SourceGraph (51-200 Employees, 482% 2 Yr Employee Growth Rate)
Sourcegraph makes code search universal so developers can work on solving problems.
Who we are
Our mission at Sourcegraph is to make it so that everyone can code, not just ~0.1% of the population. We help developers and companies with billions of lines of code create the software you use every day. In enabling more people to code, we believe we will create economic opportunity across the world and will drive progress that benefits everyone.
It’s an exciting time to join Sourcegraph. Our company is growing rapidly: we’ve experienced 4x year-over-year revenue growth and our $125M Series D from Andreessen Horowitz and $50M Series C from Sequoia have given us the opportunity to make big ambitious bets on our future. We have a huge market (every company that builds software) and massive opportunity (most developers haven’t even heard of code search yet, but once you’ve used it, you can’t live without it–just like Google web search). By continuing to hire exceptional people, we have the opportunity to make Sourcegraph one of the biggest technology companies in the world.
Why this job is exciting
As a Security Engineer, you will be one of the early hires on our exceptional security team tasked with building world-class security into our product offerings by working on vulnerability management, dynamic testing and scanning, bug bounty programs, and security reviews for both application and infrastructure security. Proactively improve the security of our codebase, our product, our cloud, and our customers’ on-premise deployments.
Within one month:
- You will contribute to the team’s goals and deliverables for securing the largest deployment of Sourcegraph (sourcegraph.com), enabling customer to upload private code repositories
- You will discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers
- You will enhance our application security with audits, best practices, code fixes, and continuous education
- You will perform reactive incident response if a security event occurs
Within three months:
- You will enhance our security measures and policies to support organizations on sourcegraph.com
- You will work with other teams to triage, troubleshoot and mitigate customer concerns and questions about our security
- You and your manager will work together on a career plan with actionable goals
Within six months:
- You will work with other teams and engineers to implement secure coding guidelines and best practices
- You will perform proactive research to detect new attack vectors
- You will perform threat modeling for existing and future applications
- You will assess and integrate new tools and technologies to improve our operational efficiencies
- You will work towards compliance with SOC 2 & GDPR standards
Equal parts engineer and security professional, you are excited about joining a team that is building a world class security system trusted by some of the biggest tech companies in the world. You and your teammates are Sourcegraph’s first line of defense against bad actors using all the newest and dirtiest tricks to hack us and (more importantly) our customers. You want to be a part of the foundational team, the first steps we are taking to build something big, something trusted, something critical to software and our customers
- Practical experience securing SaaS applications including infrastructure security, application security, and compliance
- Experience using and automating a wide range of defensive security tools
- Experience developing software as an engineer (i.e., writing code and contributing directly to applications)
- Experience working across engineering teams to support secure coding across the organization.
- You are high agency
- You communicate effectively in writing and documentation
Nice to haves:
- Experience working in a startup environment
- Experience with Go, Typescript, Terraform
- Experience with Kubernetes, GCP
- Experience with on-premise deployments
- You apply.
- [30 min] Recruiter screen.
- [30 min] Hiring manager screen with Diego Comas
- In-depth interview stage [this can be scheduled on the same day or across multiple days]
- [60 min] Resume Deep Dive
- [60 min] Technical experience interview with Security team.
- [30 min] Cross-functional team collaboration interview with design and product
- [30 min] Values Interview
- [30 min] Leadership interview with Director of Engineering
- [15 min] Leadership interview with CTO.
- Any other informal conversations with people who you would be working closely with but didn’t get to meet during the interview process.
- We offer you the job!
Not sure if this is you?
We want a diverse, global team, with a broad range of experience and perspectives. If you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that you can still be considered for a role if you meet just 50% of the role’s requirements. We carefully consider every application, and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.
Learn more about us
To create a product that serves the needs of all developers, we are building a diverse all-remote team that is distributed across the world. Sourcegraph is an equal opportunity workplace; we welcome people from all backgrounds and communities.
Learn more about what it is like to work at Sourcegraph by reading our handbook.
We want to ensure Sourcegraph is an environment that suits your working style and empowers you to do your best work, so we are eager to answer any questions that you have about us at any point in the interview process.
Go back to the careers page for all open positions.