In a world where many social apps measure their success by time spent online, Raya is a technology company focused on providing utility. Our iOS only app is a tool for discovery of and access to exciting people, events, opportunities and recommendations globally. We believe that by marrying great software with a membership based community built around core values of trust, creativity, and reciprocity, we can provide solutions that have heretofore been impossible. A Security Engineer at Raya is a skilled professional responsible for ensuring the protection of our organization's information systems and networks from potential threats. We are looking for an individual who is adept at analyzing, designing, and implementing robust security measures to safeguard sensitive data and assets. They will also stay up-to-date with the latest security trends and continuously  assess and mitigate risks to maintain the organization's security posture.  We offer comprehensive medical and dental coverage, $50 a day food delivery budget, equity based employment, a great culture, learning opportunities, unlimited vacation, 12 weeks paid parental leave, and we pay all employees $1,000 a year to go somewhere in the world that they’ve never been because of our values of human connection, empathy, and curiosity. You can see more at the bottom of our careers page: https://careers.rayatheapp.com/ What You'll Do:

Backend Security Ownership: Ensure the security of our signup and SMS flows. Implement and review rate limiting for optimal security. Conduct code audits to identify and rectify potential security vulnerabilities 

Third-Party Package Security Management: Monitor security vulnerabilities in our packages and implement fixes. Evaluate and maintain the security of our own packages and repositories 

Vendor Security Assessment: Assess and ensure the security of our setup with vendors like Datadog and Mixpanel 

VPN and Managed Devices Security: Implement and maintain security measures for our VPN and managed devices 

Credential Management: Oversee the secure issuance of credentials for applications and operators. Ensure the proper documentation and security of the credential management process

 Employee Communication Security: Restrict and manage employee email access to prevent phishing attacks 

Threat Research and Analysis: Stay informed about new attacks and threat models related to our code and infrastructure. Advocate for appropriate measures to address potential exploits in a prioritized manner

Monitoring Systems: Designing and developing monitoring and response systems, implementing dependency checks, and working on security scanning tools in the CI/CD pipeline.

Experience You Have:

10+ YOE minimum

Ample experience doing the below at different companies

Coding / Software-Engineer with a keen interest in security 

Network Security 

Penetration Testing 

Knowledge of bash scripting, Linux, and operating systems 

Familiarity with DevOps and cloud technologies (AWS, Kubernetes, Docker) preferred

Experience with CI/CD like jenkins and github actions

Experience with security tools like Burp Suite, Kali Linux, Metasploit, Nmap

Experience with SemGrep, Nuclei, Trufflehog, and Checkov

Up-to-date knowledge of security trends and exploits in the industry 

Self-starter and effective communicator