Web Security Product Developer (Contract with potential to hire)

This is that rarest of things: a fully-remote entry/mid-level offensive information security role. We are looking for someone who likes taking a question about whether a company is Doing A Tech Correctly, phrasing it in the form of a script, figuring out if there’s any metric for risk attached to it, adding it to a tree of similar questions, pointing it at a network, finding out whether there’s a There, There, visualizing that metric in some way (we like histograms! We are not complicated!), and ensuring there’s documentation, secure storage of that result, and a way to audit and improve over time. If you think puzzles are fun and you like solving them by automating the questions they pose, you’ll have fun with this.

  • CI/CD pipeline experience (any stack)

  • Gathering user requirements, defining system functionality and writing code

  • Capable of turning a compliance question into: automation = design → metric → script → output → visualization → documentation

  • Development occurs in accordance with security controls related to assurance, system development and security best practices. 

  • Be able to assess needs and capability gaps.

  • Document and maintain software functionality

  • Troubleshoot and debug software

  • Write well-designed, testable code (or at least have a philosophy about why you do what you do)

  • Some technologies to consider and/or be familiar (if you have worked with even one of these, you’re fine) with might include: Python, ZAP, Burpsuite, Gitlab jobs, Github Actions, ansible, puppet, chef, AWS, ELK Stack, Splunk, Kibana

Please send your resume and/or any public code samples you’d like to share here.