At Netflix we produce, distribute, and stream content at a massive scale. Thousands of services work in tandem to bring content from the minds of our creative partners to the devices where members enjoy that content.
The Appsec Engineering team's mission and charter is to scale security in our engineering ecosystem at Netflix. We invest in building tools to both deeply understand our ecosystem, understand risk factors, and provide developers with appropriate contextual and actionable guidance that will meaningfully reduce security risk for software they create. Our team's systems serve thousands of developers and applications, so we focus on automated and scalable approaches and seek to eliminate bug classes and make default configurations secure.
We're currently looking for an engineer on our Asset Inventory product! We built Netflix's Asset Inventory to understand our unique developer ecosystem and its security risks, and scale our approach to security. Our main customers are our own infosec teams and Netflix engineers who need to understand security risk at scale to make important decisions.
• A software engineer, comfortable writing reliable software in Python or Node (and willing to learn to use the other)
• Comfortable managing database schemas and writing complex SQL queries
• Intensely curious about how systems operate and fail both in small and large-scale systems
• Confident in taking ownership of engineering solutions you architect and build
• Thoughtful, and able to balance short term engineering tradeoffs with long term investments
• Interested and experienced in drawing connections between minutiae of implementation details and emergent system behavior
• Comfortable leading complex engineering projects
• A clear and effective communicator
• Energized by a diverse and constantly evolving environment and delivering innovative solutions to security challenges
• Dedicated to improving systems around you - you leave code better than you found it
• Excited about opportunities to learn new skills
• In-depth knowledge of postgres is a plus!
Netflix's culture is different from other companies and this influences our approach to security:
• Impact: the Netflix Security team seeks to identify security risks that are most relevant in our environment and create innovative solutions to address them
• Context not Control: We encourage independent decision-making by employees. Service developers own every aspect of their application - including security. We are responsible to provide the right context to product engineers to help them make the best decisions about their applications' security.
For more information about Application Security at Netflix see these resources:
• Scott Behrens and Shannon Morrison's talk (QCon) about quantifying risk at scale using asset inventory (slides)
• Aladdin Almubayed's 2019 BlackHat talk about how we approach third-party vulnerability management.
• Astha Singhal's Netflix Tech Blog post about how we scale application security at Netflix.
• Bryan Payne's blog post about how we practice security effectively in a culture that aims to avoid security gates and unnecessary processes.
• The Netflix Security YouTube Channel contains videos from talks Netflixers have given about various security topics.
Jobcode: Reference SBJ-r1p270-3-237-16-210-42 in your application.