Application Security Engineer

Full Time
San Francisco, CA
Areas of Interest: Software Assurance and Security Engineering, Test and Evaluation
report a problem
Overview


 
Join Our Team
Those of us who work for Cloudflare come to work every day knowing we're going to face serious challenges but that our work is important to make the web a better place.
 

At Cloudflare, we have our eyes set on an ambitious goal: to help build a better Internet. Today, Cloudflare runs one of the world’s largest distributed networks that powers more than 1.5 trillion page views each month across 5 million Internet properties. More than 10 percent of all global Internet requests flow through Cloudflare’s network. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code.

Our customers range from Fortune 500 companies and nonprofits to small businesses and budding entrepreneurs. Every day, about 12,000 new customers sign up. We’re working to create a faster, more secure, and more reliable experience for anyone online and given the scale at which we operate, our mission is big. Our team is hard at work shaping the future of the Internet by solving some of its toughest challenges. Come join us.


About the Role
We are looking for experienced Application Security Engineers to help us in our mission to build a better internet. Part engineer, part hacker, you will work in our product security team building and breaking new products and services. 

About the Department
Information Security is divided into 4 areas - Product Security, Infrastructure, Compliance and Threat Intel. The Product Security team works closely with developers and product designers, ensuring that security is baked into every new system or service Cloudflare launches. Where we find weaknesses, we try to break things before bad guys can. Our mission is to help the company launch new services as quickly and as securely as possible. 

Cloudflare’s Engineering Team builds and runs the software that handles about 10% of HTTP requests on the Internet today. We also build and run the internal tools that builds and runs our software. The Engineering Team is split into two groups: one handles product development and the other handles operations. Product development covers both new features and functionality and scaling our existing software to meet the challenges of a massively growing customer base. The operations team handles one of the world’s largest networks with data centers in 110 cities worldwide.


Responsibilities

  • Use penetration testing skills and methodology to hack new applications and services
  • Perform application security design reviews against new products and services
  • Perform code and design reviews of internal products and services.
  • Track and prioritize all security issues you find
  • Build internal security tools that help fix security problems at scale
  • Ability to write code and work to prioritize, fix, and understand vulnerabilities.
  • Champion security in the engineering organization.

Requirements

  • Ability to investigate the impact of security problems.
  • Strong knowledge of web application security issues.
  • Be passionate about information security
  • Ability to recognize application vulnerabilities and exploit them.
  • Familiar with dynamic and static testing techniques
  • Familiarity with fuzzing as a way to find bugs
  • Familiarity with secure coding practices and the OWASP top 10.
  • Working knowledge of cryptography.
  • Excellent communication skills.
  • Ability to be hands on and drive solutions to completion. 

What Makes Us Special
We’re not just a highly ambitious, large-scale technology company. We’re a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet. In 2014, we launched Project Galileo, an initiative through which we partner with global NGOs to identify websites at risk of attack and provide the same state-of-the-art mitigation technology already used by Cloudflare’s enterprise customers--at no cost. Project Galileo equips politically and artistically important organizations and journalists with powerful tools to defend themselves against attacks that would otherwise censor their work.

Additionally, in 2016, we announced our partnership with Path Forward, a nonprofit organization that works with companies to create 18-week positions for mid-career professionals who want to get back to the workplace after taking time off to care for a child, parent, or loved one. With the lofty goal of shaping the future of the Internet, we’re focused on recruiting the best and the brightest, no matter what.

Cloudflare is a security company. A successful background check is required for employment.

Cloudflare hires the best people based on an evaluation of their abilities and effectiveness. We don't discriminate against employees on the basis of any other personal characteristic or any classification protected by federal, state or local law.

Perks
We offer competitive salaries, equity, fantastic health benefits plan, a new laptop, monthly CalTrain / BART pass for commuters and the opportunity to work with a smart, motivated team where you will see your contribution daily. A chance to travel the world, speaking at the best of the best security conferences. Our sunny offices are based in SOMA in San Francisco, CA. 

Most importantly, a chance to be part of a highly motivated extremely fast paced team at the front-lines of infosec.

Sound like somewhere you'd thrive? We'd love to hear from you. Submit your resume and a short paragraph to introduce yourself.

Cloudflare is a security company.  All prospective employees will be subject to an extensive background check.

Cloudflare is an equal opportunity employer and does not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.



Share this job:

Cloudflare, Inc.

Cloudflare is the simplest way to make websites faster, safer and smarter. Millions of websites have signed up for our service, including large enterprises, major consumer destinations, and government agencies. With offices in San Francisco and London, Cloudflare operates a highly-available global network that has security measures built into every layer and regularly clocks in lightning-fast speeds.

We're on a mission to build a better web - and we need smart, talented people to join our team. Our team works on the forefront of leading technologies including nginx, Go and Lua programming languages. We're a strong supporter of the open source community and regularly share our technology learnings at https://blog.cloudflare.com.

Specialties
nginx lua go web performance web security dns network, noc, nocc

 
Visit Cloudflare, Inc.'s Social Media pages:
Company Industry: Information Technology and Services
Company Type: Privately Held
Company Size: 201-500