Update software-engineer-security.md #113
Conversation
| - Published blog posts and/or tech talks about your work. | ||
| - Experience working on high-performing teams, preferably tech startups. | ||
| - Experience improving the security posture of a small team, and helping that team carry the baton themselves. | ||
| - Experience working in an ops environment. |
There was a problem hiding this comment.
I'm trying to indicate that the ideal security candidate can experience managing infrastructure. Now that I've stepped away from it a better point could be:
Experience managing and securing infrastructure
| - Ability to understand, debug, and write Go and TypeScript to fix security issues. | ||
| - Ability to secure cloud applications that use our tech stack: Kuberentes, Docker, Google Cloud Platform. | ||
| - Ability to secure cloud applications that use our tech stack: Kubernetes, Docker, Google Cloud Platform. | ||
| - Ability to define, plan, and prioritize security work that needs to be done (and then go do that work). |
There was a problem hiding this comment.
I think some of these should actually be moved to responsibilities (my thinking on how to write JDs has changed since I wrote this). For example this line seems to duplicate Identify what our security needs are and develop a roadmap to improve and ensure the security of our product..
| @@ -2,28 +2,31 @@ | |||
|
|
|||
| # Software Engineer - Security | |||
|
|
|||
| We are looking for an engineer who specializes in security to help us proactively secure our product. This includes the security of Sourcegraph Cloud as well as making it easy for our customers to secure their own private Sourcegraph instances that they deploy on-premise. You will be one of the first security hires at Sourcegraph and will have the opportunity to build a world-class security culture and team from the ground up. | |||
| We are looking for an engineer who is passionate about security, and wants to proactively secure our product and our customers. You will help our customers secure their on-premise versions of Sourcegraph, and contribute to the security of our product and Sourcegraph cloud. You will be one of the early security hires at Sourcegraph, helping to build a world-class security team, where everyone contributes, from writing code to running vulnerability scans. | |||
There was a problem hiding this comment.
I am a bit worried that the first two sentences awkwardly have two "ands." Can you think of a way to avoid this without losing the meaning?
There was a problem hiding this comment.
I struggled with that - a lot. The best version I hit on is below, but I'd love something more clean. The first sentence is particularly troublesome.
We are looking for an engineer who is passionate about security, wanting to proactively secure our product and our customers. You will help our customers secure their on-premise versions of Sourcegraph, while contributing to the security of our product and Sourcegraph cloud.
|
I pushed a commit that defers more info to the handbook. What do you think? If you think something is missing around responsibilities or expectations, then let's flesh that out in the handbook. I also updated the security specific application questions. |
Updated the JD. Changed the language to be a bit more security focused, while highlighting that we code.