Staff Security Engineer
Remote - US
This role can be performed remotely anywhere within the United States.
The Security Engineering team at FullStory ensures that engineering teams across the company are enabled to securely design, build, test, and maintain the software & infrastructure that powers our business. We focus on establishing a "paved road" so that engineers can move confidently to deliver secure technologies with minimal friction. The Security Engineering team considers leading with empathy and providing excellent customer service to our stakeholders paramount to success.
Reporting into the Vice President of Security Engineering & GRC, this role will help champion integrating security throughout FullStory. Whether running a detailed code review, establishing secure-development practices, mentoring engineers, or advising our product team on feature development, FullStory’s Security Engineering team members are focused on continuous improvement against our maturity model and Secure Development Lifecycle (SDL) to improve the outcomes for our teammates, while building services that our customers can trust.
In a typical day, you might:
Support engineers across the SDL as a security subject matter expert, including design reviews, threat modeling, code review, and penetration testing.
Collaborate with product and engineering on architecting resilient, security-first services.
Perform deep, technical security assessments to ensure services follow secure design principles across our engineering portfolio.
Develop automation of high-signal security tooling through customizations and plugins.
Support third-party security consultants to provide external validation of product security.
Craft and deliver interactive security training courses to support engineer enablement.
Here's what we're looking for:
Has 7+ years of experience working in software security roles or performing similar types of work
Has experience working with one or more of the following languages: Go, Rust, Objective-C, React Native, Typescript, and/or Python
Has experience in threat modeling, penetration testing, creating security requirements, performing source code reviews, and/or leading security design reviews
Has experience building sustainable security programs with an emphasis on customer service, partnership, and enablement of software engineering and product stakeholders
The impact you will have in 6 months:
Contribute high-leverage technical improvements to SAST, SCA, and CSPM workflows to increase the signal our Engineering customers have in understanding their active risk.
Mature engineer security education opportunities with technical, interactive content and challenges (e.g., capture the flag; custom insecure-by-design learning modules).
The impact you will have in 12 months:
Expand FullStory’s brand of trust by publishing content, presenting at industry events, and/or open-source internal security engineering efforts to improve the broader security community.
Establish a comprehensive open-source security strategy for external FullStory projects.
Founded in 2014 on the belief that everyone benefits from a more perfect digital experience, FullStory’s digital experience intelligence (DXI) platform empowers businesses to continuously improve their customer experience across sites and apps. FullStory is backed by world-class investors and has 500+ employees worldwide with offices in Atlanta and London. We are proud to have been named to Forbes’ List of America’s Top Startup Employers, Wealthfront’s Career Launching Companies List, and LinkedIn’s Top US Startups List. We are guided by our values of Empathy, Clarity, Bionics, and Trust, which we embed in our day-to-day work.
How we support you:
FullStorians are committed to building something better—from how we approach our product, to how we care for our customers and each other. Better is only possible when we can bring our full selves to work. Along these lines, we offer:
Autonomy and flexibility. From a remote-first work environment and flexible paid time off, to an annual company-wide closure – FullStorians can focus on the moments that matter.
Benefits. Take care of the whole you. FullStory offers sponsored benefit packages for US-based FullStorians, and supplemental coverage options for international FullStorians.
Learning opportunities. We provide professional development opportunities through training programs, career coaching sessions, and an annual learning subsidy.
Productivity support. We provide all FullStorians with a monthly productivity stipend and reimburse remote colleagues for their initial home office set up.
Team events. Connect with fellow FullStorians through Employee Resource Group events, Listening & Alignment weeks, and team off-sites.
Paid parental leave. FullStorians have the flexibility to balance the needs of their growing families without the added stress of figuring out work and finances.
Grow your family. We offer a global fertility and family building benefit that encompasses all journeys to growing your family.
Bereavement leave. Every family is different; we leave it to you to define who your family is, and support you when you need it most.
Miscarriage/Pregnancy loss leave. Whether it is for a FullStorian or their partner – take the time you need.
FullStory is proud to be an equal opportunity workplace dedicated to fostering an increasingly diverse community. We want candidates of all human varieties, backgrounds, and lifestyles. There’s no problem that can’t be made better by bringing together people with a broader set of perspectives. If our product, values, and community resonate with you, please apply - we'd love to hear from you!
If you may require reasonable accommodations to participate in our job application or interview process, please contact email@example.com. Requests for accommodations will be treated confidentially.