Ci Cd Jobs at RECUR

What do we at RECUR believe makes a great engineering team?

Here are our core beliefs:

• It’s important to have team members that care about the team’s results more than their own individual achievements
• It’s important for leadership to be tolerant of making mistakes
• It’s important that the team members help, teach, and mentor one another
• It’s important not to place blame on individuals when things go bad but instead to evaluate as a team how we do it better the next time
• It’s important to be clear on what that mission is and minimize the distractions on the teams executing on that mission
• Small teams execute better than big ones, empower small teams with ownership and minimize the dependencies between them
• It’s important to encourage self-directed innovation

What you will do at RECUR

• Identify security weaknesses in our software and platform
• Build plans to improve our security posture and then implement them
• Perform regular WAAP pentesting to continually find and triage vulnerabilities that improve our security posture
• Continually educate our team on how to build secure applications
• Be our application security expert, be on top of the latest vulnerabilities, and help manage our security backlog
• Review software designs to identify potential security holes and suggest improvements
• Work closely with engineers to consider security at the beginning of our pipeline and ensure we write code that is secure by default
• Manage our whitehat bug bounty program
• Build or integrate 3rd party solutions to solve various application security problems such as: developer security, source code scanning, secrets detection, SCA, OSS, (S)(D)(I)AST, IaC security, AWS security, monitoring, and DevSecOps security more broadly
• Automate solutions to security problems in a language like Python or Go.

What you bring to RECUR

• You have 5+ years of experience developing software, more recently with a specialty in cyber security
• You have a strong understanding of the OWASP Top Ten and OWASP API Security Top Ten and how to mitigate or eliminate these and other vulnerabilities
• You have threat modeling experience, and ability to develop threat modeling processes and threat scenarios to inform risk mitigation and secure development and deployment controls.
• You have hands-on experience with AWS and its bevy of services including WAF, CloudFront, API Gateway, Cloudwatch/CloudTrail, Route53, IAM Service Boundary, SCP, Shield or alternative solutions provided by Cloudflare or other vendors
• You are a software engineer, and have advanced level programming capability in higher level languages such as Java, Python, Go, or JavaScript
• You have built and maintained, as a cyber security expert, internet applications in domains such as payments, trading, banking or eCommerce where keeping customer’s information and money safe is paramount
• You have worked cross-functionally to triage and remediate security vulnerabilities and educate other teams about software security best practices
• Familiarity with modern software delivery practices (containers, blue/green deployments, CI/CD) and approaches to securing the deployment pipeline without impeding velocity
• You have experience running a bug bounty program
• You are a legally eligible to work in the USA or Canada

Benefits & Perks

• Company sponsored Health, Dental and Vision Benefits
• 4 weeks paid vacation, 10 company holidays and paid parental leave
• Equity in RECUR
• Industry focused lunch and learns, company swag and the and flexibility to get the tooling you need to do your best work
• The chance to work with incredibly passionate people on a mission to shape an industry!
• This is a completely remote role and can work anywhere in the US