Location: Germany. This is a remote role but candidates should be based in Germany and have a residence visa for Europe. 


Language: English is the primary working language at Civic.


Reporting: The Security Engineer will report to the VP of Engineering.


Position overview: We are looking for a Security Engineer with experience working in fast-paced, Agile, distributed teams.


You will be responsible for achieving security by design throughout all stages of product development. You will work collaboratively with team members in Engineering, Product, Operations, among others. 


We require an Engineer who is proactive, flexible, disciplined and communicative. Civic in an environment with an extremely flat hierarchy, where initiative is greatly appreciated, expected and rewarded. You will be influencing the product and architecture of our system in substantial ways.


Responsibilities:

  • Lead and own improvements to system security across the stack
  • Participate in the change management process
  • Identify and address security issues throughout our infrastructure and services
  • Spearhead architecture reviews of developed software applications and technical systems
  • Support configuration, installation, and management of security tools in cloud environments
  • Scale new detection controls in tandem with Civic’s growing footprint
  • Optimize Civic’s incident response program and daily security tasks
  • Design and monitor dashboards/reports on the success and failure of protective controls
  • Create and maintain documentation as it relates to security designs/configurations, processes, and requirements


Requirements:

  • 3+ years in a security-focused engineering role in a production environment
  • 1+ years in application security for web and mobile based applications
  • Strong familiarity with the most recent  OWASP Secure Coding Practices
  • Experience with run-time analysis techniques and penetration testing
  • Experience with static analysis techniques and secure code reviews
  • Experience with offensive security, vulnerability discovery, & modern vulnerabilitys
  • A deep understanding of security, from the application layer to the cloud
  • Familiarity with the most common Blockchain security exploits.
  • Familiarity with Cloud services, AWS in particular,the security features they provide, and the security risks they present.
  • Comfort and skill in a remote-working environment


Our Tech Stack:

  • Javascript (ES6+), Typescript
  • Kotlin, Swift
  • React Native, Redux, Rx
  • Node.js
  • Serverless: AWS Lambda, API Gateway, Kinesis, DynamoDB etc.
  • Blockchain: Ethereum (Solidity), Solana (Rust)
  • Docker & Kubernetes