Description:

Laravel is seeking its first Security Engineer to join a fully-remote engineering team.
The mission is to enhance the experience of developers globally by building beautiful software products and a solid infrastructure foundation.
The role involves working end-to-end on products while keeping users at the forefront of development.
The ideal candidate should be pragmatic, a team player, and capable of implementing best practices as well as custom solutions.
The Security Engineer will work directly with the Director of Engineering to secure the entire Laravel product portfolio.
The position requires independent work as the sole security engineer initially, with high expectations and potential for personal and professional growth.
Responsibilities include securing AWS-based infrastructure primarily run with Kubernetes and improving the security posture of various SaaS applications.
Familiarity with information security compliance frameworks such as SOC 2 and ISO 27001 is preferred due to the company's compliance journey.
The role involves collaboration with global teams, necessitating some flexibility in working hours.

Be the pioneer: Shape the company's security program from the ground up as the first dedicated security engineer.
Global impact: Collaborate with engineering teams worldwide to enhance product and infrastructure security, protecting millions of users.
Deep dive into AWS: Address challenging security issues within AWS environments, including IAM, cross-account networking, and Kubernetes.
Compliance champion: Maintain and improve compliance with industry standards like SOC 2 and ISO 27001.
Autonomy and ownership: Drive security initiatives and own projects while collaborating with a supportive global team.
Continuous learning: Explore new security technologies and methodologies in a fast-paced, innovative environment.
Directly influence product security: Integrate security best practices throughout the software development lifecycle with development teams.
Make your mark: Contribute to building a more secure future for Laravel's customers.

Requirements:

Candidates must have 5+ years of experience in similar roles, preferably with large-scale production systems.
A strong knowledge of AWS and potentially other cloud providers from a security perspective is required.
Experience in large AWS environments dealing with customer data in multi-account setups across multiple regions is preferred.
Holding an AWS Security certification would be a plus.
A working knowledge of Kubernetes (K8s) and container orchestration is necessary.
Experience with large clusters containing customer data is preferred.
A strong understanding of cloud security best practices, particularly within AWS, including IAM, cross-account networking, and Kubernetes is essential.
Hands-on experience with security tooling and technologies for vulnerability scanning, intrusion detection, and threat intelligence is required.
Familiarity with security incident response and handling procedures is necessary.
Knowledge of common security and compliance standards and frameworks such as SOC 2, ISO 27001, and OWASP is required.
A passion for security and a proactive approach to identifying and mitigating risks is essential.
Candidates should be comfortable in a fast-paced, evolving, and all-remote environment.
Experience operating within an open source environment and hands-on experience with PHP or Laravel is preferred.
Experience working with bug bounty programs would be beneficial.

Join a small, tight-knit team where every team member counts.
Enjoy a fully remote and globally distributed working environment.
Benefit from a health care plan that includes Medical, Dental, and Vision coverage.
Receive paid time off for vacation, sick days, and public holidays.
Access to family leave for maternity and paternity.
Participate in pension plans as locally applicable.
Benefit from a performance-based bonus plan.
Gain company equity as part of the compensation package.