Staff Software Engineer, Security

Time zone
Anywhere 🌎
Full Time
Opening date
Closing date
3 Aug 2021


This job has now closed and is no longer accepting applications.

See related jobs

Archive Job Description

You may know Gatsby, a wildly popular open-source project that has nearly 50k GitHub stars and a thriving community of more than 3,000 contributors. Beyond open source, we’re also a newly commercializing business, one that helps the professional developer build blazing-fast apps and websites without needing to become a performance expert.

As a remote-first, community-focused team, Gatsby’s core values include:

  • Prioritize the customer
  • Expect excellence, have empathy
  • Take ownership
  • Grow through inclusivity
  • Collaborate by default

Why we’re hiring

Gatsby Cloud is growing fast, and we’re building products that make our user’s projects easier to manage, scale, and improve.

The mission of the Infrastructure squad is to architect, build, operate and enhance the foundations of Gatsby Cloud in the support of product initiatives. The squad strives to impact performance, reliability, security, and scalability.

Why this is interesting

You will be the first security expert working with and facilitating the squad, and thereby all of Engineering to support our security initiatives!

Day-to-day responsibilities

  • Work on our nascent Infrastructure Squad composed of  DevOps / SREs to plan, implement, maintain, and enhance current cloud monitoring and incident response processes and toolsets.
  • Analyze security systems and seek improvements on a continual basis
  • Propose and contribute to proactive security automations aimed at reduction in manual remediation work
  • Establish and maintain security processes tied to critical security and compliance controls
  • Develop best practices and security standards for the organization
  • Help improve our detection capabilities through engineering projects and tooling improvements
  • Foster good security hygiene across all of our squads through risk analysis and prioritized remediation recommendations
  • Be our reference expert for vulnerability identification, validation, and remediation.
  • Set up and maintain our schedules for penetration testing and planning towards security certifications.


  • Expertise in Endpoint Protection Platforms, intrusion detection, firewalls, and content filtering.
  • Knowledge of risk assessment tools, technologies, and methods.
  • Expertise in designing secure networks, systems, and application architectures.
  • Disaster recovery, computer forensic tools, technologies, and methods.
  • Planning, researching, and developing security policies, standards, and procedures at a business-wide level.
  • Google Cloud (cloud platform as a service (PaaS)) security.
  • Automating security testing tools.
  • Experience with offensive security tools

The best parts of this job

  • You’ll be at the cutting edge of website development — working on one of the fastest-growing site building frameworks on the market.
  • You’ll feel a deep sense of ownership. This role will play a key part in shaping our future as we securely scale. We’ll require your expertise about how to improve our infrastructure as our resident expert.
  • An incredible squad to learn from and mentor. From domain experts to talented early-career developers, the Gatsby team is a team that you will be challenged by, and that you will challenge.
  • Challenging technical problems. These include scaling, container orchestration, and running untrusted code at scale. These challenging engineering endeavors and problems are complex, but rewarding and oh-so-energizing.

The worst parts of this job

  • Shifting context. You may necessarily have to shift context, whether it’s due to shifting priorities, a customer opportunity, or the identification of a vulnerability.
  • We’re a really distributed team. The Infrastructure squad, in particular, has contributors from the Pacific time zone to the India standard time zone. We’re passionate about remote work, and strive to create sustainable work schedules for everyone, but this sometimes results in longer feedback loops and the requirement to base communication on written artifacts.
  • We don’t know what we don’t know.  You will be leaned on to suggest improvements to our security practices and paradigms that we acknowledge are in their early stages, all under the pressure that a bad actor could compromise us as we are learning.

Details of the role

  • Type of Work: Full-time
  • Location: Remote (preference for UTC-8 to UTC+4)
  • Engineering Level: Level 6 (see our Engineering Levels Guide)

Benefits and perks

  • Unlimited vacation policy, with a minimum of 15 days paid vacation time
  • Amazing health, dental, and vision insurance for you and your family (US only)
  • 3 months of paid parental leave covering both adoption and foster placement
  • Stock options in a fast-growing startup
  • We are distributed first, so skip the commute
  • Set up costs for a home office OR coworking/private office reimbursement
  • New laptop of your choice
  • WiFi and cell phone reimbursement
  • Fly to cool locations 3x/year for company-wide meetups (once it’s safe to travel again!)

Equal opportunity statement

Gatsby is an equal opportunity employer and we acknowledge and honor the fundamental value and dignity of all individuals. We commit ourselves to creating and maintaining an environment that respects diverse heritages and experiences, and seek applicants of diverse backgrounds and hire without regard to race, color, gender identity, religion, national origin, ancestry, citizenship, physical abilities (or disability), age, sexual orientation, veteran status, or any other characteristic protected by law.

Headhunters and recruitment agencies may not submit resumes/CVs through this website or directly to managers. Gatsby does not accept unsolicited headhunter and agency resumes, and will not pay fees to any third-party agency or company that does not have a signed agreement with Gatsby.

See a few more

Related jobs in Programming

Report this job

    The employer won't know who reported this job. Contact your local law enforcement for immediate help if someone is in danger or the victim of a scam.
    All Job Ads are subject to Jobicy's Job Posting Policies. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by Jobicy. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.

    Job Widget Code

    Place this code wherever you want the widget to appear on your page.

    <script src="//" async></script>

    Ask a Question

    Position: Staff Software Engineer, Security.

    Login to Send Message