We’re Hiring a Humbly Assured Senior Safety Engineer

By
Admin
-
0
5


About Us and Why We’re Hiring

We construct “You Want a Finances,” the very best budgeting software program and academic sources round. (These within the know name us YNAB, which is pronounced “why-nab.”) For greater than a decade, individuals have been shopping for YNAB after which telling their buddies what a distinction it has made of their lives. Google us, or learn a few of our opinions on the app retailer, and also you’ll see what we imply. We love constructing one thing that has an enormous constructive affect on individuals’s lives.

We’ve taken the stance that it’s finest to make safe practices and selections a sensible a part of our firm tradition from day one. Consequently, we now have a lot of packages and practices in place that we’re pleased with, and you may examine a few of our public-facing ones in our safety coverage. However safety is a journey, and though we now have loads of individuals who get obsessive about safety, we’re on the level in our journey the place we wish somebody who will get to obsess about safety all day, each day. And that’s the place you, our new safety engineer, are available. You’re keen on serving to these round you make good choices round safety and are skilled in serving to construct belief and comprehension round finest practices. You’re a crucial thinker with an open thoughts, you cause/debate with empathy, have sturdy communication abilities, and have deep respect for the facility of collaboration.

We have now one overarching requirement with regards to becoming a member of our group: our Core Worth Manifesto has to actually click on with you. In case you’re nodding emphatically whereas studying this, you’ll most likely prefer it right here, and we will’t wait to attach with you!

After all, we now have some agency* necessities too, like 5 years of expertise concerned in constructing software program, with not less than 3 years devoted to a security-focused function.

*Properly, firm-ish. If you understand you’re an ideal match for this function however fall somewhat in need of the five-year requirement, we encourage you to go forward and apply. We don’t want you to be the right candidate on paper.

On an analogous be aware, we all know impostor syndrome generally is a highly effective drive and will discourage incredible individuals from making use of. Please apply anyway. Many people right here have it too, so that you’re in good firm.

Okay, let’s speak about life at YNAB, after which we’ll go into element about what we’re on the lookout for.

Who You’d Be Working With

You’ll naturally work with engineers, however you’ll additionally continuously work with everybody in our cross-functional product groups: Designers, Product Managers, and Buyer Help. And since your safety suggestions will usually apply to how we work internally, you’ll work with workers in advertising, schooling, and operations too.

All of our workers have one factor in frequent: They’re a pleasure to work with. You gained’t discover heated arguments and raised voices right here. We save our aggressive spirit for YNAB’s exterior rivals (or the occasional spirited board/online game session), however internally we construct up our teammates and rejoice their successes.

We’re all keenly conscious of our work’s affect on prospects and the corporate, and we acknowledge safety and privateness are an important a part of each function, no matter title.

So, safety isn’t a tough promote round right here. All of us work and sleep somewhat bit higher after we know architect a system that’s safe by design, and after we know that an errant click on on that attachment isn’t going to destroy the corporate.

And when one in every of us does make a safety mistake, we’ll admit it as a result of we blame defective processes, not individuals.

How You’ll Work at YNAB

We additionally work actually onerous, collectively, to make working at YNAB an incredible expertise, and we had been (humbly) proud to be named Fortune’s #1 Finest Small Firm to Work For the final two years. We have now a group of really distinctive individuals—the type you’ll be excited to work with. Right here’s how we function:

Accountability and Empowerment

YNAB appreciates, respects, and trusts the experience and judgment of our engineers. We empower them to do what they assume is true.

We additionally work collaboratively. We repeatedly search the correct amount of construction and unity vital to maximise productiveness. The place it is sensible, we designate somebody to make a name.

Regardless that our persons are proper lots, it’s okay to make errors right here. Exploration and calculated dangers are important to velocity and progress. We freely admit after we’re unsuitable. If one thing doesn’t go as anticipated, we study, bounce again, and make corrections.

You gained’t be alone; others can be there to assist, evaluation, reassure, and again you up. We personal our processes and collective outcomes as a group.

Reside (Nearly) Anyplace You Need

We’ve all the time been a totally distant group, and have individuals everywhere in the world. For this function, you’ll must be situated someplace between the Pacific Time Zone (UTC-8) and the Central European Time Zone (UTC+1). For example, North America and most of Europe work nicely. Wherever you might be, simply be sure to have a dependable web connection.

No Outrageous Hours

We wish everybody to have a full life exterior of YNAB, and we seldom work greater than 40 hours per week. There have been just a few events the place issues acquired busy and folks needed to put some additional time in. However then they took some additional break day, so all of it balances out. We work onerous and good, however we’re on this for the lengthy haul.

Take Trip (Critically)

We wish you to take trip. In reality, we now have a minimal trip coverage of three weeks per 12 months. 5 weeks feels about proper (plus two additional weeks for our company-wide December break). It’s vital to get loads of downtime and get out and do one thing. We’ll sit up for seeing footage of your adventures in our #office_wall Slack channel.

The YNAB Retreat

When the pandemic isn’t protecting us from touring, we get the entire group collectively every year to atone for spreadsheets and powerpoints in a Finest Western convention room. Simply kidding. To this point, we’ve achieved Costa Rica, a gigantic cabin within the mountains, a seaside home within the Outer Banks, a ranch in Montana, and most not too long ago, Laguna Seaside. We do actually enjoyable issues at these retreats, however the spotlight is inevitably simply being collectively and having a blast.

Up Your Recreation

We’re severe about serving to you enhance your craft. We funds for it (hey-o!). Assume conferences, Lynda/Skillshare subscriptions, books, and devoted time away from work to study one thing new. We like to see our individuals develop.

Worldwide is Completely Okay

Our group is unfold throughout the globe, together with Switzerland, Mexico, Canada, Brazil, the UK, and everywhere in the United States. We arrange group members within the US and UK as workers, and people in different nations as unbiased contractors.

As talked about above, we now have a while zone restrictions for this function, however so long as you’re between UTC-8 and UTC+1, we’re good!

Advantages

We provide glorious well being, dental, and imaginative and prescient insurance coverage for our US workers, the place we cowl 100% of the premium for you and your loved ones. No have to examine your imaginative and prescient, you learn that proper—100%. Though for those who did have to examine your imaginative and prescient, we’ve acquired you coated!

We even have a Conventional and Roth 401k choice. YNAB matches your contributions, as much as six p.c of your paycheck. Matches vest instantly. (Are you a private finance junkie like our founder Jesse? He arrange YNAB’s 401k to have the bottom payment construction doable, the place all plan prices are paid by YNAB, not your retirement nest egg. The funding funds out there are incredible, passively-managed, ultra-low-cost index funds. Not a PF junkie? Belief us, it’s superior.) For UK workers, we additionally contribute six p.c to your pension.

We additionally provide beneficiant paid parental go away for all full-time group members. Right here’s to rising the world’s budgeters, one youngster at a time!

Aggressive Compensation

The beginning wage vary for this place is $142,000-$170,000 USD yearly, relying on expertise. We take into account raises yearly, and have a bi-annual profit-share bonus. YNAB wins, you win—that form of factor.

Different Tidbits

  • When you begin, we DEMAND (in a pleasant, ALL CAPS IS YELLING method) that you simply fill out your “Bucket Listing” spreadsheet with 50 gadgets. (That’s more durable than it sounds!)
  • The bucket checklist actually helps in deciding what we should always provide you with in your birthday and the vacations.
  • We’re all adults. There’s no have to punch a clock or ask for permission to take off early one afternoon to go see the physician. We take a look at what you accomplish, not how lengthy you sit (have you ever tried standing?) in entrance of a pc.
  • We’re at present trialing a four-day work week! For us, this implies 4 common days of labor adopted by a three-day weekend…each week. That is new to us, and we’re studying lots, however we’re enthusiastic about what it may imply each for the corporate and our group members.
  • We wish you firing on all cylinders so we’ll set you up with a top-of-the-line pc and can substitute it recurrently.
  • Did we point out we make an enormous, constructive distinction on this planet?

If this appears like your supreme surroundings, learn on as a result of now we wish to speak about you. You’ll play a giant half in constructing one thing straightforward and joyful to make use of that helps tens of millions of individuals uncover budgeting as an important monetary and life-planning device. You will change lives.

Apply Now

You, Our New Safety Engineer

Duties

Whenever you learn the next checklist, you’re most likely going to assume, “This sounds nice. I may actually assist in these areas,” after which just a few bullet factors later, you’ll assume, “Wait, that is an excessive amount of for one individual,” and that’s nearly definitely true. Fortunately that is solely the primary place we’re filling for our safety group. We want your assist to determine the main points, however as we study extra we will speak about rising that group the place vital. As well as, you’ll have:

  • The popularity that simply since you’ll act as our fundamental guide in these areas, you gained’t essentially be the principle implementer.
  • Affordable expectations concerning timelines.
  • The expertise essential to know the place to prioritize your power first, based mostly on strong threat evaluation of threats, their probability, and their affect.
  • The authority to advocate construct out and rent our safety group as we develop.
  • The power to assume strategically and long run, and switch that considering into tactical progress/accomplishment.

So though we’re looking for a safety unicorn with a large depth and breadth of data, we’re not anticipating you to be a magical unicorn!

Defend YNAB – The Product

  • We have now skilled, security-savvy engineers, and you’ll assist guarantee they comply with safe growth practices and construct rigor round our software program growth life cycle to make it safe.
  • Triage incoming bugs from our ongoing Bug Bounty Program with the suitable utility engineers.
  • Help and prepare us in performing security-focused code opinions.
  • Make the most of your expertise in setting up programs which can be safe by design to behave as the first safety guide for our engineers as they architect new programs.
  • Examine intrusion/ATO makes an attempt utilizing our utility monitoring stack, and advocate infrastructure enhancements to make subsequent intrusion makes an attempt simpler to establish and block.
  • Make significant suggestions for Safety Info and Occasion Administration (SIEM), and know what that might appear to be for a totally distant SaaS firm.
  • Hold abreast of finest practices and vulnerabilities to make sure that we don’t fall behind as attackers innovate.
  • Consider and Coordinate with third social gathering auditors to carry out penetration exams and code audits. (And if you learn their report, you possibly can simply distinguish between the advertising fluff and the scary stuff.)
  • Advocate automated exams to assist detect vulnerabilities earlier than we ship them.
  • Introduce safety requirements which can be enforced by way of strong documentation and empathetic steering.
  • Cause clearly about safety and product tradeoffs and steadiness such priorities in choices.
  • Discover bettering engineering requirements, tooling, and processes rewarding.

Defend YNAB – The Firm

  • Consider and increase our Inner Safety Insurance policies and Governance Paperwork.
  • Know discover the steadiness between insurance policies that make us extraordinarily safe, however paralyze the group, and lax insurance policies which can be extraordinarily environment friendly, however go away us one click on away from a business-ending ransomware assault.
  • Work with Operations/IT to:
  • Guarantee we now have configured our inside enterprise purposes appropriately and securely.
  • Advocate cloud suppliers for security-sensitive operations, like id administration, account provisioning, and so on.
  • Carry out Inner Danger Assessments to assist guard in opposition to probably the most possible safety threats our enterprise faces.
  • Consider and advocate inside safety coaching supplies which can be truly helpful.
  • Assess our current infrastructure, from bodily asset practices to community settings.
  • Reply to safety questionnaires from potential distributors.
  • Assist navigate new legislative necessities concerning knowledge privateness.
  • Establish threats and vulnerabilities in a totally distant SaaS surroundings.
  • Put together for potential threats that might disrupt operations.

Defend our Clients and their Information

  • We assist our prospects to make safe choices by default, and you’ll assist enhance our current programs designed to: forestall dangerous/breached passwords, encourage enabling 2FA, resist phishing and self-XSS makes an attempt, and so on. You’ll coordinate with the product and engineering groups to judge our efforts and make suggestions to enhance them.
  • Seek the advice of with our Head of Product, Head of Know-how, Operations, and attorneys to assist reply to, and probably automate our (uncommon) GDPR/CCPA requests.
  • Subject inside and exterior safety questions concerning the therapy of delicate knowledge.
  • Hold our exterior safety and privateness insurance policies updated.

A bit extra about you:

You’ve a robust technical background with not less than 5 years of expertise associated to constructing, transport, and securing software program. Ideally in a SaaS surroundings.

We acknowledge that folks get into software program “safety” by many paths, so it’s troublesome to boil our expertise necessities all the way down to an ideal checklist of bullet factors, however you’re the individual we’re on the lookout for for those who:

  • Are usually not solely undaunted however excited concerning the above checklist of obligations and appropriately assured in your means to deal with most of them.
  • Are a collaborative group participant, but in addition comfy working independently with plenty of autonomy.
  • Have sufficient expertise to be shocked to see us go away sure issues out of the above job description, and sit up for educating us.
  • Have broad sufficient abilities to have the ability to make best-practice safety suggestions for our group as a complete, whereas having deep sufficient abilities to have the ability to acknowledge and probably even exploit prime OWASP vulnerabilities like SQL injections, XSS, and so on.
  • Labored on, and probably led a safety group earlier than with a title like Software Safety Lead or Software Safety Engineer.
  • Are a wonderful written and verbal communicator.
  • We divorce administration experience from technical experience right here, and it is a technical function. Though you don’t should know the way or need to handle individuals, you should be extraordinarily personable and capable of effortlessly be a liaison and champion of safety and coverage between all groups and ranges at YNAB.

Legal Information:

In case your path to the world of knowledge safety concerned “hacking”, and you’ve got a prison file in consequence, we’ll nonetheless take into account you relying upon the circumstances. Tell us upfront so we will speak about it quite than be shocked when doing our background checks.

Range

YNAB is an equal alternative employer. We consider a variety of backgrounds, beliefs, skills, and experiences is crucial to our success. We’re captivated with making a welcoming, supportive, and collaborative surroundings for all workers. All are inspired to use as we proceed to develop a wise, skilled, and various group that loves working collectively to construct one thing that issues.

The right way to Apply

  • Apply by filling out this kind. You’ll have to log in to your Google account to entry it.
  • The deadline is 11:59 pm PT on Sunday, July 10, 2022.
  • Our objective is to make the hiring course of as accessible as doable. If we might help you with an accessibility want, e mail us at  at lodging@youneedabudget.com. Be sure you point out within the topic line that you simply’re making use of for the Senior Safety Engineer place. (Please be aware that this inbox is simply monitored for messages associated to lodging.)

We’re excited to listen to from you!

Apply Now

P.S. In case you’re not on this place proper now, however know somebody who is likely to be, we’d admire you passing this alongside!

LEAVE A REPLY

Please enter your comment!
Please enter your name here