Software Engineering - DevOps - Security

About Us

Signal Sciences empowers security and engineering teams by providing visible and effective web application security protecting against real-world attacks. With our unique hybrid on-premise and cloud architecture, we process, protect and report on billions of requests per day for some of the most sophisticated companies in the world ranging from Adobe to Vimeo, Taser to Under Armour. Our goal is making a more secure Web, with tools that people love to use, written by people who love to make them. Join us.

The Job

  • Is in the engineering group
  • Located in Los Angeles, CA, although exceptional candidates a few time zones away will be considered
  • Is an individual contributor job (not people management).
  • Note that while is job is focused security, it’s really an engineering job and likely be 50% programming.

Problems

Just like everyone else, security vendors have security needs too. The tenants of this job are

  • Making security visible
  • Making security timely
  • Making security actionable

Some examples of projects include:

  • Is our network topology what we expect it to be. What tools have your used? Or have you just written custom scripts?
  • In a docker world, how can we make sure the base OS and added components are up to date?
  • Making sure relevant security logs are sent upstream to centralized logging, and then alerting on anomalies from it.
  • Auditing, enhancing, and monitoring our TLS, SSH, Mail and DNS configurations
  • Working toward immutable architectures
  • Making so no one has a need to log into production since… everything they need is outside production already.
  • Base OS hardening
  • Exporting of security metrics to internal dashboards.

Solutions

  • While knowledge of security is useful, more important is solid software engineering skills and having experience in full software lifecycles and working in teams. If you wanted to learn more about security this is a great place to start.
  • Solid linux and bash experience
  • Ideally background with multiple lanaguges either scripting (ruby, python, etc) or compiled (java, etc). Most of our tools are in Go (“golang”), but almost nobody on the team had proficiency before joining.
  • Integration experience between different systems will be useful. It’s likely you’ll be pulling data out, asking for data with an API, and pushing to another data store or API.
  • Bonus: integration experience with some type of centralized logging (anything from syslogd to splunk to sumo logic) and some type of metrics / graphing system (anything from graphite to data dog).

How to Apply

To apply, please email the following things to careers@signalsciences.com: (1) your resume, preferably in PDF, plaintext or markdown format, (2) your GitHub or other social-coding handle, or a URL to your personal site or blog, and (3) a brief introduction to yourself, and why the job and Signal Sciences are right you. Didn't see quite the right job? Email us anyways as job descriptions don't always match the positions and skills needed.

Apply for This Position

The Job

  • Is in the engineering group
  • Located in Los Angeles, CA, although exceptional candidates a few time zones away will be considered
  • Is an individual contributor job (not people management).
  • Note that while is job is focused security, it’s really an engineering job and likely be 50% programming.

Problems

Just like everyone else, security vendors have security needs too. The tenants of this job are

  • Making security visible
  • Making security timely
  • Making security actionable

Some examples of projects include:

  • Is our network topology what we expect it to be. What tools have your used? Or have you just written custom scripts?
  • In a docker world, how can we make sure the base OS and added components are up to date?
  • Making sure relevant security logs are sent upstream to centralized logging, and then alerting on anomalies from it.
  • Auditing, enhancing, and monitoring our TLS, SSH, Mail and DNS configurations
  • Working toward immutable architectures
  • Making so no one has a need to log into production since… everything they need is outside production already.
  • Base OS hardening
  • Exporting of security metrics to internal dashboards.

Solutions

  • While knowledge of security is useful, more important is solid software engineering skills and having experience in full software lifecycles and working in teams. If you wanted to learn more about security this is a great place to start.
  • Solid linux and bash experience
  • Ideally background with multiple lanaguges either scripting (ruby, python, etc) or compiled (java, etc). Most of our tools are in Go (“golang”), but almost nobody on the team had proficiency before joining.
  • Integration experience between different systems will be useful. It’s likely you’ll be pulling data out, asking for data with an API, and pushing to another data store or API.
  • Bonus: integration experience with some type of centralized logging (anything from syslogd to splunk to sumo logic) and some type of metrics / graphing system (anything from graphite to data dog).