Sr. Security Engineer - remote

Aha!
Posted 1 year ago
Aha! helps companies build lovable software. We provide the world's #1 product development tools — Aha! Roadmaps, Aha! Ideas, Aha! Notebooks, and Aha! Develop — which are used by more than 700,000 builders. Product teams rely on our expertise, guided templates, and training programs via Aha! Academy to be their best. We are proud to be a very different type of high-growth SaaS company. The business is self-funded, profitable, and 100 percent remote. We are recognized as one of the best fully remote companies to work for, champion the Bootstrap Movement, and have given over $1M to people in need through Aha! Cares. Learn more at www.aha.io.

Our team

Aha! engineering is a mid-sized, fully remote team that is highly productive. We are centered around North American time zones so we can collaborate during the workday.
  • We help each other grow: We each bring unique skills to the table and want our teammates to feel valued from the start. Our onboarding program exposes new hires to the codebase and lets them contribute right away.
  • We move quickly: We ship code multiple times a day. We believe in getting valuable features in front of customers and iteratively improving as we learn what works and what does not.
  • We value product over process: We want the team to have the time and focus on solving complex challenges. We minimize the overhead by setting clear goals and avoiding heavyweight processes and excessive meetings.
  • We share knowledge freely: We share our learnings with each other and with the developer community. Our engineering blog demonstrates how we tackle interesting challenges at Aha!
  • We enjoy: We like what we do. And we want you to love your team and your job too. Learn more about The Responsive Method, our company values, and the generous benefits we offer.

Our technology

Our web application is a single-instance, multi-tenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), and memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.

We use React for rich client-side experiences on the front end. Some of the features we have built with React include:

We embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new library or platform brings. We solve the problems in front of us, rather than prematurely optimizing to address issues that may never materialize.

We do most of our planning and collaboration in Aha! Roadmaps and built Aha! Develop so that software engineers and their teams could take advantage of those same rich features. We use Slack and Zoom for video calls. (Email? Rarely.)

Your experience

As a Senior Security Engineer, you will spend the majority of your time working with Ruby on Rails and JavaScript code for security reviews and implementing security features.

We believe that being a kind person who elevates the rest of the team is just as valuable as finding vulnerabilities. You have strong problem-solving skills and experience working on application security for a cloud-based product. You like to implement security features and fix bugs when you aren't finding vulnerabilities. You are humble, eager to learn, and always willing to help others. You want teammates who enjoy solving problems regardless of the technologies and techniques involved. You have worked at meaningful scale before and want to do so again. You also have the below experience and skills:
  • 4+ years of experience working in Ruby on Rails / Security
  • Contributor to security code reviews in Ruby on Rails applications
  • Experience building features at a high-growth SaaS company
  • Active collaborator with product teams

Your work at Aha!

We work with engineers and product managers across our full suite of tools to deliver secure applications. We love Ruby on Rails and dig deep into code and business logic. Your work will include:
  • Security code reviews that go above and beyond what can be found through scanning tools (which we use too!)
  • Implementing security features and security improvements with the customer experience in mind
  • Assessing and mitigating new application exploit patterns and cloud-provider abuse techniques
  • Sharing security findings and new developments internally for ongoing education

If this sounds appealing, we would love to hear from you. A real human reviews every application, so please use the form to help us learn more about you.

Grow with us

Everyone deserves to reach their fullest potential. We know that when we do work that matters with people we care about in a high-growth environment, we feel engaged and alive. And our goal is to help you do just that. We offer all the benefits you would expect and more, including profit sharing. The specific benefits listed below are reflective of what we offer U.S.-based hires. We also do our best to extend identical benefits to international teammates.
  • The base salary range for this role in the US is between $110,000 and $190,000
  • Cash-based compensation also includes profit sharing and we contribute a percentage of your total pay each month towards your retirement
  • Medical, dental, and vision plans — for many teammates, we cover 100 percent of the premiums
  • Up to 200 hours of paid time off a year to spend however you want
  • 30 to 90 days of paid parental leave and five to 10 days of paid care and bereavement leave
  • Up to $1,000 annually for third-party education, along with paid time off to immerse yourself in learning
  • Volunteer opportunities throughout the year

Base salary and total compensation are dependent upon many factors, such as: skills, experience, and relevant past roles