Sr. Software Engineer (security) - Portugal

About the Role

We are looking for a Senior Software Engineer to focus on security. As an integral member of the engineering team, you will participate in further securing our investment and financial products. Our customers trust us with a lot: integrating seamlessly across financial institutions, moving funds, tracking balances, helping with their healthcare decisions, and critically: keeping their data secure. In order to take on this mission we’re building our applications on modern web technologies around HTML/CSS/Javascript/React, Node.js/Typescript and PostgreSQL.

We're looking for an engineer who will focus on cryptography & hashing, access control patterns (ACLs, SSO, etc), adding additional SAST/DAST tests, monitoring for and patching new vulnerabilities, proactively seeking out existing vulnerabilities or antipatterns, participating in incident postmortems and RCAs, mentoring the rest of the engineering team on infosec best practices, reviewing high-risk changes to the codebase, and other infosec tasks. You'll work closely with the Head of Security and other team leads on large and small projects aimed at further improving the security of our web application.

Even though this position is based in Portugal, you will be working closely with US-based employees. You must be fluent in both written and spoken English.

Responsibilities

• Work to ensure Lively is constantly utilizing the most recent standards, tools, and tech to ensure proper defense in depth.
• Help the product and engineering org discover and mitigate information security risks for new products and features.
• Work with the Head of Security to further refine infosec policies and their controls.
• Identify and lead the secure design and implementation of new security initiatives and improvements to the existing web application.
• Opt for buy-in and understanding from stakeholders and teams when making decisions to help foster our open door approach to infosec.
• Help ensure our application is free of vulnerabilities by keeping third party dependencies patched.
• Help identify, investigate, and mitigate security incidents involving our web application.
• Assist with security incident postmortems and root cause analysis.
• Identify and model new and existing threats to our web application.
• Security mentorship and outreach to internal development teams.
• Review high-risk changes to the web application.
• Occasionally answer web application security questions from partners, auditors, and customers.
• Implement features and functionality with clean and maintainable code.
• Take pride in software quality through rigorous functional testing and writing automated unit tests.
• Troubleshoot production issues, provide resolutions and recommendations for improvement.

Skills & Experience

• 5+ years of experience working with information security and web applications (Node preferred).
• Bachelor's degree in computer science, or equivalent.
• Fluent in both written and spoken English, with strong communication skills.
• Experience and proficiency with information security frameworks and approaches like CIS and NIST.
• Familiarity with PKI, encryption, mutual TLS, cipher suites, and other network- and disk-level data protection protocols, tools, and configurations.
• Experience performing software security reviews and implementing security solutions at the business division level.
• Experience with application security best practices and familiarity with common vulnerabilities (e.g., SQLi, SSRF, race conditions, access controls, privilege escalations, etc.)
• Experience working in regulated industries which have various security controls implemented including strict change management is a plus.
• Strong knowledge in software design and familiarity with design patterns.
• Experienced with TypeScript, Javascript, and Node.js.
• Strong fundamental understanding of relational DataBase (Postgresql, Mysql).
• Strong debugging skills and not afraid of getting hands dirty in other areas.
• Strong product delivery records.
• Experience with Agile/Scrum development methodology.
• Proven experience on building backend services with high availability and scalability requirements.
• Someone who isn't afraid of responsibility, a good sense of humor and a down-to-earth personality.

This position is based in Portugal, and candidates are not eligible for the benefits or requirements below.