Key skills
TypeScriptGoAITerraformKubernetesPostgresLeadershipPenetration Testing
About this role
Render is building a modern cloud platform for developers creating AI-native applications. The Software Engineer, Security role involves full-stack security ownership, proactive threat assessment, and building internal tooling to enhance security measures for the platform.
Responsibilities:
- Build internal tooling to enable secure access to resources (e.g., wrappers, utilities, authentication services, and proxies)
- Implement detection and monitoring systems that alert the team to high signal vulnerabilities
- Analyze and assess security issues identified through threat modeling, penetration testing, security scans and vulnerability disclosure
- Work with developers on sensitive code paths and educate them on secure design patterns
- Liaise with customers regarding their security and compliance needs, and in return, inform our security program
- Communicate security risks and solutions to technical and non-technical stakeholders as part of company-wide planning and prioritization processes
- Stay up-to-date with the latest security threats, vulnerabilities, and best practices and make recommendations for improvements to our security posture
- Partner with product engineering teams to inform and build thoughtful security features for our customers
- Continually ensure that our systems have appropriate authentication, authorization, and accounting with low internal overhead
Requirements:
- 6+ years of professional experience in software engineering or security
- Experience designing and building secure web applications, tools, and APIs
- Experience with vulnerability review and analysis
- Strong incident leadership and diligent response
- Empathy toward the rest of the team and our customers
- Strong sense of ownership and ability to make pragmatic decisions about your work
- Detection engineering experience through implementation and maintenance of a SIEM
- Experience with any of the technologies the Render product runs on: Go, Typescript, Kubernetes, Postgres, Terraform, Temporal
- Experience with compliance frameworks such as SOC 2, ISO 27001, HIPAA or PCI
- Proven expertise in exploiting common security vulnerabilities, demonstrating practical experience in identifying and leveraging vulnerabilities to assess security posture
- Experience securing applications and systems through threat modelling and risk assessments
- Active participation and contributions to the security community through public research, blogging, presentations, and other means