BuzzFeed is hiring a

Security Engineer

Los Angeles, United States

BuzzFeed is looking for a passionate and experienced security engineer to join our site reliability team and help us secure our infrastructure from end to end.

This is a meaningful role with broad organizational impact. You will have the opportunity to influence practices and standards across a number of groups, harden our systems against vulnerabilities and exploits, and conduct thorough risk analysis.

We offer competitive compensation with stock options, full benefits (401k matching), and tasty perks - including catered lunch twice a week, a well stocked kitchen and bagel Fridays. We host team outings and special events like music breaks and summer film series.

We have engineering wide hack weeks (http://bit.ly/bf-hack-week-video) and we deeply value open source, giving back to the community by speaking, hosting meetups and contributing to projects we benefit from.

About The Job

Testing and Audits

You’ll take the lead in evaluating our applications, networks, and infrastructure for weaknesses and vulnerabilities. You’ll create and implement test plans, wargaming exercises, and system audits in order to ensure our systems, products, and users are uncompromised, secure, and meet all appropriate standards.

Standards and Training

You’ll develop standard methodologies around security procedures, defensive coding, and architectural approaches. You will also train and consult with engineers, educating and and empowering them to build robust, resilient, and secure systems.

Operational Support

Working hand in hand with the site reliability engineering team, you’ll be expected to remediate compromised systems, evaluate threats, and actively work to secure our networks and applications.

About You

You are persistent, thorough, and pragmatic by nature, and your thoughtfulness is joined by a dream to implement solutions.

You find common ground in the pursuit of shared objectives by striking a balance between the risk, cost, and reward of security pursuits.

You support and enable autonomy.

You are passionate about infrastructure security, building automated, reliable solutions to reduce dependencies on third party tools.

You have superb communication skills, enjoy collaboration, and have shipped and supported software in a large-scale production environment.

You have significant experience with:

  • Network security
  • Application security
  • XSS/CORS/Injection attacks
  • Penetration testing
  • Cryptography, secure communications and authentication