Security Engineer at Discord
San Francisco, CA, US

Discord is looking for engineers to join its fast-growing (read: new) security engineering team! This is a small team, and new members will have plenty of opportunity to have an enormous impact on both the product and the future of security engineering at Discord. For now, that means we're looking for software engineers capable of shipping production quality code in addition to having a security background. Together, we'll work to identify and mitigate risk across a large variety of product domains, at every level of the stack. We don't expect anyone to have experience with all of the things we'll be working on -- we're looking for people with security experience in one or more of these domains that aren't afraid of diving into new and unfamiliar territory. If that sounds exciting to you, read on!

Discord is a small group of passionate gamers whose mission is to bring people together around games. Diversity and inclusiveness are a critical part of how we get there. We believe that with diversity comes a better product, better decisions, and a better work environment. Everyone here is committed to making Discord representative of the world we want to live and play in.

 

What you'll be doing

Assisting engineering teams with assessing and improving the security posture of the products and services they own.

Developing our overall threat model, and working to understand and mitigate risk across the spectrum -- the company, the product, and the infrastructure.

Building tooling and infrastructure that empowers our engineering organization to innovate without sacrificing product security.

Building new product features that improve the security posture of the company and its customers.

What you should have

Minimum of 4 years experience securing production systems.

Ability to reason about the security of large complicated systems, even if they contain components you aren't familiar with or don't fully understand.

Experience shipping production-quality code in at least one programming language.

Excellent communication skills and an ability to explain tricky security concepts to both engineers and non-engineers.

Extensive experience with ISO/IEC 27001 certification just kidding

Bonus Points

Experience programming in at least one systems programming language (Rust, C, C++, etc.)

Experience with tools commonly used to automate vulnerability discovery (fuzzing, static analysis, etc.)

Working knowledge of modern & frequently used (not necessarily the same, sadly) cryptographic primitives.

Experience with Linux system administration (we're on Ubuntu 14.04...)

Solid understanding of commonly used network protocols (HTTP, DNS, TLS, etc.)

Experience developing, operating and debugging distributed systems.

Familiar with common application vulnerabilities on the platforms Discord ships on (that's all of them.)

Experience with cloud-based deployments (we happen to use Google Cloud, but other platforms are similar).

Wrote your own TLS implementation Know better than to deploy your own TLS implementation to production.

Ability to walk the razor thin line between recognizing everything is owned and covering your walls in aluminum foil.