Stay in Touch

TITLE

 

Software Architect/Principal Engineer - Security

COMPANY

 

Udemy

LOCATION

 

San Francisco, CA, US

Description

Udemy's back-end engineering team develops and supports software frameworks, services, tools, and processes that enable Udemy to support over 24 million students and 35,000 instructors in more than 190 countries globally.  
 
We are looking for a senior software professional with experience in developing secure systems to join us.  As a security expert you will:
 
• Collaborate with other engineers, product managers, and designers, as well as Udemy's information security, legal, operations, and compliance teams to develop, document, and implement processes and tools to keep Udemy's systems, software, and operations secure, while meeting business goals as well as regulatory requirements.
• Help educate and train Udemy's engineering staff on security best practices in software development and technical operations.
• Guide Udemy's development team through compliance and regulatory requirements in an agile, modern fashion.
• Contribute to automating security checks and tests that plug into developer workflows, build pipelines, and continuous integration (CI).
• Manage the reporting and tracking of Udemy application security vulnerabilitiesUnderstand and assess the threat landscape for Udemy, implementing threat intelligence and mapping Udemy's attack surface as needed. • Support reviews of our site initiated by enterprise customers with security concerns.

As an architect/principal you will:

    • Design, develop, test, document, release, and monitor features in back-end services that support Udemy's web and mobile applications.
    • Plan, organize, and get work done in 2-week sprints.
    • Participate in code reviews.
    • Mentor team members in software development best practices and processes.
    • Provide occasional guidance and recommendations to legal and business teams.
    • Lead by example and contribute to a team culture that values quality, robustness, and scalability while fostering innovation.
    • Research and evaluate new technologies that may improve our processes or code bases.
    • At times, function as a technical lead for various projects/tasks. This may involve some project, resource, and deployment planning in addition to software engineering responsibilities.

Qualifications:

    • At least 7 years of professional software development experience.
    • Designing, developing and deploying secure software systems and services.
    • Common software, system, and internet security considerations including: OWASP top 10, data breaches, authentication, common vulnerabilities and threats.
    • Data privacy and compliance frameworks, including GDPR.
    • Knowledge and experience complying with common standards and regulations like ISO27000, SOC2, and SOX.
    • Data encryption standards and technologies.
    • Object-oriented design and computer science fundamentals (data structures, algorithms).
    • Python.
    • RDBMS (e.g. MySQL) and SQL.
    • ORMs (preferably Django, but Rails, or others are OK).
    • Web application technologies including HTTP, HTML, CSS, and JavaScript.
    • Docker.
    • Public cloud (ideally AWS).
    • Linux/unix.
    • Testing methods, including back-end and front-end unit and integration tests
    • As well, you will need the ability to learn, work with, and migrate, existing code bases.

Nice to have:

    • Experience with attack trees.
    • Management of small teamsSingle-sign-on (SSO) systems and tools.
    • Web video standards and technologies.
    • Container security.
    • Working with teams in remote locations (e.g., Ireland, Turkey).
    • Contributing to public open source project(s) and involvement in local technology communities.
    • Teaching online or in other forms

Apply for the job

Subscribe to our blog.


 

Blog & Newsletter Signup