Description

Laravel is looking for the first Security Engineer to join our fully-remote engineering team. We're on a mission to improve the experience of developers everywhere in the world. To do so, we don't only need to build beautiful software products, we also need to have a solid infrastructure foundation. We always look at products end-to-end when we build something new, and love to keep our users front and center regardless of which part of the product we're building, so we are not only looking for a person who knows how to work with cloud providers and infrastructure, but someone who is able to have empathy for our users and wants to build the best possible products possible.

We're building some ambitious and exciting products, and we are looking for a colleague who can help us succeed with our mission - not just solve security concerns. We are looking for someone who is pragmatic and a team player, someone who knows the best practices, but also knows when a custom solution is required. If these things appeal to you, then please come join us on this exciting journey!

For this role you will be working directly with the Director of Engineering to secure the entire Laravel product portfolio. We are looking for someone who is able to work independently, as you will be the only one performing this particular role in the beginning - which also means there are high expectations and a lot of potential for both personal and professional growth. You will be expected to help with securing our primarily AWS based infrastructure, mostly run with Kubernetes, while also identifying how we can improve our various SaaS applications security posture.

As we are currently on a compliance journey as a company, we would also prefer to have someone who is familiar with various information security compliance frameworks such as SOC 2 and ISO 27001.

In this role you will work with teams spread out across the entire world, so some flexibility on working time is expected.

Security Engineering at Laravel

Be the pioneer: As the first dedicated security engineer at Laravel, you'll have the unique opportunity to shape the company's security program from the ground up.
Global impact: Collaborate with engineering teams worldwide to enhance the security of our products and infrastructure, protecting millions of users.
Deep dive into AWS: Tackle challenging security issues within our AWS environments, including IAM, cross-account networking, and Kubernetes.
Compliance champion: Play a key role in maintaining and improving our compliance with industry standards like SOC 2 and ISO 27001.
Autonomy and ownership: Enjoy the independence to drive security initiatives and own your projects while collaborating with a supportive global team.
Continuous learning: Stay ahead of the curve in a fast-paced, innovative environment that encourages exploration of new security technologies and methodologies.
Directly influence product security: Work closely with development teams to integrate security best practices throughout the software development lifecycle.
Make your mark: Leave a lasting impact on Laravel's security posture and contribute to building a more secure future for our customers.

Requirements

5+ years of experience from similar roles, preferably working closely with large scale production systems.
Strong knowledge of AWS and potentially other cloud providers from a security perspective.

Preferably, you have worked in large AWS environments, dealing with customer data in multi-account setups spread across multiple regions.
It would be a plus if you held a AWS Security certification.

Working knowledge of Kubernetes (K8s) and container orchestration as a whole.

Preferably, you have experience working with large clusters with customer data.

Strong understanding of cloud security best practices, particularly within AWS, including IAM, cross-account networking, and Kubernetes.
Hands-on experience with security tooling and technologies for vulnerability scanning, intrusion detection, and threat intelligence.
Familiarity with security incident response and handling procedures.
Knowledge of common security and compliance standards and frameworks such as SOC 2, ISO 27001 and OWASP.
A passion for security and a proactive approach to identifying and mitigating risks.
Being comfortable in a fast paced, evolving and all-remote environment.

In addition to the above list, the perfect candidate would also have experience operating within an open source environment - as well as hands on experience with PHP or Laravel specifically. Experience working with bug bounty programs would also be beneficial.

Benefits

Small tight-knit team where every team member counts
Fully remote and globally distributed working environment
Health care plan (Medical, Dental & Vision)
Paid time off (Vacation, Sick & Public holidays)
Family leave (Maternity, Paternity)
Pension plans (As locally applicable)
Performance based bonus plan
Company equity

Remote Scouter

Security Engineering at Laravel

More Similar Roles...

Want more remote roles like this one sent to you?