Security & Compliance Engineer

Netlify

San Francisco, California, United States, Remote US

At Netlify, we're building a platform to empower digital designers and developers to build better, more elaborate web projects than ever before.  We're aiming to change the landscape of modern web development. As a part of that mission, we created Netlify CMS, an open source React app for managing static content via Git APIs.

Our Headquarters is in San Francisco, but over half of our team works remotely all around the world. We are growing. We recently announced our $30M Series B funding round led by Kleiner Perkins’ Mamoon Hamid with Andreessen Horowitz and the founders of Slack, Yelp, GitHub, and Figma participating.

The role

We are looking for a Security and Compliance Engineer to help scale our product security functions. They will work closely with engineering to ensure that security is appropriately addressed across all Netlify products. The person is this role will also be focused on designing and implementing technology controls, as well as supporting audits for certification and compliance programs, such as SOC 2, GDPR, and ISO 27001.

In this role, your responsibilities will include:

  • Planing and executing security assessments.
  • Working across various teams to prioritize security features and bugs, and ensure implementation and mitigations
  • Managing Netlify bug bounty program
  • Assisting in execution of third-party audits and penetration tests
  • Contributing, to the creation and delivery of security trainings
  • Establishing, implementing, and working to improve appropriate security and compliance processes
  • Helping drive and advance security awareness and compliance across the business
  • Coordinating documentation, self-assessment testing, and remediation activities
  • Updating and maintaining internal and externally facing security and compliance documentation
  • Helping our customers and partners with questionnaires related to our security, privacy, and compliance programs

Some characteristics that we look for when hiring for this role:

  • Experience supporting one or more types of compliance frameworks: ISO 27001, SOC 2, PCI, FINRA, GDPR
  • Experience building, securing, and automating enterprise-scale infrastructure and systems
  • Experience working in a customer-facing capacity in a SaaS/PaaS/IaaS business model
  • Experience with multiple programming languages. We use Go, Ruby, C++, and JavaScript, among others
  • Continuous testing experience and development of tooling
  • Experience working on a remote team in an asynchronous workflow
  • Highly responsive, with a customer-first mindset
  • Has 2 or more years experience as a security or compliance engineer
  • Must be legally authorized to work in the United States

About the team

The engineering team is small but mighty; Netlify is a fast-growing startup. You will be working across the company: with our founders, designers, support, sales, and marketers. We need people who can help us build a path towards the future. To learn more about our team and who we are click here.

We believe that empowered, engaged employees do the best work. We’ll be giving you the tools you need to succeed and looking to you for suggestions for improvement not just in your daily job, but in many other aspects of building a company. Whether you work from our main office in San Francisco, or you are a remote employee, we’ll be working together a lot - particularly, pairing and collaborating - we want you to succeed! We don’t want you to work too hard (burnout is real), and we do want to encourage you to grow (impostor syndrome is also real) - and we’ll help you do that.

Netlify is devoted to building a team of people with different backgrounds and lifestyles. We eagerly invite applications from people of all kinds. We don’t discriminate against employees or applicants based on gender identity or expression, sexual orientation, religion, age, race, citizenship, pregnancy status, or any other differences. If we can do anything to provide a better interview, i.e. accommodate a disability, then please do let us know.

Apply here