GuardRails is looking for a full-time AppSec Engineer with a focus on cloud security. GuardRails is supporting a rapidly growing number of developers all over the world and you will play an important role in ensuring that we have the best cloud security analysis capabilities in the industry.

About you

You love finding vulnerabilities and misconfiguration for cloud environments. You understand from experience that Infrastructure as Code (IaC) is a great opportunity to secure cloud environments, but that configuration drift and lack of coverage are an issue to overcome. As such you are excited to apply your knowledge to many IaC languages, while ensuring that the actual cloud configuration is covered as well. The thought of writing excellent security rules that identify vulnerabilities, identify whether security controls are in place and creating auto-fixes to eliminate these issues fills you with joy and you can’t wait to scale your knowledge to help millions of developers and cloud users around the world.

You will be adding support for many different IaC tools and cloud providers, tuning existing rules, improving their accuracy, and of course creating new rules. You are excited by the fact that you can release advisories for issues you identify and share your expertise in blog posts and technical conferences. In fact you are probably already doing this.

You are an incredibly motivated, highly experienced, and organized hacker who loves applying your skills constructively. You are happy to work in a startup environment and wear all the hats that you need to in order to get things done. While you are happy to contribute individually, being part of a growing team of world class security researchers and engineers is a big plus for you.

Your experience and skills

  • You are fluent in at least one programming language and are a builder at heart.
  • You know all about cloud related security vulnerabilities including Docker, Kubernetes, and cloud configuration.
  • You can set up a Kubernetes cluster in your sleep.
  • You are self-motivated, organized, creative, respectful, with a high level of integrity and ethics.
  • You have a strong command of the English language.

You pretty much have the job if

  • You are an expert in writing rules with semgrep or other frameworks (e.g tfsec, etc).
  • You have previously helped organizations secure their cloud posture at scale.

How you'll make an impact

Best of breed cloud security capabilities:

  • Action: Add engines that can help identify vulnerabilities in different cloud providers and IaC technologies.
    Outcome: GuardRails supports an increasing number of cloud providers and IaC technologies.
  • Action: Create opinionated scanning profiles while also ensuring that scanning can be completely customized.
    Outcome: Very good baseline scans, and flexibility to support any other use-case for cloud scanning.
  • Action: Tuning of false positive detection.
    Outcome: Improved user satisfaction and decreased number of vulnerabilities marked as false positives.

Next generation security:

  • Action: Work with the runtime security team to correlate cloud and runtime issues reliably.
    Outcome: Ability to link vulnerabilities between cloud config and runtime.
  • Action: Share your knowledge with our growing data science team.
    Outcome: Data science team is empowered and can leverage security knowledge to build models.
  • Action: Classification of vulnerability data set providing a highly accurate learning environment for A.I.
    Outcome: Improved A.I. models for better detection, with higher accuracy.
  • Action: Codify fixes using OpenRewrite or other frameworks.
    Outcome: Ability to fix issues automatically at scale.

Recognized Thought Leadership:

  • Action: Maintain, update and add to the GuardRails documentation for your focus area.
    Outcome: Decreased time from detection of vulnerabilities to them being fixed.
  • Action: Create blog posts, advisories and content for the GuardRails blog.
    Outcome: Demonstrating thought leadership to the public, increasing inbound leads.
  • Action: Speak at conferences and relevant events (online/offline).
    Outcome: Demonstrating thought leadership to the public, increasing inbound leads.

Benefits of Working with Us

  • Fully Remote Organization, with flexible work hours, we are outcome-focused.
  • High impact environment, ability to make a difference. You are not just a number.
  • Employee Stock Option Program.
  • Mac laptop and external monitor.
  • Remote-friendly tool allowance.
  • Health insurance.
  • Gym allowance, Internet allowance, Educational allowance.

More About GuardRails

GuardRails, an end-to-end application security platform, empowers modern development teams to uncover critical vulnerabilities in their applications and rectify them before attackers abuse them.

Software is transforming the world, and we’re ensuring that businesses can make that change securely. Join our engineering team and help us deliver security to development teams globally.

Join a fast-growing cybersecurity company with an experienced founding team, flagship clients who love us, and technology that is quickly becoming the go-to choice for development and security teams.