Security Engineer - Ruby

San Francisco, CA
Engineering – DevOps
Full Time
Scribd
/skribbed/ (n).
1. a tech company changing the way the world reads
2. a membership that gives users access to the world’s largest online library of books, audiobooks, sheet music, news, and magazines

We value trying new things, craftsmanship, being an open book, and the people that make our team great.
Join us and build something meaningful.

About the Team

Our security team’s motto is Protect and Serve: Build security-critical infrastructure, lead incident response and partner with the wider Engineering org to promote a security culture at Scribd.
We’re the Watchers on the Walls, the guardians of the digital frontier, the ‘rough people who stand ready in the night’, but by ourselves, we can only do so much.  Our real job is to serve as an example and teach others. Security is everyone’s job, and we’re here to help!
Our goal is to build systems and procedures that are both secure, and easy to use, and to help others do the same.  Security cannot be about saying ‘no’, or mindlessly checking items off a list. Ultimately, it’s about enablement- helping people do things faster, easier, and in ways they couldn’t do for themselves.
We’re looking for engineers that have the skills, the mindset, and the interest to tackle the impossible.  To help us make an environment of total freedom and perfect safety for our engineers and Scribd at large, and most of all, to do it all with panache.

Key Responsibilities

    • Design, build, and maintain critical Security Infrastructure.
    • Participate in Security Incident Response, understand what went wrong and why.  Identify and help us fix both the symptoms and the root causes.
    • Partner with Engineering Teams on securing their systems, adding a ‘security perspective’ to their designs.
    • Help manage our public Vulnerability Disclosure Program and our private Bug Bounty program.
    • Revel in a porous boundary between Sec/Dev/Ops that allows us to secure, advise, and build systems.  This is a security focused engineering role. We make things, we don’t just critique other people’s work.
    • Create things that are object lessons in secure, scalable design.  Our tools may not be official ‘reference implementations’, but they should be shining examples of doing it right.
    • Give people a fish when needed, but ultimately teach them to fish for themselves- so we can get on with some fishing of our own.
    • Understand that nothing we ourselves do really matters in and of itself.  We’re in the business of enabling others. We craft some amazing tools and systems, but they all exist to help others do what they do, and do it faster, better, and more securely.

About you

    • Demonstrating empathy for your fellow engineers by listening to the tradeoffs they face, the goals they have, and the struggles they face when integrating with the feature you build.
    • Being a security subject matter expert in applying adversarial tools and techniques via a safe and controlled manner; and to deliver concise presentations and recommendations.
    • Displaying craftsmanship especially when building or implementing open source and third party tools to support detection, prevention and analysis of current and future security threats.
    • Acting as a member of on-call and staying abreast of emerging threats and trends in the industry in order to hunt threats while partnering with other teams during Incident Response.
    • Finding creative ways to educate and influence teams to reduce risk through small, easy to understand, changes which improve the overall security stance of Scribd.
    • Building security-centric services in a production environment (using some combination of Ruby, Java, Scala, Go, Python etc)
    • Using, implementing and owning security best-practices in a programmatic way within a cloud provider environment.
    • Planning and executing some mixture of white and black box testing and security evaluation of production systems, both individually and with external security teams.
Why we work here
• We are located in downtown San Francisco, just a few minutes’ walk from BART
• Health benefits: 100% employer covered Medical/Dental/Vision for regular, full-time employees
• Generous PTO policy plus we close for the last week in December
• 401k matching
• Paid Parental leave
• Monthly wellness budget and fully paid membership to our onsite fitness facility
• Professional development: generous annual budget for our employees to attend conferences, classes, and other events
• Three meals a day, catered from local restaurants
• Apple laptops and any equipment you want to customize your work station
• Free Scribd membership and a yearly reading stipend!
• Company events that include monthly happy hours and offsites (past events include Santa Cruz, bowling, arcades, geocaching, ropes courses, etc.)

In the meantime, check out our office and meet some of the team at https://www.scribd.com/about

Scribd values diversity, and we make all hiring and employment decisions based on merit, qualifications, competence, talent, and contribution, not who you are by choice or circumstance. We value the people who make Scribd a great place to work and strive to create an environment where your work is supported and personhood respected.