About Bevy: 100% Remote Organization
Bevy is an early stage Startup with a mission to help brands build, grow and scale their virtual and in-person communities. Founded in April 2017 by the core team behind Startup Grind, Bevy is an Enterprise-grade SaaS platform used by companies that include Adobe, Amazon, Asana, Atlassian, Duolingo, Ebay, Epic Games, IDEO, Intuit, MongoDB, Red Bull, Roblox, Salesforce, SAP, Slack and many more. In April 2019, Bevy acquired CMX which is the world’s largest network of community professionals. CMX offers world-class training, events and research for the community industry. In May 2020, we raised a $15M series B investment to fuel our continued success and category expansion into virtual conferencing and events technology.
As a Senior Software Engineer on the application security team, you will be responsible for planning, implementing and maintaining the company security strategies and policies using applicable tools, methodologies, and industry best practices. You will be directly involved in the design and implementation of privacy-focused features in our virtual events platform.
- Respond to and fix security bugs reported by internal tools, customers, and third party security researchers.
- Work with our software engineers to provide security-focused best practices during all phases of the SDLC.
- Implement cloud security controls in our GCP environment.
- Perform security monitoring, threat analysis, and participate in the incident response process.
- Work with customers on penetration tests and vulnerability reports.
What we’re looking for:
- 5 years of professional experience, with at least 2 years in a security-focused role.
- You have a good understanding of common security flaws (OWASP Top 10, etc) and know how to find and correct them.
- You understand that communication is the most important part of your job and can convey security concepts and tradeoffs succinctly to other parts of the business.
- Familiarity with common web application testing tools, such as Burp Suite or Zap, and ability to apply that knowledge to practical testing scenarios.
- Experience participating in or leading threat modeling activities.
- Experience working in a Cloud environment (GCP preferred).
- Experience with Docker/Kubernetes.
- You reside in the continental North or South Americas. We are a distributed remote company, but since we are still small, we prefer to minimize the time zone spread within the team.
Nice to Haves:
- Working as part of a red team.
- Working at a startup
- Working as a full-stack developer.
- Implementing privacy compliance in a data stack - for example, CCPA, GDPR.
- Running a bug bounty program.
We welcome candidates from traditionally underrepresented groups to apply. We are proud to foster a workplace free from discrimination. We strongly believe that diversity of experience, perspectives, and background will lead to a better environment for our employees and a better product for our users and the communities we serve.
We are a small but powerful team, dedicated to achieving our mission to bring more community to the world. Many of us have worked in community positions before and understand the struggles and peaks that come with the role. Our team communicates candidly, giving feedback early and often. We set ambitious goals, and do what it takes to achieve them, while making sure that we take care of our own personal health and mental wellbeing. We will want you to be ready to take on a lot of responsibility with guidance and mentorship along the way.