Uncubed
           

Senior Security Engineer

Periscope Data, San Francisco

We Help Data Teams Do More


DEFEND PERISCOPE AND THE DATA OF OUR CUSTOMERS

Customers trust us with their most important data. They use Periscope to query everything from revenue metrics to the personally identifiable information of their users. You will lead the effort to constantly improve the security of Periscope's architecture, production systems, and corporate infrastructure.

You will own the overall security policies and implementation at Periscope. You'll be expected to design and deploy solutions that are both highly secure and highly functional. Enabling everyone at Periscope to keep moving fast while continuously increasing the strength of our security may be your greatest challenge.

HOW YOU'LL RAMP

Within your first 30 days you'll...

  • Partner with the Head of Security to understand the organizational mission, attack surface, and defining the appropriate risk-based security initiatives.=
  • Spend time with the engineering and product team to get up-to-speed on our technology stacks and current security controls

By Day 30, you'll...

  • Have a solid fundamental understanding of our products, people, processes and technologies.
  • Perform initial assessment on the strengths and weaknesses of the current stack through static analysis, automated scanning, and/or custom attacks
  • Provide recommendations for identified opportunities from the current state processes
  • Review code and other production changes to ensure no security issues are introduced
  • Work with key stakeholders to ensure compliance of Periscope's internal procedures (SOC2, HIPAA, ISO, GDPR)

By Day 60, you'll…

  • Deploy improvements to the production and deployment architectures
  • Perform targeted offensive security testing
  • Evangelize better security throughout the company
  • Work with customer-facing teams on security questions from our customers

By Day 90, you'll...

  • Implement continuous monitoring systems and tools to automatically identify potential security issues at at the code, application and infrastructure layers
  • Manage our bug bounty program
  • Promote a security-first culture and ensure that all employees at Periscope are able to protect Periscope from threats
  • Collaborate with third-party penetration testing vendors

WHAT YOU HAVE AND ACCOMPLISHED SO FAR:

  • Experience working as a security engineer, consultant or similar position.
  • Hands-on experience in configuring and hardening cloud-based infrastructure (AWS, Google Cloud, etc.).
  • Strong experience in Python, Java, JavaScript, Go, and Ruby on Rails.
  • Demonstrated capability in secure coding (input validation, session management, etc.) and performing automated or manual static analysis.
  • Hands-on experience in conducting penetration testing and vulnerability assessment at the network and application layers.
  • Ability to dissect new systems or product requirements and identify and develop security requirements.
  • Basic understanding on various on security processes (access management, incident management, data security, etc.)
  • Security certifications such as OSCP, CISSP, CEH, GWAPT, etc.

ABOUT PERISCOPE DATA:

  • We're a passionate, venture-funded team with more than 1000 customers, including Adobe, Flexport, EY, Uber, ZipRecruiter, Fender, Meredith, & Tinder.
  • We are onboarding rapidly! We’ve grown our team 291% over the last two years.
  • We believe strongly in a data-driven approach to all that we do. We're constantly measuring and optimizing everything about the business.
  • We have close relationships with our customers. We see customers several times a month, and email with them several times a week.
  • We’ve been recognized by Comparably, Glassdoor, Bay Area News Group and SF Business Times for our amazing company culture.
  • Our product is very sticky. Users spend ~20 hours per week doing technical analysis on our platform.
  • We have super high customer retention — better than best in class SaaS companies.
  • We provide free lunch every day and cover healthcare for all of our employees.
  • We’ve recently moved into our new global headquarters, a newly renovated building in SOMA customized to our unique needs.
Recent Engineering Projects:
  • Speeding up metrics calculations by over 10,000X by implementing them as parallel bitwise operations on bitsets.
  • Improving chart render speed by over 100X by reimplementing on top of Canvas instead of SVG.
  • Auto-ETLing entire customer databases into our data cache while targeting < 1hr freshness on all customer data.
  • Implementing cross-database query translation and cross-database joins.
Our Interview Process:
  • We want to know what it's like to work together; there are never any riddles or whiteboards. 
  • First you'll see Periscope and how customers use it. Later we'll code together online, or review your solution to an offline code challenge. And when you come on site to meet the team, you'll spend a couple hours pair programming in the Periscope codebase.

Periscope's most important feature is our phenomenal development speed. We deploy to production an average of 5 times per day. Much of this is cultural, and much of it is investing in anything that will reduce drag on the team, like fully automated testing, one-click test-and-deploys, and great whiskey. (Wait, what?)

We plan to double our team in the next six months. If you learn quickly and have that get-stuff-done attitude, we'd love to talk to you!

About Periscope Data

Periscope Data brings data teams and their stakeholders onto a single, unified platform. Our platform gives data professionals full control over the analytics lifecycle — including ingestion, storage, analysis, visualization and reporting — and non-technical users the ability to drill down into the data to quickly answer questions. With Periscope Data, teams can move faster, make better decisions, and support successful business outcomes. We’re here to create a more data-driven world, where everyone can understand and unlock the full potential of their data.

Want to learn more about Periscope Data? Visit Periscope Data's website.