Senior Security Engineer
Blackpanda is Asia’s premier cyber security incident response firm, hyper-focused on digital forensics and cyber crisis response. Our team consists of an elite cadre of risk and security experts from various specializations, military special forces, intelligence, forensics, and law enforcement. We are also a fully distributed team across the globe and will be there 24/7 to help if a breach occurs.
In addition, Blackpanda successfully closed a $12.5m
USD Series A co-led by global leading private equity firms Primavera Venture Partners and Gaw Capital Partners.
What are we looking for:
Technology is at the heart of what Blackpanda does, and is looking for a seasoned security engineer who thrives on daily hands-on projects, while excited by the opportunity to grow into leading a tight-knit, diverse security engineering team, building class-leading architecture and security products.
Blackpanda is at an exciting stage, envisioning what cyber risk protection can look like in the APAC region, and you will be building that future. This role suits someone who is excited by the prospect of building security products from the ground up with the most appropriate technologies available today.
You will have extensive experience in modern security engineering, preferably currently working at a security product-focused company. Initially, you will be developing forward-thinking solutions to protect against external threats to a company’s digital assets. You will be leading attack-surface technology with the goal of providing real-time, continuous insights for a given SME in APAC as to their security posture and the likelihood of threats.
Led by our CTO, you will be expected to be able to synthesize our security product and business problems into an engineered solution using the most appropriate language, modules, and tooling. Blackpanda is building a cross-functional engineering team where all members should be excited by the prospect of solving problems first through planning and dialogue, and only after this moving to code and infrastructure setup.
About the role:
Cash: USD$110,000 annum. No bonuses or commissions.
Equity: ESOP grant size of USD$25,000 at current Fair Market Value. Strike price set at current Fair Market Value, with a 5-year vesting period inclusive of a 1-year cliff.
The successful candidate will work closely with and reports to the Chief Technology Officer.
Responsibilities and duties:
● Identifying and responding to emerging security threats quickly and effectively is a priority for all businesses, but conflicting priorities, tools that produce too much noise, or insufficient resources can often slow security teams down. You will be developing the future of how companies of all sizes (and especially SMEs in APAC) are able to identify and respond to potential threats before they develop into fully-fledged attacks and breaches.
● You will be curating a significant number of data sources via modules, and turning these into proactive alerting of potential critical and high-risk issues. Leveraging our in-house security team, you will collaborate with some of the most experienced incident responders in the field to develop real-time analysis of potential threats and make them understandable for non-technical business owners and employees.
● Work closely with the CTO to evaluate platforms - test driving an API or working methodically through the documentation to understand if it will solve the business need.
Qualifications and experience:
● At least 5 years working as part of a security team and/or security product team as an engineer, shipping production-ready code and solutions.
● Natural curiosity and you thrive on learning new things
● Value balance in your life and know when to call it a day so that you come back fresh the next morning with class-leading solutions. We do not promote sloppy code and as such, we guard against overworked, tired developers, but you must also be good at managing your own time to achieve this.
● Passion for efficiency and collaboration, with a history of establishing great relationships with your engineering peers.
● Prioritize test-driven, elegant solutions that are maintainable, aided by appropriate terse or detailed documentation, whichever makes the most sense per case.
● Significant experience with open-source modules in the security field and how to incorporate them to achieve the best value for the problem at hand.
● You understand that there are significant costs associated with computing and storage on an ongoing basis of modern security engineering, and understand how to help keep these manageable with the help of your team
● Comfortable presenting to a group over video calls periodically, describing how a solution was arrived at, and how it works in layman's terms.
● Business fluent written and verbal communication skills in English
● Conversational fluency and higher in any Asian language is a plus but not required
Technical qualifications and experience:
● At least 5 years working in a professional capacity as a security engineer, ideally with a product focus. This time should not include any years of study, or pure ‘hobby project’ time.
● You have led the development of, or significantly contributed to security products/tools that are used daily either by customers or internal teams and form a critical function of the organization / primary revenue stream
● Extremely proficient in Python
● Familiar with at least one containerized deployment platform, such as Google Cloud Run, Amazon ECS, Azure and/or directly with K8s
● Experience using and maintaining CI/CD pipeline infrastructure. Minimal maintenance such as Github actions experience is a plus.
● Bachelor’s degree in a related field and/or a clear history of engineering in a team-based, professional capacity for the stated experience years (5+)
What we offer:
● This is a remote-first position. With our ‘Work From Anywhere’ policy, the successful candidate can work from anywhere globally subject to alignment with business and operational requirements, and be available for a minimum of 6 hours between 9am and 6pm Singaporean time zone to sync with the Tribe.
● 40 days paid leave per year to also be used in lieu of all gazetted Singapore holidays at user choice. This is due to the global arrangement of personnel with different public holidays and the requirement of the company to be on standby as a crisis response unit 24/7/365.
● Work-life balance - no scheduled internal meetings on Fridays, unless absolutely necessary.
● Enrollment in the company corporate health plan (where available) or USD$100 per month allowance.
● Opportunities for travel, team onsite meet-up, and training opportunities.
Blackpanda will sponsor the cost of no less than one (1) training course each calendar year. The
topic of the training will be your choice, subject to approval by your manager, and will be no greater than USD$5,000 annually.
Blackpanda is committed to building a culturally diverse company, and we value a broad set of opinions in our team. As we grow, we are looking to build a team with a range of viewpoints at its core, and we encourage applications from all genders as you identify (X/F/M) and minority candidates.