- Date Posted
- Nov. 16, 2021
- Business Applications
Our mission is to fix hiring, making it fundamentally more equitable, effective, collaborative, and human. We’re doing this by building the first intelligent platform for the most important part of the hiring process: interviews and decisions. Our innovative approach has been covered in Inc. Magazine and Quartz, we’re backed by the investors behind Figma, Dropbox and Slack, and advised by thought-leaders including renowned organizational psychologist and NYT bestselling author Adam Grant.
Our goal is to ensure that BrightHire upholds an inclusive environment where all people feel that they are equally respected and valued, whether they are applying for an open position or working at the company. We welcome applicants of any educational background, gender identity and expression, sexual orientation, religion, ethnicity, age, citizenship, socioeconomic status, disability, and veteran status, and we’d love to learn about what you can add to our team.
What you’ll do:
The mission of the Product Security team at BrightHire is to guarantee security, privacy, and compliance in everything we build, both internal and external. As the Lead Product Security Engineer you will be the first member of a new engineering team that will have a critical role in the company’s future success. You will have the opportunity to help define the security roadmap, up-level the organization’s security focus, grow as a leader, and build a new team.
What you’ll accomplish first:
- Develop an integration with Okta to power enterprise use cases
- Develop automated data deletion and redaction strategies to support more GDPR and CCPA use cases and enterprise compliance products
- Help to further define the Security and Privacy roadmap
- Define and develop security principles, best practices, and tooling to enable the engineer team to continue to develop a secure product as we scale
- 8+ years of hands-on software/security engineering experience
- Experience with reviewing product architecture as it relates to security, and building platform and development capabilities that make secure software the default
- Ability to evangelize and lead the adoption of security practices, and educate teams on common vulnerabilities and mitigations
- Hands-on experience with enabling strong default security in the software development process adding more security tests to our development and CI pipelines
- Experience enabling development teams to use and interpret security tools and frameworks, baking security into the code while it is built
- Experience working auth protocols such as OAuth2 or OIDC, as well as designing and/or implementing service authentication and authorization policies
- Experience working with and designing RBAC systems
More about us:
- We’re very collaborative, we’re always brainstorming ideas about product, strategy, etc.
- We use our product daily in our own hiring, which is rewarding and gives us product empathy!
- We try to make sure everyone stays connected to users and clients, joining sales and client meetings, talking to end users, etc.
- Everyone is self-motivated, autonomous, and seeks ways we can continuously improve as a company
- We’re generous, self-deprecating, look for reasons to laugh, and enjoy sharing our ideas for band names, posting photos from our walks, and reminiscing about previous travel...
- Meaningful equity
- Fully paid health, dental and vision coverage
- Generous budget for your ideal work environment
- Unlimited PTO, with a minimum # of days everyone must take :)
- Annual learning stipend for courses, conferences, etc.
- Monthly snack pantry delivered to your door
- Note to Recruiters and Placement Agencies: We do not accept unsolicited agency resumes. Please do not forward unsolicited agency resumes to our website. We will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered our property.