Job Description: Tradeshift is a unicorn in the fintech industry. We are disrupting a typically stagnant environment by connecting companies of all sizes and providing them with the platform and network needed to create value from old processes like procurement, invoicing, payments, and workflow. We recognize that business is both messy and social - two revelations that have driven the development of Tradeshift, a platform for all your business interactions. We work hard and our teams have great freedom and responsibility to choose the best solutions, technologies and approaches to evolve the product to the next level. We believe that being a global, multicultural company is a tremendous strength and we have people working from 18 different countries with hubs in Bucharest, Copenhagen, Kuala Lumpur, and San Francisco. We believe that if we truly focus on how to work distributed and collaborate across locations and (home) offices, we will not only enjoy work more but also build better products for our customers, and ultimately be a better company. Team The application security team (or appsec) is a part of Tradeshift’s Security Engineering organisation, responsible for the security of the Tradeshift platform, and the engineering organisation behind it! We maintain tons of exciting security automation, review and fix vulnerabilities, implement new defensive measures, offer training to developers, and work with engineering teams to ensure that whatever they come up with won’t endanger our users and their data.. You Did you notice that there were two periods at the end of that last sentence? We’re looking for people with an eye (or two!) for detail. You will be figuring out potential risks in proposals, pull requests, and you may also be implementing security-sensitive changes, so it’s important to notice any potential issues. Being a small team that’s constantly making platform-wide changes, we’re looking for a great human being who’s able to communicate clearly and frequently, although public speaking doesn’t have to be one of your hobbies. And last, but certainly not least, we expect you to be good! You’ll be working with Tradeshift’s sensitive bits, so we need you to be responsible, but not afraid of jumping into an unknown codebase to dissect it, and of course, to be just an awesome security engineer overall 💯 Bullet points! The requirements: Be suspiciously comfortable with the OWASP Top 10 We don’t expect you to have 25 years of experience with software development, but being able to code is a must You enjoy replacing mundane manual tasks with amazing automation Eye for detail - and to prove it, make sure you include an octopus emoji in your application! Familiarity with Docker and Kubernetes You don’t get scared of security incidents, and know what to do when one occurs Get extra points for: Experience with Typescript and/or Python Having worked with bug bounty programmes before Experience with threat modelling and/or penetration testing Familiarity with AWS Audit experience, such as SOC 2 or PCI-DSS Knowing about SCA, SIEM, SOAR, and other relevant abbreviations What you’ll be doing: Implement and maintain security solutions Work with engineering teams and guide them through our security processes Perform code & design reviews for features developed by various teams in Tradeshift Review and evaluate incoming vulnerability alerts, and maybe even automate the process!
