Balena is a highly distributed company that has embraced a remote-first approach since 2013. We are a group of individuals from across the globe working together to achieve our mission: “reduce friction for fleet owners and unlock the power of physical computing”. For us, this means removing the barriers to entry for developing IoT products, whether that’s easing software deployments with balenaCloud, simplifying image flashing with balenaEtcher, or offering our own hardware based on our experience seeing thousands of devices running in production. We are developing an end-to-end solution that makes it easy for developers to build applications at the Edge.
- We place trust and autonomy in our team to own the outcome of their work.
- We practice radical candor and transparency with open, honest, and clear communications.
- We embrace first-principles thinking and constantly challenge our assumptions.
- We organize ourselves based on the best use of our collective abilities to solve our highest priority problems at any given time, rather than by a strict hierarchy.
- We’re not afraid to fail as long as we learn from our mistakes.
- We’re always looking for common patterns that allow us to reduce complexity.
- We embrace short-term pain for long-term gain, building products that will stand the test of time.
Our users trust us to provide critical infrastructure for their distributed IoT fleets, and we work hard to protect them and their devices. Our “security stack” spans from the bootloader and OS on-device, to the network and security infrastructure of our backend, to the operational security of our team. At balena, security is a team effort.
As a Security Engineer, you will be embedded within our engineering org. You will research, code, diagnose and fix issues, hack things, build features, and enable others to self-serve, automate their work, and solve complex challenges in an ever-evolving threat landscape. As you develop a deeper understanding of our systems and expand your influence within the team, you will lead initiatives to continuously improve software quality internally, reduce security risk and friction, shrink the attack surface, and enhance our security posture to customers.
- Build secure frameworks and libraries, conduct code reviews, and implement features, like automated vulnerability scanning, audit logs, and auth controls
- Enable Devs & Ops to write and run code securely and collaboratively build tools for automated threat detection, testing, monitoring, and incident response
- Support engineers with threat modeling, interpreting scan results, and testing
- Identify, triage, and fix vulnerabilities through code auditing and pentesting
- Map workflows, analyze systems and provide recommendations for hardening our code, APIs, and products and refining our security processes
- Develop security runbooks, document processes, and inform policy updates
- Educate self and others on common architecture flaws, attack patterns, and failure modes in production
- Be a source of advice for peers on support and participate in on-call rotation
- Technical background in software development, operations, or security
- Experience writing secure, high-quality code and debugging production systems
- Conversant with Linux operating system internals and shell scripting
- Ability to both hold the big picture in mind and dive into the weeds
- Ability to manage ambiguity, independently make critical trade-off decisions, and push projects to completion
- Continuous improvement mindset, and desire to make yourself and others more effective
- Excellent verbal and written communication skills, and fluency in English
Prior experience in a security role is not required. If you are a skilled software engineer with a strong interest in security and a desire to help us improve the resilience of our systems and services, we are looking forward to hearing from you!
- Experience in designing and building security solutions and automation
- Familiarity with cloud and container technologies (Docker, Kubernetes, AWS) and SSDLC tooling (e.g. SAST/DAST)
- Awareness of common vulnerabilities (OWASP), attack patterns, and emerging threat actor tactics, techniques, and security procedures
- Knowledge of authentication protocols (e.g. OIDC) and Access Control
- Good understanding of networking (TCP/IP) and higher-level HTTP & TLS protocols
- History of working cross-functionally to build robust systems and products
- Experience with IoT, embedded s/w, dev tools, or balena as a user/contributor
- Contributions to OSS projects and community involvement
Make sure to let us know if any of these items apply to you!
- Work with a talented and globally distributed team
- Equipment of your choice
- Flexible working hours
- Flexible vacation policy
- Annual company gathering in an international location
- We send you hardware for side projects!