SourcegraphRemote
Security Engineer [IC3]
United States of America
Full Time
4 hours ago
$72,000 - $144,000 USD
No H1B
Key skills
SIEM alert reviewOn-call rotationsSaaS application securityInfrastructure securityApplication securityCompliance standardsGo programmingElastic StackGoogle Cloud PlatformSecurity automation toolsSecurity incident responseThreat modelingSOC 2 complianceISO 27001 complianceGDPR complianceHigh agencyEffective written communicationTypeScriptGoAIGCPTerraformKubernetesSaaS
About this role
Sourcegraph is a leading code intelligence platform, empowering developers to navigate complex codebases effectively. As a Security Engineer, you will be part of the security team, focusing on security operations, incident response, and application security testing to enhance the overall security of the product and its infrastructure.
Responsibilities:
- Be onboarded to our alerting and monitoring stack
- Be able to participate in on-call rotations
- You will discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers
- Maintain internal systems, such as automations that assist in alert triaging
- You will work with other teams to triage, troubleshoot, and mitigate customer concerns and questions about our security
- You will enhance our application security with audits, best practices, code fixes, and continuous education
- You will perform reactive incident response if a security event occurs
- You and your manager will work together on a career plan with actionable goals
- You will perform proactive research to detect new attack vectors
- You will perform threat modeling for existing and future applications
- You will assess and integrate new tools and technologies to improve our operational efficiencies
- You will help maintain compliance with SOC 2, ISO 27001 & GDPR standards
Requirements:
- Practical experience reviewing SIEM alerts and participating in on-call rotations
- Practical experience securing SaaS applications as a security generalist, including infrastructure security, application security, and/or compliance
- Experience with Go, including writing and maintaining internal tooling along with code reviews
- Experience with Elastic stack and GCP
- Experience using and automating a wide range of defensive security tools
- Experience working across engineering teams to secure projects across the organization
- You are high agency
- You communicate effectively in writing and documentation
- Experience developing software as an engineer (i.e., writing code and contributing directly to applications)
- Experience working in a startup environment
- Experience with TypeScript and Terraform
- Experience with Kubernetes
- Experience securing AI products