GuardRails is looking for a full-time AppSec Engineer with a focus on open source security (OSS). GuardRails is supporting a rapidly growing number of developers all over the world and you will play an important role in ensuring that we have the best open source security (OSS) capabilities in the industry.

About You

As an Appsec Engineer with a focus on open source security (OSS), you play a pivotal role in ensuring that we have the best software composition analysis capabilities in the industry. You love finding meaningful ways to show all the risks of open source software, including licenses, project health, known vulnerabilities, and other aspects. You are excited to apply your knowledge to many different programming languages and ecosystems. You know that by providing clarity about third party dependencies and improving the way teams select and consume them is the best way to scale knowledge and help millions of developers around the world.

As the AppSec Engineer - OSS you are keen on improving the way GuardRails identifies risk in open source projects and containers, and how this information can be shown in a relevant high signal fashion. You are excited by the fact that you can collaborate with other open source initiatives and projects and help bring the industry closer to a universally accepted risk score. You understand the importance of the work you are doing and will proudly share your research in blog posts and technical conferences. In fact you are probably already doing this.

You are a motivated, experienced, and organized OSS researcher who has already had experience solving this problem in a previous role. You are happy to work in a startup environment and wear all the hats that you need to in order to get things done.

Your Experience and Skills

  • You are fluent in at least one programming language and are a builder at heart
  • You bring knowledge and experience in package management ecosystems
  • You are self-motivated, organized, creative, respectful, with a high level of integrity and ethics
  • You have a strong command of the English language

    You Pretty Much Have the Job If

    • You have written a client to pull data from different open source vulnerability databases
    • Have written a crawler or similar to get threat intel from CVE sites

    How You’ll Make an Impact

    Best of breed OSS capabilities:

    • Action: Add engines/functionality that can help identify known vulnerabilities, license risk and other relevant open source project insights in different programming languages, and ecosystems.
      Outcome: GuardRails supports an increasing number of programming languages/ecosystems including containers.
    • Action: Improve our internal vulnerability database to ensure highly accurate and up-to-date data
      Outcome: Providing excellent and accurate information to our users.
    • Action: Tuning of false positive detection.
      Outcome: Improved user satisfaction and decreased number of vulnerabilities marked as false positives.

    Next generation security:

    • Action: Share your knowledge with our growing data science team.
      Outcome: Data science team is empowered and can leverage security knowledge to build models.
    • Action: Classification of vulnerability data set providing a highly accurate learning environment for A.I.
      Outcome: Improved A.I. models for better detection, with higher accuracy.
    • Action: Improve our ability to provide auto-fixes for library updates
      Outcome: Ability to update to non-vulnerable dependencies automatically at scale.

    Recognized Thought Leadership:

    • Action: Maintain, update and add to the GuardRails documentation for your focus area.
      Outcome: Decreased time from detection of vulnerabilities to them being fixed.
    • Action: Create blog posts, advisories and content for the GuardRails blog.
      Outcome: Demonstrating thought leadership to the public, increasing inbound leads.
    • Action: Speak at conferences and relevant events (online/offline).
      Outcome: Demonstrating thought leadership to the public, increasing inbound leads.

    Benefits of Working with Us

    • Fully Remote Organization, with flexible work hours, we are outcome-focused.
    • High impact environment, ability to make a difference. You are not just a number.
    • Employee Stock Option Program.
    • Mac laptop and external monitor.
    • Remote-friendly tool allowance.
    • Health insurance.
    • Gym allowance, Internet allowance, Educational allowance.

    More About GuardRails

    GuardRails, an end-to-end application security platform, empowers modern development teams to uncover critical vulnerabilities in their applications and rectify them before attackers abuse them.

    Software is transforming the world, and we’re ensuring that businesses can make that change securely. Join our engineering team and help us deliver security to development teams globally.

    Join a fast-growing cybersecurity company with an experienced founding team, flagship clients who love us, and technology that is quickly becoming the go-to choice for development and security teams.