RECUR needs a hands-on application security engineer to help architect and build security into our NFT platform and applications from the ground up. We are looking for someone that has deep and broad knowledge of how to secure and protect cloud platforms, web applications, and data. We are at a foundational stage and it is important that we have a security first mindset in order to protect our business and our customers. What do we at RECUR believe makes a great engineering team?

Here are our core beliefs:

It’s important to have team members that care about the team’s results more than their own individual achievements

It’s important for leadership to be tolerant of making mistakes

It’s important that the team members help, teach, and mentor one another

It’s important not to place blame on individuals when things go bad but instead to evaluate as a team how we do it better the next time

It’s important to be clear on what that mission is and minimize the distractions on the teams executing on that mission

Small teams execute better than big ones, empower small teams with ownership and minimize the dependencies between them

It’s important to encourage self-directed innovation

What you will do at RECUR

Identify security weaknesses in our software and platform

Build plans to improve our security posture and then implement them

Continually educate our team on how to build secure internet platforms

Be our security expert, be on top of the latest vulnerabilities, and manage our security backlog

Be a key member of our incident response team; perform forensics analysis

Review software designs to identify potential security holes and suggest improvements

Setup and run our whitehat bug bounty program

Build or integrate 3rd party solutions to solve various security problems such as: monitoring, code scanning, access control, intrusion detection, ATO prevention

Program solutions to security problems in a language like Python or Go.

What you bring to RECUR

You have 10+ years of experience developing software, more recently with a specialty in cyber security

You have a strong understanding of the OWASP top ten and how to mitigate or eliminate these and other vulnerabilities

You have threat modeling experience, and ability to develop threat modeling processes and threat scenarios to inform risk mitigation and secure development and deployment controls.

You have hands-on experience with AWS and its bevy of services including WAF, CloudFront, API Gateway, Cloudwatch/CloudTrail, Route53, IAM Service Boundary, SCP, Shield or alternative solutions provided by Cloudflare or other vendors

You are a software engineer, and have advanced level programming capability in higher level languages such as Java, Python, Go, or JavaScript

You have built and maintained internet applications in domains such as payments, trading, banking or eCommerce where keeping customer’s information and money safe is paramount

Familiarity with modern software delivery practices (containers, blue/green deployments, CI/CD)

You are familiar with architecting systems with appropriate controls, governance and documentation to achieve SOC2 attestation.

Certifications such as CSSLP are interesting to us but not required

You are a legally eligible to work in the USA or Canada

Benefits & Perks

Commitment to being a remote-first company

Company sponsored Health, Dental and Vision Benefits

401k with no waiting period for vesting

3 weeks paid vacation and 10 paid company holidays

Industry focused lunch and learns

Company swag

Flexibility to get the tooling you need to do your best work

The chance to work with incredibly passionate people on a mission to shape an industry!

This is a completely remote role and can work anywhere in the US or Canada.

Salary and compensation

$80,000 — $130,000/year