1-3 years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Job Category:
Software Security Engineer
(This job is no longer available)
Heroku | San Francisco, CA
Grad Date

Not sure what types of jobs you are interested in?

Explore Jobs
Based on Your Education

Follow This Company

Job Description

Heroku's security team is responsible for the overall security of the Heroku platform and our infrastructure, as well as for compliance with established security policies. We're looking for dedicated security engineers who understand platforms and their unique security challenges.

The primary focus of this role is the security of our products and features, with a strong initial emphasis on automating core team functions and developing self-service tools for our engineers. As you progress in this role and acquire security knowledge, you'll also be responsible for providing our engineers with expert advice through every stage of the secure development life cycle. You'll research and participate in designing secure platform architecture. You'll guide best practices on features under development, and you'll perform assessments of features once they're completed.

If you're the right person for this job, you have deep empathy for your fellow engineer. You have at least two years of development experience, and you're excited to delve into application security. You're excited to build your own security skills and learn how to facilitate better security practices in others. No experience in application or product security is required, although passing familiarity with resources such as OWASP will be helpful in hitting the ground running.

Key responsibilities:
Develop tooling to be used by our engineers for self-servicing of security needs Automate common team internal tasks Contribute across multiple engineering teams on security features Research solutions and provide guidance to other engineering teams working in a variety of programming languages throughout the software development life cycle Bring emerging security technologies to development teams and help to integrate with existing systems Constantly question existing security practices and routines, and update, replace or automate them.

Key competencies:

Web application development across multiple server-side languages and frameworks Scripting skills (our primary languages are Ruby and Go, but we'll happily speak to candidates with other language backgrounds) Enthusiastic and quick learning of complex and incompletely documented systems Able to work collaboratively across diverse engineering teams and products to meet organizational security goals Able to quickly understand and effectively analyze someone else's code


The strongest candidates will have worked with some of these technologies, and excited to learn the rest:
Amazon Web Services - EC2, S3, EBS, ELB, etc. Languages - one or more of: Ruby, Go, Python, JavaScript, Java, Shell Databases - PostgreSQL and/or NoSQL Databases such as Redis Logging - Splunk, AWS Kinesis, ElasticSearch, Syslog Security Tools - Burp, Nessus, nmap


Heroku is headquartered in San Francisco, California. Due to the training nature of this role, we're seeking a candidate who will be able to work with us here for six months to one year. The security team is fully distributed and this position can convert to 100% remote after the candidate has ramped up on security fundamentals.