Staff Product Security Developer
Remote - CAN
This role can be performed remotely anywhere within the United States and Canada.
While we are interested in qualified applicants who are permanently eligible to work for any employer in the United States, we are unable to sponsor or take over sponsorship for employment visas at this time.
The Product Security team at FullStory ensures that engineering teams across the company are enabled to securely design, build, test, and maintain the software that powers our business. We focus on establishing a "paved road" so that engineers can move confidently to deliver secure software with minimal friction. The Product Security team considers leading with empathy and providing excellent customer service to our stakeholders paramount to success.
Reporting into the Manager, Product Security, this role will help lead the ongoing build-out of software security at FullStory. Whether running a detailed code review, establishing secure-development practices, mentoring engineers, or advising our product team on feature development, FullStory’s Product Security team members are focused on continuous improvement against our maturity model and Secure Development Lifecycle (SDL) to improve the outcomes for our teammates, while building services that our customers can trust.
Support engineers across the SDL as an application security subject matter expert, including design reviews, threat modeling, code review, and penetration testing.
Collaborate with product and engineering on architecting resilient, security-first services.
Perform deep, technical security assessments to ensure services follow secure design principles across our product portfolio.
Develop automation of high-signal security tooling through customizations and plugins.
Support third-party security consultants to provide external validation of software security.
Craft and deliver interactive security training courses to support engineer enablement.
We’re looking for someone who:
Has 7+ years of experience working in software security roles or performing similar types of work.
Has experience working with one or more of the following languages: Go, Rust, Objective-C, React Native, Typescript, and/or Python.
Has experience in threat modeling, penetration testing, creating security requirements, performing source code reviews, and/or leading security design reviews.
Has experience building sustainable security programs with an emphasis on customer service, partnership, and enablement of software engineering and product stakeholders.
It would be amazing if:
You have a computer science-related degree and/or professional software engineering experience.
You have experience working in a business-to-business (B2B) software as a service (SaaS) company.
You have a security research interest in privacy-impacting technologies and/or client-side security.
You have experience working within a Google Cloud Platform (GCP)-based technology stack.
Founded in 2014 on the belief that everyone benefits from a more perfect digital experience, FullStory’s digital experience intelligence (DXI) platform empowers businesses to continuously improve their customer experience across sites and apps. FullStory is backed by world-class investors and has 500+ employees worldwide with offices in Atlanta and London. We are proud to have been named to Forbes’ List of America’s Top Startup Employers, Wealthfront’s Career Launching Companies List, and LinkedIn’s Top US Startups List. We are guided by our values of Empathy, Clarity, Bionics, and Trust, which we embed in our day-to-day work.
How we support you:
FullStorians are committed to building something better—from how we approach our product, to how we care for our customers and each other. Better is only possible when we can bring our full selves to work. Along these lines, we offer:
Autonomy and flexibility. From a remote-first work environment and unlimited paid time off, to an annual company-wide closure – FullStorians can focus on the moments that matter.
Benefits. Take care of the whole you. FullStory offers sponsored benefit packages for US-based FullStorians, and supplemental coverage options for international FullStorians.
Learning opportunities. We provide professional development opportunities through training programs, career coaching sessions, and an annual learning subsidy.
Productivity support. We provide all FullStorians with a monthly productivity stipend and reimburse remote colleagues for their initial home office set up.
Team events. Connect with fellow FullStorians through Employee Resource Group events, Listening & Alignment weeks, and team off-sites.
Paid parental leave. FullStorians have the flexibility to balance the needs of their growing families without the added stress of figuring out work and finances.
Bereavement leave. Every family is different; we leave it to you to define who your family is, and support you when you need it most.
Miscarriage/Pregnancy loss leave. Whether it is for a FullStorian or their partner – take the time you need.
FullStory is proud to be an equal opportunity workplace dedicated to fostering an increasingly diverse community. We want candidates of all human varieties, backgrounds, and lifestyles. There’s no problem that can’t be made better by bringing together people with a broader set of perspectives. If our product, values, and community resonate with you, please apply - we'd love to hear from you!
If you may require reasonable accommodations to participate in our job application or interview process, please contact firstname.lastname@example.org. Requests for accommodations will be treated confidentially.