What you will do
Our users trust us to provide critical infrastructure for their distributed IoT fleets, and we work hard to protect them and their devices. Our “security stack”spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team. At balena, security is a team effort.
As a Security Engineer, you will be embedded within our engineering org. You will research, code, diagnose and fix issues, hack things, build features, and enable others to self-serve, automate their work, and solve complex challenges in an ever-evolving threat landscape. As you develop a deeper understanding of our systems and expand your influence within the team, you will lead initiatives to continuously improve software quality internally, reduce security risk and friction, shrink the attack surface, and enhance our security posture to customers.
Responsibilities
- Build secure frameworks and libraries, conduct code reviews, and implement features, like automated vulnerability scanning, audit logs, and auth controls
- Enable Devs &Ops to write and run code securely and collaboratively build tools for automated threat detection, testing, monitoring, and incident response
- Support engineers with threat modeling, interpreting scan results, and testing
- Identify, triage, and fix vulnerabilities through code auditing and pentesting
- Map workflows, analyze systems and provide recommendations for hardening our code, APIs, and products and refining our security processes
- Develop security runbooks, document processes, and inform policy updates
- Educate self and others on common architecture flaws, attack patterns, and failure modes in production
- Be a source of advice for peers on support and participate in on-call rotation
Requirements
- Technical background in software development, operations, or security
- Experience writing secure, high-quality code and debugging production systems
- Conversant with Linux operating system internals and shell scripting
- Ability to both hold the big picture in mind and dive into the weeds
- Ability to manage ambiguity, independently make critical trade-off decisions, and push projects to completion
- Continuous improvement mindset, and desire to make yourself and others more effective
- Excellent verbal and written communication skills, and fluency in English
Prior experience in a security role is not required. If you are a skilled software engineer with a strong interest in security and a desire to help us improve the resilience of our systems and services, we are looking forward to hearing from you!
Bonus points
- Experience in designing and building security solutions and automation
- Familiarity with cloud and container technologies (Docker, Kubernetes, AWS) and SSDLC tooling (e.g. SAST/DAST)
- Awareness of common vulnerabilities (OWASP), attack patterns, and emerging threat actor tactics, techniques, and security procedures
- Knowledge of authentication protocols (e.g. OIDC) and Access Control
- Good understanding of networking (TCP/IP) and higher-level HTTP &TLS protocols
- History of working cross-functionally to build robust systems and products
- Experience with IoT, embedded s/w, dev tools, or balena as a user/contributor
- Contributions to OSS projects and community involvement
Make sure to let us know if any of these items apply to you!