Security Engineer [IC3]
Sourcegraph
5h ago
0$72k - $144kDevUnited Stateshimalayas
Security-EngineeringSecurity-OperationsApplication-SecurityInfrastructure-SecurityCloud-SecuritySecurity-EngineerIT-Security-EngineerInfrastructure-Security-EngineerCybersecurity-EngineerMid-level
Job Description
Who we areEverything is changing in how software gets built, and Sourcegraph is at the center of that transformation. With Code Search, Deep Search, and MCP, Sourcegraph is the world’s most powerful code intelligence platform that developers and agents rely on to navigate, understand, and operate on massive, complex codebases with speed and confidence.Teams at companies like Stripe, Uber, and Dropbox rely on Sourcegraph to ship faster and with higher quality. We’re backed by a16z, Sequoia, and Redpoint, and proud to operate as a globally distributed team that values high agency, direct communication, and a deep love for developers and their craft.If you want to contribute to infrastructure that empowers millions of developers to do their best work - join us.Hours & location🌎 While we hire almost anywhere in the world, we have a preference for someone to reside in the following locations for this role. However, if you feel qualified, we welcome you to apply regardless of location. No matter what, working hours must overlap with EST for at least 10 hours/week.Preferred locations:EuropeWhy this job is excitingAs a Security Engineer, you will join our exceptional security team tasked with building world-class security into our product offerings by working on security operations, maintaining and improving our monitoring and alerting stack, participating in on-call and responding to security incidents, application security testing, bug bounty programs, and security reviews for both application and infrastructure security. You will proactively improve the security of our codebase, product, cloud, and customers' on-premise deployments. This is a generalist role where you will be primarily focused on Security Operations, but will also work across all facets of a security program.Within one month, you will…Be onboarded to our alerting and monitoring stackBe able to participate in on-call rotationsYou will discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containersWithin three months, you will…Maintain internal systems, such as automations that assist in alert triagingYou will work with other teams to triage, troubleshoot, and mitigate customer concerns and questions about our securityYou will enhance our application security with audits, best practices, code fixes, and continuous educationYou will perform reactive incident response if a security event occursYou and your manager will work together on a career plan with actionable goalsWithin six months, you will…You will perform proactive research to detect new attack vectorsYou will perform threat modeling for existing and future applications You will assess and integrate new tools and technologies to improve our operational efficienciesYou will help maintain compliance with SOC 2, ISO 27001 & GDPR standardsAbout you Equal parts engineer and security professional, you are excited about joining a team that is building a world-class security system trusted by some of the biggest tech companies in the world. You and your teammates are Sourcegraph’s first line of defense against bad actors using all the newest and dirtiest tricks to hack us and (more importantly) our customers. You want to be a part of the foundational team, the first steps we are taking to build something big, something trusted, something critical to software and our customersYour skill-set:Practical experience reviewing SIEM alerts and participating in on-call rotationsPractical experience securing SaaS applications as a security generalist, including infrastructure security, application security, and/or complianceExperience with Go, including writing and maintaining internal tooling along with code reviewsExperience with Elastic stack and GCPExperience using and automating a wide range of defensive security toolsExperience working across engineering teams to secure projects across the organization.You are high agencyYou communicate effectively in writing and documentationNice to haves:Experience developing software as an engineer (i.e., writing code and contributing directly to applications)Experience working in a startup environmentExperience with TypeScript and TerraformExperience with KubernetesExperience securing AI productsLevel📊 This job is an IC3. You can read more about our job leveling philosophy in our Handbook.Compensation💸 We pay you an above-average salary because we want to hire the best people who are fully focused on helping Sourcegraph succeed, not worried about paying bills. As an open and transparent company that values Sourcegraph-d58d0774f51b4b489d41c3628d30ff8d?pvs=4" rel="nofollow ugc noopener noreferrer" target="_blank">competitive compensation, our compensation ranges are visible to every single Sourcegraph teammate.Your salary is determined by your pay band for the IC3 job level. For determining pay bands, we use a number of market and data-driven salary sources, along with your location zone, and target the high-
