Security Engineer

ALL SOURCEGRAPH ROLES ARE FULLY REMOTE

Who we are

Our mission at Sourcegraph is to make it so that everyone can code, not just ~0.1% of the population. Our code intelligence platform helps developers and companies with billions of lines of code create the software you use every day. By enabling more people to code, we believe we will create economic opportunity across the world and will drive progress that benefits everyone.

It's an exciting time to join Sourcegraph. Our business is growing rapidly: we've experienced exponential growth and our $125M Series D from Andreessen Horowitz and $50M Series C from Sequoia have given us the opportunity to make big ambitious bets on our future. We have a huge market (every company that builds software) and massive opportunity (most developers haven't even heard of code intelligence yet, but once you've used it, you can't live without it--just like Google). By continuing to hire exceptional people, we have the opportunity to make Sourcegraph one of the biggest technology companies in the world.

Working hours

Given that we are an all-remote company and hire almost anywhere in the world, we don't have a location requirement for this role. However, your working hours must overlap with PST for at least 10 hours/week.

Why this job is exciting

As a Security Engineer, you will be one of the early hires on our exceptional security team tasked with building world-class security into our product offerings by working on vulnerability management, dynamic testing and scanning, bug bounty programs, and security reviews for both application and infrastructure security. Proactively improve the security of our codebase, our product, our cloud, and our customers' on-premise deployments.

Within one month, you will...

• You will contribute to the team's goals and deliverables for securing the largest deployment of Sourcegraph (sourcegraph.com), enabling customer to upload private code repositories
• You will discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers
• You will enhance our application security with audits, best practices, code fixes, and continuous education
• You will perform reactive incident response if a security event occurs

Within three months, you will...

• You will enhance our security measures and policies to support organizations on sourcegraph.com
• You will work with other teams to triage, troubleshoot and mitigate customer concerns and questions about our security
• You and your manager will work together on a career plan with actionable goals

Within six months, you will...

• You will work with other teams and engineers to implement secure coding guidelines and best practices
• You will perform proactive research to detect new attack vectors
• You will perform threat modeling for existing and future applications
• You will assess and integrate new tools and technologies to improve our operational efficiencies
• You will help maintain compliance with SOC 2 & GDPR standards

About you

Equal parts engineer and security professional, you are excited about joining a team that is building a world class security system trusted by some of the biggest tech companies in the world. You and your teammates are Sourcegraph's first line of defense against bad actors using all the newest and dirtiest tricks to hack us and (more importantly) our customers. You want to be a part of the foundational team, the first steps we are taking to build something big, something trusted, something critical to software and our customers

Learn more about our team, our company values and our guiding engineering principles.

Your skill-set:

• Practical experience securing SaaS applications including infrastructure security, application security, and compliance
• Experience using and automating a wide range of defensive security tools
• Experience developing software as an engineer (i.e., writing code and contributing directly to applications)
• Experience working across engineering teams to support secure coding across the organization.
• You are high agency
• You communicate effectively in writing and documentation

Nice to haves:

• Experience working in a startup environment
• Experience with Go, Typescript, Terraform
• Experience with Kubernetes, GCP
• Experience with on-premise deployments

Level

This job is an IC2. You can read more about our job leveling philosophy in our Handbook.

Compensation

We pay you an above-average salary because we want to hire the best people who are fully focused on helping Sourcegraph succeed, not worried about paying bills. You will have the flexibility to work and live anywhere in the world (unless specified otherwise in the job description), and we'll never take your location or current/past salary information into account when determining your compensation. As an open and transparent company that values equitable and competitive compensation for everyone, our compensation ranges are visible to every single Sourcegraph Teammate. To determine your salary, we use a number of market and data-driven salary sources and target the high-end of the range, ensuring that we're always paying above market regardless of where you live in the world.

The target compensation for this role is $136,000.

In addition to our cash compensation, we offer equity (because when we succeed as a company, we want you to succeed, too) and generous perks & benefits.

Interview process

Below is the interview process you can expect for this role (you can read more about the types of interviews in our Handbook). It may look like a lot of steps, but rest assured that we move quickly and the steps are designed to help you get the information needed to determine if we're the right fit for you... Interviewing is a two-way street, after all!

• Introduction Stage - we have initial conversations to get to know you better...
• [30m] Recruiter Screen
• [30m] Hiring Manager Screen
• [60m] Resume Deep Dive
• Team Interview Stage - we then delve into your experience in more depth and introduce you to members of the team...
• [45m] Technical Interview: General
• [60m] Technical Interview: Complex Problems Deep Dive
• [45m] Cross-functional Team Collaboration Interview
• Final Interview Stage - we move you to our final round, where you meet cross-functional partners and gain a better understanding of our business and values holistically...
• [30m] Values Interview
• [30m] Leadership Interview
• [30m] Cofounder interview
• We check references & make you an offer!

And that's it! Please note - you are welcome to request additional conversations with anyone you would like to meet, but didn't get to meet during the interview process.

Not sure if this is you?

We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you're not sure if you qualify, apply anyway! We carefully consider every application, and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

Learn more about us

To create a product that serves the needs of all developers, we are building a diverse all-remote team that is distributed across the world. Sourcegraph is an equal opportunity workplace; we welcome people from all backgrounds and communities.

We provide competitive compensation and practical benefits to keep you happy and healthy so that you can do your best work.

Learn more about what it is like to work at Sourcegraph by reading our handbook.

We want to ensure Sourcegraph is an environment that suits your working style and empowers you to do your best work, so we are eager to answer any questions that you have about us at any point in the interview process.

Go back to the careers page for all open positions.

Sourcegraph participates in E-Verify for U.S. Employees