At ThreatMark we build trust and safety in the digital world through state-of-the-art behavioral profiling solutions supported by an AI-based security platform. Our products deliver payment protection, ensure user identity, and detect cyber threats for businesses around the world. We’re detecting when a customer’s behavior seems out of character, blocking fraud in real-time – helping organizations outsmart criminals.

We’ve had consecutive years of outstanding growth and commercial success, and our team is enthusiastic, dynamic, and ambitious. Our mission is to make ThreatMark’s technology the No.1 risk management system globally.

We have recently secured a new round of funding, and we are currently in a phase of rapid growth, investing heavily into the product – improving the architecture, adding multi-tenancy, increasing automation etc.

As we grow into more world regions, we are expected to have some security certifications (like SOC2). We also feel more and more responsibility to ensure the safety of our clients’ data.

We are looking for a DevSecOps Engineer – a real tech guy who understands security principles as well as the DevOps mindset of IaaC and others.

• Do you love cybersecurity?
• Do you know what trap-door function is in cryptography?
• Can you write a simple payload to exploit strcpy to take over the function return value and subsequently take over the EIP register?
• Do you know how pass-the-hash or arp spoof work?
• Do you know what is the difference between DMARC, DKIM and SPF?
  If you answered yes at least once, you are very likely our guy!
  Of course, these are not things we deal with daily 😊

Some example challenges:
• Setup software update & vulnerability management pipelines (docker images, automatically built VMs…)
• Formulate security principles and best practices which, when followed by the rest of the engineering team, will ensure compliance with regulations and real trust in internal security
• Build central log aggregation infrastructure with automated alerting on security events
Do you feel excited thinking about how to deal with such problems?

What you’ll do:
• Design/Implement infrastructure while keeping key security principles in mind
• Provide security feedback on product and code in all stages of the development lifecycle
• Design/Implement automated pipelines
• Help other developers mitigate findings found by external pentesters
• Mentor the rest of the development team on security principles

What skills you’ll need:
We expect you to have those or to rapidly acquire them

• Security
• Web security (vulnerabilities like XSS, CSRF, SQLi, and dozens more)
• Authentication protocols (OAuth, OpenID Connect,…)
• Security of open source (e.g. supply chain attacks on pip or npm)
• Basics of cryptography
• Development and DevOps
• DevOps mindset – e.g., “cattle over pet mindset,” Infrastructure As A Code, Immutable infrastructure, Chaos engineering, etc
• Cloud engineering (AWS)
• Software architecture – architecture types, characteristics, understanding fallacies of distributed computing etc
• Programming (anything Turing complete, but mostly Python)
• Computer science skills (algorithms and structures, complexity, information theory, etc.) at the university level (we care about the skills, not the degree)
• Strong debugging, testing, tuning, and problem-solving skills
• Knowledge of the IT world – Linux, operating systems, network protocols etc

What would make you a strong fit:

• 3+ years of professional software development experience
• (correlation between time spend coding and coding levels are not very strong, but they exist)
• Demonstrable track record of exceptional software engineering skills on past projects
• Experience doing penetration tests, white-hat hacking, doing audits etc.
• Strong communication & collaboration skills
• Self-starter with a quick learning curve.