Security Engineer
Privy$150,000 - $250,000/year
- Full Time
- Senior (5 to 8 years)
Not SpecifiedCompensation
InternshipExperience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Software Security, Product SecurityIndustries
Position Overview
- Location Type: Remote
- Job Type: Full-Time
- Salary: Competitive (Details not provided)
As a member of our security team, you will build secure-by-default, defense-in-depth, and least privilege mechanisms throughout our product lifecycle. You will work closely with engineering teams on security best practices from design and architecture to implementation and monitoring. You will have the opportunity to build from the ground up to experiment and innovate with modern software security practices.
Requirements
- Experience: 7+ years of hands-on experience in software security, application security, or product security.
- Programming Languages: Strong proficiency in Go, TypeScript, or similar languages. Ability to read, write, debug, and suggest fixes in codebases.
- Security Practices: Expertise in proactive secure coding practices such as encryption, secrets management, and eliminating vulnerability classes (e.g., in the OWASP Top 10).
- Tooling: Experience with application security tooling (SAST/SCA/DAST/etc.) and building custom queries using Semgrep/CodeQL/etc.
- Protocols: Familiarity with authentication and authorization protocols such as OAuth, OpenID Connect, and SAMLF.
- SLSA: Familiarity with Supply-chain Levels for Software Artifacts (SLSA).
- Cloud Infrastructure: Familiarity with Cloud infrastructure platforms, preferably GCP.
Responsibilities
- Create paved roads for engineers to develop securely by default and build guardrails for when we veer off course.
- Conduct regular architecture reviews and code audits to detect potential threats, risks, and vulnerabilities.
- Harden our CI/CD pipelines and improve the integrity of Clerk’s software artifacts.
- Contribute to and improve Clerk’s vulnerability management program including vulnerability disclosure, security scans, and penetration tests.
- Provide guidance and training to teammates on security best practices and building resiliency into our systems.
- Collaborate with our Infrastructure team to establish secure infrastructure-as-code modules and minimal base container images.
- Document secure development policies and practices.
Application Instructions
Application instructions not provided in the job description.
Company Information
- Benefits:
- Competitive Salary
- Equity Ownership
- Health Coverage
- Work Gear (Set up your ideal home office)
- Flexible Vacation Policy (25 days per year recommended)
Skills
Go
TypeScript
Application Security
SAST
SCA
DAST
Semgrep
CodeQL
OAuth
OpenID Connect
SAML
Encryption
Secrets Management
Vulnerability Management
CI/CD Security
Security Architecture
Penetration Testing
Clerk
Authentication and user management platform
About Clerk
Clerk specializes in offering customizable UIs and APIs for authentication and user management, catering specifically to modern web frameworks like React and Next.js. This focus not only simplifies the authentication process for developers but also enhances security, highlighting the company's dedication to developer experience and robust security measures. Working here means contributing to a company that prides itself on streamlining complex tech processes while prioritizing the safety and usability of web applications—a prime choice for professionals passionate about cutting-edge web technology and user-centric solutions.
Virginia Gardens, FloridaHeadquarters
2019Year Founded
$194.5KTotal Funding
SEEDCompany Stage
Enterprise Software, CybersecurityIndustries
501-1,000Employees