Security Engineer

Envoy is seeking exceptional engineers to join their team and drive innovation in the workplace. The role involves triaging and prioritizing vulnerability reports, collaborating with development teams to validate findings, and implementing necessary remediation actions. Additionally, the engineer will be responsible for managing automated security scanners, conducting code audits, and staying up to date with the latest security trends. This is a hybrid position based in San Francisco.

• Triage and prioritize incoming vulnerability reports from various sources
• Collaborate with development teams to reproduce and validate reported vulnerabilities
• Coordinate with internal stakeholders to implement necessary remediation actions and track their progress
• Deploy and manage automated security scanners, including SAST, DAST, and SCA tools
• Conduct code audits and reviews to identify security vulnerabilities, coding best practices violations, and architectural weaknesses
• Manage and maintain the bug bounty program, including program guidelines, scope definition, and engagement with security researchers
• Stay up to date with the latest security trends, emerging vulnerabilities, and industry best practices to continuously improve security measures

Demonstrated expertise in triaging and prioritizing vulnerability reports, including the ability to assess the severity and impact of reported vulnerabilities.

Proficient in reproducing reported vulnerabilities and working closely with development teams to validate findings.

Strong hands-on experience with deploying and managing automated security scanners, such as SAST, DAST, and SCA tools.

Knowledge of industry-leading security scanning tools and their integration into development pipelines.

In-depth understanding of secure coding practices and the ability to perform code audits to identify vulnerabilities, coding best practices violations, and architectural weaknesses.

Proficiency in programming languages commonly used in web and application development (e.g., TypeScript, Kotlin, Ruby, JavaScript).

Proven track record in managing successful bug bounty programs, including defining program guidelines, scope, and engagement with security researchers.

Ability to effectively communicate and coordinate with security researchers, ensuring prompt and accurate triaging of vulnerability reports.

Ability to think critically and analytically, identify potential security risks, and propose effective solutions.

Excellent troubleshooting and problem-solving abilities in complex technical environments.

• A high degree of trust in your ideas and execution
• An opportunity to partner and collaborate with other talented people
• An inclusive community where you feel welcomed and cared for as a person
• The ability to make an immediate impact helping customers create a great workplace experience
• Support for your personal and professional growth
• Market competitive salary
• Equity for all full-time roles
• Great benefits package
• Compensation of $200k (annually) for roles in the San Francisco Bay Area
• Multiple levels and backgrounds for hiring, with final offers varying based on experience, expertise, and other factors