Staff Software Engineer - Security Tools & Infrastructure
Posted 1 month ago
Forter is the leader in e-commerce fraud prevention, processing over $200 billion in online commerce transactions and protecting over 750 million consumers globally from credit card fraud, account takeover, identity theft, return abuse, and more.
Forter's fraud prevention platform feeds advanced cyber intelligence from its Global Merchant Network into predictive machine learning models to analyze behaviors, verify identities, and validate transactions without human intervention in real-time.
Of all the solutions on the market, only Forter's Decision as a Service™ provides fully automated, approve or decline, decisions backed by a 100% chargeback guarantee, eliminating the need for rules, scores, and manual reviews. The result is fraud prevention invisible to buyers that empowers merchants with increased approvals, smoother checkouts, and the near elimination of inaccurate decisions.
While we don't process quite as many requests as Google, Twitter, or Facebook, we care a great deal about reliability and latency. Every request we process is important to everyone involved. We can't go down because our customers' businesses depend on us.
At Forter, projects you might work on include:
- Defining meaningful security KPIs, SLOs, and SLAs, and building the systems to measure and publish them across the organization.
- Automated tooling for sensitive (GDPR, CCPA) data discovery, classification, and management
- Continuous application and infrastructure security (SAST, IDS, IPS, DDOS)
- Identity and access management (MFA, Temporary privileges, Secret management)
- Secure analysis of big data (VDI, TEE, DLP, Differential Privacy)
- Applicative encryption frameworks (PKI, Tokenization, Homomorphic Encryption)
- Application security scanning, tracking, and resolution tools
You'll be expected to:
- Design, build, evangelize, and maintain security infrastructure and tools that all Forter's engineering teams will enjoy using.
- Mentor others designing secure applications, providing security requirements during design reviews, and ensuring correct implementations during code reviews.
- Educate and train engineers regarding threat modeling, implementing security fixes, encryption, networking, and data protection.
- Perform quarterly risk assessments and prepare recommendations for how to invest security resources.
- Work very well cross-functionally, think rigorously, and make hard decisions despite tradeoffs.
- Work in brownfield environments, imagining the next evolution of legacy systems alongside new ones.
Stuff we need you to have:
- 12+ years developing complex software projects (Python / Ruby / Go / NodeJS / etc.)
- 5+ years working with infrastructure as code tools (Cloudformation / Terraform / Pulumi)
- Extensive experience working with public clouds (AWS / GCP / Azure)
- Extensive knowledge of every layer of the stack (Hardware / OS / Network / Application / Database / Storage / etc.)
- Extensive experience with threat modeling, performing security audits, penetration testing, and SAST tools.
- Extensive experience with certifications, privacy laws, and compliance programs such as PCI-DSS, SOC II, ISO27001, and GDPR.
- Hold yourself and others to a high bar when working with production
- Fluent written and spoken English, excellent listening, and presentation skills.
We would especially love to hear if you:
- Contributed significantly to any open-source application security tooling.
- Have production experience with CNCF technologies like Kubernetes, Istio, Prometheus, Vault, Consul, etc.
- Have experience developing multi-cloud SAAS platforms.
What it’s like to work at Forter:
We believe DevOps is not a job title. It is a culture.
Each team at Forter owns and maintains the performance, availability, security, and privacy of their systems, databases, and applications. Teams perform backups, manage capacity, fix security vulnerabilities, and perform required upgrades (OS, libs, etc.). They also participate in on-call rotations to handle outages and incident response.
We believe that head-count is a vanity metric. More doesn't necessarily mean better and people matter! We prefer smaller teams of talented and cohesive teams over more working hands.
We believe in continuously increasing the IQ and EQ of our teams by building an organization that will draw such people to us. We care immensely about how the team works together, and we're not scared of hard conversations. The friction of opinions or business constraints is something we need to deal with when trying to make an impact.
We don't have QA, architects, or a CTO team. We have neither a NOC nor a SOC team. Our teams are part of the system that we build, so we optimize the processes and tools to fit them. Most of our teams have a generalist-mindset, but our vast system allows people to develop expertise in the areas about which they are most passionate.
Join us in building a better version of Forter rather than a smaller version of a large company.
If you're up for the challenge, please submit your CV.
At Forter, we believe unique people create unique ideas, and valuable experience comes in many forms. So, even if your background doesn't match everything we have listed in the job description, we still encourage you to apply and tell us why your skills and values will be an asset to us. By welcoming different perspectives, we grow together as humans and as a company.