Security Engineer

Let’s Work Bravely

Bravely is on a mission to make life at work better for everyone. We are democratizing access to professional coaching. Companies worldwide look to us to provide their employees across all levels access to on-demand confidential coaching for the moments that matter most at work. Through Bravely, employees have a trusted and skilled coach to support their well-being, career development, and performance and ultimately help them thrive in their workplaces.

We work with companies like Zillow, Pinterest, and Autodesk, who are deeply committed to equity and inclusion by ensuring that all of their employees have access to our highly-vetted, diverse, and brilliant professional coaches. When organizations offer Bravely, they scale the support provided by their People teams, managers and transform their workplaces. Our data-driven insights and passionate team are driving change for employees and in workplaces around the world.

About the role
We are a remote, distributed team with a strong focus on working asynchronously and taking ownership. This will be our first security-specific hire so you will get to define and shape our security practices. In your first week at Bravely, you can expect to build relationships with the team, learn how to ship a small feature or bugfix end-to-end, and begin to understand the application architecture. In your first 30 days, you can expect to audit our current security practices and start addressing action items. In your first 90 days, you will be helping shape and scope our larger security strategy as it pertains to risk assessments & ISO/SOC2 compliance.

What you'll do

• Help define and refine our security best practices both within the engineering team and Bravely at large
• Design and implement solutions to improve application security
• Partner with DevOps engineers to incorporate security improvements into our network & infrastructure
• Partner with product management teams to help identify security concerns early in the development process
• Build tooling to improve and automate our security protocols through the entire software development lifecycle

You have

• 2+ years of experience working in a security-focused role
• Software development and/or DevOps experience, and want to ship features as an Individual Contributor (i.e. write code)
• Comprehensive understanding of application-level vulnerability testing and application security (OWASP, WASC, NIST)
• Comfortable or interested in learning Ruby on Rails and/or React
• Strong communication skills to both implement and educate on security best practices
• Strong organization skills to manage the QA and release schedules for all multiple mobile applications
• Familiarity with RESTful APIs to connect back-end services to mobile applications

Nice to have

• Experience with AWS systems and comfortable configuring them
• Comfortable or interested in learning mobile development or React Native
• Experience with ISO / SOC-2 certifications and audits
• Experience conducting risk assessments
Bravely is committed to building a diverse, equity-minded, and inclusive culture where all of our team members feel a deep sense of belonging. We recognize that underrepresented groups such as women and BIPOC may be less likely to apply to a role if they don’t meet 100% of the listed qualifications. We encourage you to apply if you meet some of the qualifications and if this role is aligned with your career aspirations and interests.

Bravely Benefits

• Competitive salary + compensation package with equity
• Competitive insurance plans with full coverage for medical, dental, and vision that greatly eliminate your out of pocket expenses
• Unlimited vacation time to enjoy all aspects of your life
• Paid Parental Leave: 12 weeks for the primary caregiver and six weeks for secondary
• Unlimited and 100% confidential access to world-class Bravely coaches to support you in your professional journey
• Virtual team-building time to stay connected with your team members around the world
• Cultural celebrations to uplift the unique experiences and identities within our community
• Home Office Allowance
• Working with an amazing, diverse, energetic, and supportive group of people
Work from where it WORKS for you. We are a fully distributed remote team with an office in New York. Our team is now 100% fully distributed and remote. We will eventually offer the option to be a hybrid in New York. We will not require employees located in NY to come into the office. We support flexible work policies for greater work-life balance.

Working at Bravely
As a team, we practice what we preach: we live our values, communicate openly and honestly, and actively work tocultivate an inclusive and supportive people-first environment where everyone can grow, thrive, and make meaning from their work. We embrace diversity and equal opportunity fervently, with a strong commitment to building a team representing a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.

Bravely is an equal employment opportunity employer. Bravely considers all applicants without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, age, military service eligibility, veteran status, marital status, disability, or other protected class. We are committed to a community of inclusion and an environment free from discrimination, harassment, and retaliation.

As an equal employment opportunity employer will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. If you require accommodation, please contact [email protected].