Security Engineer

REMOTE
Engineering
Engineering

About Us

Chess.com is the #1 place on the internet to play chess and improve your game.  We have members in 195 countries and appear in 70+ languages.  We are looking for a Security Engineer to join and help protect our  150+ million members.  In this role, you will leverage both your programming and analysis skills alongside the security team to proactively increase the security posture of our entire tech stack.

About You

You are experienced, resourceful, and tactical in your abilities to identify, own, and solve problems. You have experience in cybersecurity and expert-level quick-thinking abilities to foresee issues before they arise.  You are humble and both a learner and a teacher, depending on the situation. You are comfortable in a remote-first environment, communicating in a kind and professional manner via slack, and frequently posting updates in public channels keeping everyone aware of your efforts and progress. You have a strong desire to turn your talents towards chess!

What You’ll Do

  • Triage, reproduce, and assess vulnerabilities submitted through the Bug Bounty Program, and work with the Engineering Teams to close the discovered gaps.
  • Work closely with the Engineering Teams to perform Threat Models of their solutions, acting as a security advisor when appropriate, and ensuring designs are vetted and adhering to security industry standards.
  • Review Penetration Testing results and SIEM reports. Translate the findings into actionable tasks in Jira and track them to completion.  
  • Apply updates to the WAF and various other security systems where applicable, and/or support the Engineering Teams to address findings.
  • Evaluate security software and systems used by the company.  Attend product demos to help determine the best solution for our company. Lead these efforts from beginning to end.
  • Act as a security expert, guiding developers and projects to ensure security best practices.

Preferred Skills

  • 3+ years professional experience in web application security
  • Strong written communication skills in English
  • Familiarity with Burp Suite or similar tools for viewing and tampering with web requests
  • Prior experience with a Bug Bounty program is a plus
  • Experience in PHP or JS
  • Strong collaboration and communication skills working in a fully distributed team
  • Sense of ownership and responsibility
  • Chess player
  • Lifelong learner

About the Opportunity

  • This is a full time or equivalent position
  • We are 100% remote (work from anywhere!)
  • This is open to applicants from anywhere!

Links

You can learn more about us here:

  • https://www.chess.com/blog/erik/how-chess-com-s-100-person-virtual-team-works-together
  • https://www.chess.com/about 

We look forward to meeting you!