteIdentity and Access Management (IAM)RBACOAuthZero Trust network architecturesmTLSDistributed systemsService meshEnvoyIstioLinuxSaltIAMService MeshCI/CDRisk ManagementMentoringZero Trust
About this role
Discord is a platform used by over 200 million people for gaming and community engagement. They are seeking a Staff Engineer to enhance their security posture through software development and operational excellence, focusing on risk reduction across Engineering.
Responsibilities:
- Shape company-wide security strategy and lead software engineering projects on a highly-autonomous and horizontally-integrated team with a lot of leverage. This is a code-forward role!
- Develop and apply best-in-class secure baselines for cloud infrastructure
- Secure first- and third-party software supply chains, from the dev environment through CI/CD and into production
- Build and own identity and access management (IAM) systems that are user-friendly and promote least privilege
- Manage infrastructure vulnerabilities while supporting rapid growth for Engineering
- Consult on risk assessments, architectural designs, threat models, code reviews, and more—pragmatically balancing security with other business considerations
- Support IAM with scalable platform solutions (check out https://discord.com/blog/access-a-new-portal-for-managing-internal-authorization)
- Build tooling to prevent and address vulnerabilities across our infrastructure
- Integrate service-to-service authentication and authorization into Discord’s internal developer platform
Requirements:
- 5+ years of experience building and operating production systems or infrastructure
- 5+ years of experience writing software in a general-purpose programming language (we mainly use Python and Rust)
- 4+ years of experience securing systems with millions of users
- Experience mentoring junior ICs and leading technical projects involving multiple engineers and spanning multiple quarters
- Experience designing and building software for customers (internal or external) beyond your immediate team
- Experience securing cloud environments (e.g. GCP, Cloudflare, AWS)
- Experience defining and orchestrating containers (e.g. via Kubernetes, Docker, Distroless, OCI)
- Familiarity with build and CI/CD technologies (e.g. Terraform, Bazel, Buildkite)
- Understanding of modern authentication and authorization concepts (e.g. RBAC, OAuth, Zero Trust network architectures, mTLS)
- Developed and debugged distributed systems atop GCP and Cloudflare
- Led complex migrations or risk management programs across an engineering organization
- A system to discover industry tools that can multiply your team's impact
- Experience securing multi-cloud environments
- Built or operated a service mesh (e.g. Envoy, Istio)
- Managed and secured VMs or bare-metal hosts (e.g. Linux, Salt)