Discord is looking for a few engineers to join its new, dedicated security engineering team! This is a small team, and new members will have plenty of opportunity to have an enormous impact on both the product and the future of security engineering at Discord.
For now, that means we're looking for software engineers capable of shipping production quality code in addition to having a security background. Together, we'll work to identify and mitigate risk across a large variety of product domains, at every level of the stack. We don't expect anyone to have experience with all of the things we'll be working on -- we're looking for people with security experience in one or more of these domains that aren't afraid of diving into new and unfamiliar territory. If that sounds exciting to you, read on!
What you'll be doing
- Developing our overall threat model, and working to understand and mitigate risk across the spectrum -- the company, the product, and the infrastructure
- Building tooling and infrastructure that empowers our engineering organization to innovate without sacrificing product security
- Assisting engineering teams with assessing and improving the security posture of the products and services they own
- Managing and responding to security incidents, leveraging the rest of the organization to ensure we respond well.
What you should have
- Minimum of 4 years experience securing production systems.
- Ability to reason about the security of large complicated systems, even if they contain components you aren't familiar with or don't fully understand
- Experience shipping production-quality code in at least one programming language
- Excellent communication skills and an ability to explain tricky security concepts to both engineers and non-engineers
- Extensive experience with ISO/IEC 27001 certification … just kidding!
- Experience programming in at least one systems programming language (Rust, C, C++, etc)
- Experience with tools commonly used to automate vulnerability discovery (fuzzing, static analysis, etc)
- Working knowledge of modern & frequently used (not necessarily the same, sadly) cryptographic primitives
- Experience with Linux system administration (we use Ubuntu)
- Solid understanding of commonly used network protocols (HTTP, DNS, TLS, etc)
- Experience developing, operating and debugging distributed systems
- Familiar with common application vulnerabilities on the platforms Discord ships on (that's all of them)
- Experience with cloud-based deployments (we happen to use Google Cloud, but other platforms are similar)
- Wrote your own TLS implementation (and know better than to deploy your own TLS implementation to production)
- Ability to walk the razor thin line between recognizing everything is owned and covering your walls in aluminum foil
Benefits and Perks
- Medical insurance including Health, Dental, Vision
- 13 paid holidays
- Unlimited sick days
- Parental Leave and fertility benefits
- Supported-employee clubs and Employee Resource Groups
- Commuter Contributions of $270 a month (pretax)
- Daily lunches and unlimited snacks
- Monthly gym and fitness stipend
Friends, coworkers, gamers, nerds, moms, dads, engineers, designers, marketers, support. Originally, we created Discord to help people come together around games. It's been amazing to watch it grow into what it is today - a place where millions of diverse communities exist and people connect with old friends and new. Diversity and inclusiveness are a critical part of how we get to what's next. We believe that with diversity comes a better product, better decisions, and a better work environment. As we continue to grow, our values keep us dedicated to building a company that is representative of the world we live and play in.
Discord is an equal opportunity employer committed to promoting an inclusive work environment free of discrimination and harassment. We value diversity, inclusion, and aim to provide a sense of belonging for everyone.