Sr. Security Engineer (program experience required)
Aha! engineering is a mid-sized, fully remote team. We are centered around North American time zones so we can collaborate during the workday.
Our core values
The Responsive Method: These 8 principles drive how we operate Aha! and serve customers and employees.
Moving quickly: We ship code multiple times a day. We believe in getting new features in front of customers and iteratively improving as we learn what works and what does not.
Product over process: We want our engineers to have the time and focus to solve complex challenges. We aim to minimize the overhead introduced by heavyweight processes and excessive meetings.
Collaboration: We each bring unique experiences and skills to the table. Working together to share that knowledge benefits the entire team and helps us produce the best results for our customers.
Who we're looking for
We believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. We look for strong problem-solving skills and experience working on important functionality for a cloud-based product. We need people who are humble, eager to learn, and always willing to help others learn as well. We want to work with people who enjoy picking up a problem and solving it, regardless of the technologies and techniques involved.
The Aha! security team is part of the engineering team and is product focused. As a Senior Security Engineer focused on our security program, you can expect to spend the majority of your time working with security controls, policies, risk reduction, and customer security questions.
Our security program
Our sole product is the Aha! web application. It is a single-instance, multi-tenant Ruby on Rails application that we run in a dedicated Amazon Web Services environment with multiple layers of security controls.
Our information security management system (ISMS) is ISO 27001 certified to demonstrate our commitment to security to our customers. We undergo annual third-party ISO 27001 audits and third-party application penetration testing with excellent results. We continually improve our security controls to meet and exceed our customer security expectations.
We embrace new technologies that help us deliver a lovable product, but we also remain cognizant of the maintenance overhead that a new technology or platform brings. We solve the problems in front of us rather than prematurely optimizing to address issues that may never materialize.
We do most of our collaboration and planning in Aha! itself, which we find especially rewarding. We also utilize GitHub, Slack, and GoToMeeting for video calls.
What you’ll be doing
We implement and maintain security controls across the entire company with a deep focus on our product. Your work will include:
Operating and improving our security controls implemented as part of our ISO 27001 certification
Performing and reviewing system and vulnerability scans with a focus on application security
Collaborating with business stakeholders to perform risk assessments and treatments
Driving security and privacy initiatives, training, and features to reduce risk
Updating, maintaining, and creating security and privacy policies
Responding to customer security questions and requirements
Preparing for and representing Aha! in external ISO 27001 audits
Participating in security monitoring, incident response, and investigations
If this sounds appealing, we would love to hear from you. A real human reviews every application, so please use the form to help us learn more about you.
We are building a distributed team, and you can work from anywhere in the United States, Canada, or Mexico for this role. We offer generous salary, equity, benefits, and a profit-sharing program. See other openings at Aha!
We are committed to hiring, promoting, and compensating employees based on their qualifications and demonstrated ability to perform job responsibilities. As an equal opportunity employer, Aha! welcomes all employees and applicants, without regard to age, race, color, national origin, physical or mental disability, gender, religion, sexual orientation, gender identity, marital or veteran status, condition of pregnancy, or any other legally protected characteristic.