Listing Description

What You'll Do:

• Lead the development, design, and evolution of platform security serverless microservices for identity, authentication, and authorization, as well as tools and patterns providing data encryption and secrets management.


• You will be the security champion and advocate for platform application security services and best practices throughout the organization. The ability to clearly, concisely, and patiently communicate architectural/implementation risks to engineers, product owners, and leadership will be pivotal in this role.


• Share knowledge and expertise with platform security team members to aid in their growth and understanding, elevating the whole team and improving our efficacy.


• Document system, service, and data interactions and flows for consumption by engineers inside and outside of the platform security team.


• Encourage innovation and foster an environment of continuous improvement.


• Identify risks and aid in implementing process and implementation improvements in the overall platform.


• Provide code reviews for sensitive code bases with a focus on code quality and secure implementation.

What We Are Looking For:

• 5+ years of combined software, security, and cloud infrastructure engineering and/or architecture experience.


• Intimate familiarity with OAuth/OIDC flows, JWT tokens, and overall identity, authentication, and authorization principals.


• Understanding of modern cloud security and secure code operations, concepts, and practices.


• Experience with DevOps and secure SDLC tools, patterns, and methodologies for cloud architectures.


• Experience working with serverless services such as AWS API Gateway, Lambda, and DynamoDB.


• Experience with AWS IAM principals and configuration.


• Experience driving technical and security requirements with cross-functional teams.


• Strong understanding of cryptography, including best practices.


• Extensive knowledge around API development with HTTP, REST and JSON.


• Experience designing and implementing services in a high-security cloud-based environment.


• Able to respectfully provide and receive feedback in all situations.


• Self-motivated, able to take ownership of tasks and see-through completion.


• Must be well organized, able to thrive in a fast-paced startup environment, must have the ability to approach problems with a collaborative, team-player attitude.


• Strong communication skills in several mediums, working with a collaborative cross-functional team of peers and development teams throughout the company.

Nice to Haves:

• Experience with AWS CDK for infrastructure-as-code.


• Experience TypeScript (v4) and the related ecosystem.


• Familiarity with containers and general security principals.


• Familiarity with cloud networking security principles and technologies.


• Experience working closely with security operations teams, including SOCs, incident response, vulnerability management, and GRC.