• Our product is implemented for the web, desktop and mobile versions, which allows you to use it on any device. Our Technology stack is: Ruby on Rails (6+), Postgresql; React, Redux, Typescript on the frontend; Flutter for our mobile app; Docker, AWS infrastructure, k8s.

• Our founders, customer success and support are located in the US and Europe. Our technical team consists of more than 90 people: developers, QA engineers, designers and product managers. We work in small teams (7-8 people in each one) according to the Kanban methodology - continuous flow of tasks in the backlog.

Your responsibilities

• We are seeking for a talented and experienced Senior InfoSec Engineer who is willing to work remotely, be self-organized and involved in the life of the team. As a InfoSec Engineer you will be responsible for Security of our product

• IS strategy-making for the company — audit and implementation of security controls in processes, infrastructure services; Zero Trust practices implementation.

• Development of secure development processes in accordance with international best practices and frameworks, training for development teams.

• Threat identification and cybersecurity risk assessment. Selection, implementation and monitoring of protection measures. Vulnerability management.

• Participation in the management of incidents, eliminating their consequences, conducting a root cause analysis and development of corrective measures.

• Budget and resource planning: provide relevant and validated input and forecast to plan and execute projects and programs.

• Facing challenging situations and dealing with uncertainty.

• Participation in the design and approval of the application architecture. Would be great if you can do this, but not required.

• Understanding of the principles of modern web applications, microservice architecture, containerized applications, CI/CD processes and secure development

  5+ years of professional experience in information security

  Knowledge of authentication and authorization systems, IDM and SSO solutions.

  Technical knowledge of different security controls and mechanisms such as: IDS/IPS, firewalls, PAM, EPP, SDLC, different types of scans (WAS, static / dynamic), OWASP, MITRE, VMS.

  Experience with AWS Security solutions (AWS WAF, FWM, GuardDuty).

  Secure SDLC development/implementation (Terraform+K8s).

  Audit/regulatory experience will be an added advantage.

• We have a flexible schedule and a remote-first approach: our employees can live and work wherever they feel comfortable. 
• Our processes are transparent and comfortable and they really work.