What you will do
Our users trust us to provide critical infrastructure for their distributed IoT fleets, and we work hard to protect them and their devices. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team. At balena, security is a team effort.
As a Security Engineer, you will be embedded within our engineering org. You will be the voice of security in architectural and product discussions and the first point of contact for all security issues. Your mission will be to ensure we continuously improve the resilience of our systems and services, reduce risk and friction, shrink the attack surface, and enhance our security posture to customers.
- Build secure frameworks and libraries, conduct code reviews, and perform pentests
- Implement new security features, like audit logs and authentication controls
- Define and lead vulnerability management — identification, triaging, and remediation
- Enable Devs and Ops to write and run code securely and collaboratively build tools to automate threat detection, testing, monitoring, and incident response
- Develop security runbooks, document processes, and inform updates to policies
- Educate self and others on common architecture flaws, risks in code or applications, attack patterns, and failure modes in production
- Be a source of security advice for peers on support and take part in on-call rotation
- Technical background in software development, operations, and/or security
- Experience writing secure, high-quality code and debugging production systems. You shouldn't only be able to consult, but also implement code changes yourself
- Conversant with Linux operating system internals and shell scripting
- Familiarity with cloud and container technologies (Docker, Kubernetes, AWS, etc.)
- Awareness of common vulnerabilities (OWASP), attack patterns, and emerging threat actor tactics, techniques, and security procedures
- Ability to manage ambiguity, push through friction, and make recommendations for solving complex challenges by clearly explaining the tradeoffs
- Excellent verbal and written communication skills, and fluency in English
- Experience designing and building security solutions (including tools for security analysis as well as building blocks to base new solutions upon)
- Familiarity with SSDLC tooling (e.g. SAST/DAST)
- Knowledge of modern authentication protocols (e.g. OIDC) and Access Control
- Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols
- Experience with IoT, embedded software, dev tools, or balena as a user/contributor
- Contributions to OSS projects and community involvement
Make sure to let us know if any of these items apply to you!