Application Security Engineer

Senior
Remote

Questions?   Contact us!

Company

Our client specializes in deep learning and visual domain machine learning at scale. They have a team of scientists and engineers scale solutions for top global companies and their mission is to build and operate massively scalable systems to tackle some of today's hardest problems. Decades of software and ML expertise, have given valuable clients, helping them to build some of the most widely used products in the world.

Job Description

The hCaptcha security team is responsible for designing mitigations for broad classes of bugs. You will be our first application engineer providing internal security support and developing some of our security projects to block bots. Because of the nature of hCaptcha's product, security, availability, and privacy are core mission goals. Through a practice of DevSecOps, we use state of the art tools, maintain the infrastructure that supports our efforts, and empower business and development to move quickly without compromising on safety for our millions of daily users. You Will: - Work on our production code. We have many security-related features you will help to improve, including state-of-the-art applications of ML to the security domain. - Work on our automatic javascript bot detection and blocking infrastructure - Inform the techniques of how our code is built through this experience. This can include adding scanners, fuzzers, or other automatic analysis or improving processes. The goal is to develop new techniques to ensure engineering teams find flaws before they are introduced into production. - Be a security subject matter expert and respond to any security engineering question. Provide on the job training on new security technologies and techniques. - Work with engineering teams to design solutions that are inherently secure. - Correctly balance security risk and product advancement. - Participate in software security initiatives. - Participate in threat modeling discussions. - Evaluate the security posture of existing applications. We’re Looking For Someone Who Has: - Software engineering experience in a production environment with both Python and JavaScript. - Familiarity with Kubernetes will also be helpful. - Familiarity with common fuzzers, and ideally experience deploying them in a CI/CD pipeline. - A knack for finding flaws in software and can efficiently communicate how to fix them. - Strong communication skills and is accustomed to working closely with a product team. - Doesn’t always default to industry norms when solving a problem. - An ability to think like an attacker to develop threat models. - Has designed and implemented mitigations for common classes of bugs. - Nice to have: experience with SOC-2 Type 2 compliance.

Notes

Only candidates from Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, El Salvador, Mexico, Panama, Peru, Uruguay

Intermediate or advanced spoken English is required for ALL opportunities. If you can't speak English yet, please keep practicing and apply in the future.

Already have an account?

Sign In to load your details

Apply now

Please complete our online questionnaire

Upload your photo
First Name (Required)
Last Name (Required)
Email (Required)
Summary (Required)
LinkedIn Profile (Required)
GitHub Profile (Optional)
Stack Overflow Profile (Optional)
Portfolio (Optional)
English Resume (CV) (Required) Under 5MB please. English. PDF only.
Availability (Required)
Full-time Monthly Salary Expectations (in USD) (Required)
Country (Required)
Are you able to hold an interview in English? (Required)
On a scale of 1-10: what is your level of spoken English? (Required)
Required Skills (Experience in years) (Required)
Optional Skills (Experience in years) (Required)
How many years of your career have you worked remotely? (Required)
How many years have you worked professionally in software? (Required)
What is proof of work? (Required)
How would you implement a proof of space algorithm in javascript in the browser? (Required)
How would you detect bots with javascript? (Required)