Job Description

Thousands of software engineers leverage Mergify to automate their workflow — and this number is increasing every day. That means thousands of people trust us to deliver a fast, reliable, and secure experience, and we value this more than anything.

We want to keep earning trust, while also continuing to amaze our users with the workflow they can build with Mergify. This is where you come in — to help us forge a performant and reliable path forward to the future we envision.

That’s why you’ll be in charge of Mergify security policies from their definition to their application. You’ll work closely with our CTO to define and apply security best practices.

Roles

You will:

• Develop, maintain and improve security tools
• Manage the discovery, analysis, tracking, and remediation of vulnerabilities across multiple intakes
• Audit and maintain systems related vulnerability management programs
• Track metrics of remediation efforts with the engineering team
• Manage and automate Mergify vulnerability management program
• Work to harden workstations, services, and networks
• Assist in responding to security incidents on Mergify’s IT infrastructure
• Collaborate with other Mergify teams in the development and implementation of new security policies, standards, and procedures
• Be a security subject matter expert within the Mergify team
• Automate and continuously improve compliance programs and controls
• Design and contribute to mitigation strategies and compensating controls
• Share data and educate engineering team members on your programs
• Exercise risk-based judgment to help teams make the right security calls
• Build security tools and systems to solve capability challenges
• Evaluate the impact to the organization of current security trends, advisories, publications, and academic research
• Perform technical vulnerability/risk/threat assessments

What’s it like to work at Mergify?

What does our tech stack look like?

You can read about our tech stack on this page →

Preferred Experience

• You have a proven track record in security program management, including vulnerability management programs
• You have production experience with cloud platforms, and are comfortable using security tools in these environments
• You can speak to the technical and business impacts of a vulnerability or bug
• You handle infrastructure with code because automation lets you focus on the more difficult and rewarding problems
• You want to work in a fast, high-growth startup environment

Bonus Points

• Familiar with:
• Authentication and Authorization concepts
• Design patterns, repeatable guidance, and policy
• Basic cryptography and key management
• Development of security services/tools
• Network and host monitoring
• Linux systems administration
• Continuous Integration infrastructure and Source Code Repositories
• Relevant Industry Certification (CISSP, CISA, GCIH)
• Compliance Certification a big plus (ISO 27001 Lead Auditor/Implementer, QSA)
• Your writing is beyond reproach
• You are able to get your message and point across through verbal communication and/or presentations

Why you Should Apply

• Join a bootstrapped startup that grows every year
• Competitive salaries
• Best-in-class benefits
• Fabulous onboarding
• Flexible working hours
• Full-remote team, with regular on-site, in person, meet-ups