Senior Application Security Engineer
Loom
 San Francisco, CA
About Loom

Loom is a new kind of work communication tool, helping over a million people get their message across through instantly shareable videos. Our users work at companies like HubSpot, Square, Uber, GrubHub and LinkedIn. Our mission is to be the global leader in human workplace communication.

Founded in 2016, Loom has raised $15 million from top-tier investors including Kleiner Perkins, General Catalyst and Slack Fund.

The Role

Loom is powerful because it is very simple to record your whole screen at HD resolution and instantly have a shareable link that you can send to anyone in the world. The speed at which you can share rich information on Loom is responsible for its rapid adoption. If your ears perked up and your security senses started tingling, you understand the ethical responsibility we have to protect our users' privacy and information. As the first dedicated security hire, you have the chance to build on top of an organization and culture that cares deeply about security and privacy. This mission is imperative to our success.

Loom is in an extraordinary position. We've built a tool that users love, and, as we introduce Team and Enterprise offerings over the next few months, we must improve the way we handle our user data from both a technical and social standpoint. Being a remote team adds to the complexity and necessity of our security story, and the introduction of our mobile applications and strategic partnerships/integrations will accelerate the need for vigilance. If the idea of building an ethical and transparent company on top of a tool powerful enough to share HD video at the speed of light sounds interesting to you, this role is for you.

You will

  • Build automation and tooling that decreases the risk of user information being compromised, including efforts such as evolving our secret management, ensuring our web security is iron-tight, and building tooling to ensure security regressions do not happen
  • Continually revamp and advise on the security boundaries of engineering access to our infrastructure layers and dashboards and build systems to turn access and and off when needed
  • Work with a pen testing firm on a regular basis to ensure we are continuing to uphold a high bar for our security standards
  • Work in our infrastructure layer to ensure our machines and connection channels are always secured in an automated fashion
  • Develop and implement a security roadmap that helps us secure enterprise contracts
  • Advise other engineers who implement features and processes off the security roadmap you come up with
  • Help us fill out security questionnaires and work with a contractor to ensure we get a website up that helps our customers fill them out on their own
  • Help us figure out if we would want to eventually make our way to on-prem or electronic key management
  • Maintain and introduce government and institutional standards throughout our systems (SOC2, GDPR, HIPAA, etc.)

Requirements

  • 6+ years of professional security and devops experience
  • 4+ years of devops experience
  • 3+ years of professional experience with enterprise security standards (SOC2, SLAs, filling out VSAQs, etc.)
  • 2+ years of professional experience with web security (combatting XSS vulnerabilities, leveraging CSRF tokens, etc.)
  • Ability to automate tasks using a scripting language (Python, Ruby, Javascript, etc).
  • You believe humans are prone to making mistakes and therefore you have a passion for providing security through automation whenever possible
  • Ability to readily learn new technologies on-the-go

Not Required, but a Plus

  • Experience working as a pen tester
  • Ability to program in Node and javascript
  • Meaningful time spent as a Senior Engineer or Tech Lead
  • Experience working in a start-up or similar fast-paced environment
Perks at Loom

* Competitive compensation and equity package
* Medical, dental, and vision coverage (US-based team), healthcare reimbursement (non-US based team)
*401K with 5% company matching
* Unlimited PTO
* Remote-first team
* Paid parental leave
* Yearly off-site retreats (this year we went to Costa Rica for a week!)
* Learning & Development reimbursement
* Wellness reimbursement

SF office perks
* Remote weeks every other month
* Daily in-office lunch, unlimited snacks & drinks

Remote-specific perks
* Home office & technology stipends
* New Hire Onboarding in SF

Loom is an equal opportunity employer.
We are actively seeking to create a diverse work environment because teams are stronger with different perspectives and experiences.

We value a diverse workplace and encourage women, people of color, LGBTQIA individuals, people with disabilities, members of ethnic minorities, foreign-born residents, older members of society, and others from minority groups and diverse backgrounds to apply. We do not discriminate on the basis of race, gender, religion, color, national origin, sexual orientation, age, marital status, veteran status, or disability status. All employees and contractors of Loom are responsible for maintaining a work culture free from discrimination and harassment by treating others with kindness and respect.